1// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
2
3package organizations
4
5import (
6	"fmt"
7	"time"
8
9	"github.com/aws/aws-sdk-go/aws"
10	"github.com/aws/aws-sdk-go/aws/awsutil"
11	"github.com/aws/aws-sdk-go/aws/request"
12	"github.com/aws/aws-sdk-go/private/protocol"
13	"github.com/aws/aws-sdk-go/private/protocol/jsonrpc"
14)
15
16const opAcceptHandshake = "AcceptHandshake"
17
18// AcceptHandshakeRequest generates a "aws/request.Request" representing the
19// client's request for the AcceptHandshake operation. The "output" return
20// value will be populated with the request's response once the request completes
21// successfully.
22//
23// Use "Send" method on the returned Request to send the API call to the service.
24// the "output" return value is not valid until after Send returns without error.
25//
26// See AcceptHandshake for more information on using the AcceptHandshake
27// API call, and error handling.
28//
29// This method is useful when you want to inject custom logic or configuration
30// into the SDK's request lifecycle. Such as custom headers, or retry logic.
31//
32//
33//    // Example sending a request using the AcceptHandshakeRequest method.
34//    req, resp := client.AcceptHandshakeRequest(params)
35//
36//    err := req.Send()
37//    if err == nil { // resp is now filled
38//        fmt.Println(resp)
39//    }
40//
41// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AcceptHandshake
42func (c *Organizations) AcceptHandshakeRequest(input *AcceptHandshakeInput) (req *request.Request, output *AcceptHandshakeOutput) {
43	op := &request.Operation{
44		Name:       opAcceptHandshake,
45		HTTPMethod: "POST",
46		HTTPPath:   "/",
47	}
48
49	if input == nil {
50		input = &AcceptHandshakeInput{}
51	}
52
53	output = &AcceptHandshakeOutput{}
54	req = c.newRequest(op, input, output)
55	return
56}
57
58// AcceptHandshake API operation for AWS Organizations.
59//
60// Sends a response to the originator of a handshake agreeing to the action
61// proposed by the handshake request.
62//
63// This operation can be called only by the following principals when they also
64// have the relevant IAM permissions:
65//
66//    * Invitation to join or Approve all features request handshakes: only
67//    a principal from the member account. The user who calls the API for an
68//    invitation to join must have the organizations:AcceptHandshake permission.
69//    If you enabled all features in the organization, the user must also have
70//    the iam:CreateServiceLinkedRole permission so that AWS Organizations can
71//    create the required service-linked role named AWSServiceRoleForOrganizations.
72//    For more information, see AWS Organizations and Service-Linked Roles (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integration_services.html#orgs_integration_service-linked-roles)
73//    in the AWS Organizations User Guide.
74//
75//    * Enable all features final confirmation handshake: only a principal from
76//    the master account. For more information about invitations, see Inviting
77//    an AWS Account to Join Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_invites.html)
78//    in the AWS Organizations User Guide. For more information about requests
79//    to enable all features in the organization, see Enabling All Features
80//    in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
81//    in the AWS Organizations User Guide.
82//
83// After you accept a handshake, it continues to appear in the results of relevant
84// APIs for only 30 days. After that, it's deleted.
85//
86// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
87// with awserr.Error's Code and Message methods to get detailed information about
88// the error.
89//
90// See the AWS API reference guide for AWS Organizations's
91// API operation AcceptHandshake for usage and error information.
92//
93// Returned Error Types:
94//   * AccessDeniedException
95//   You don't have permissions to perform the requested operation. The user or
96//   role that is making the request must have at least one IAM permissions policy
97//   attached that grants the required permissions. For more information, see
98//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
99//   in the IAM User Guide.
100//
101//   * AWSOrganizationsNotInUseException
102//   Your account isn't a member of an organization. To make this request, you
103//   must use the credentials of an account that belongs to an organization.
104//
105//   * HandshakeConstraintViolationException
106//   The requested operation would violate the constraint identified in the reason
107//   code.
108//
109//   Some of the reasons in the following list might not be applicable to this
110//   specific API or operation:
111//
112//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
113//      the number of accounts in an organization. Note that deleted and closed
114//      accounts still count toward your limit. If you get this exception immediately
115//      after creating the organization, wait one hour and try again. If after
116//      an hour it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/).
117//
118//      * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because
119//      the invited account is already a member of an organization.
120//
121//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
122//      handshakes that you can send in one day.
123//
124//      * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations
125//      to join an organization while it's in the process of enabling all features.
126//      You can resume inviting accounts after you finalize the process when all
127//      accounts have agreed to the change.
128//
129//      * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid
130//      because the organization has already enabled all features.
131//
132//      * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because
133//      the account is from a different marketplace than the accounts in the organization.
134//      For example, accounts with India addresses must be associated with the
135//      AISPL marketplace. All accounts in an organization must be from the same
136//      marketplace.
137//
138//      * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to
139//      change the membership of an account too quickly after its previous change.
140//
141//      * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an
142//      account that doesn't have a payment instrument, such as a credit card,
143//      associated with it.
144//
145//   * HandshakeNotFoundException
146//   We can't find a handshake with the HandshakeId that you specified.
147//
148//   * InvalidHandshakeTransitionException
149//   You can't perform the operation on the handshake in its current state. For
150//   example, you can't cancel a handshake that was already accepted or accept
151//   a handshake that was already declined.
152//
153//   * HandshakeAlreadyInStateException
154//   The specified handshake is already in the requested state. For example, you
155//   can't accept a handshake that was already accepted.
156//
157//   * InvalidInputException
158//   The requested operation failed because you provided invalid values for one
159//   or more of the request parameters. This exception includes a reason that
160//   contains additional information about the violated limit:
161//
162//   Some of the reasons in the following list might not be applicable to this
163//   specific API or operation.
164//
165//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
166//      can't be modified.
167//
168//      * INPUT_REQUIRED: You must include a value for all required parameters.
169//
170//      * INVALID_ENUM: You specified an invalid value.
171//
172//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
173//      characters.
174//
175//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
176//      at least one invalid value.
177//
178//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
179//      from the response to a previous call of the operation.
180//
181//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
182//      organization, or email) as a party.
183//
184//      * INVALID_PATTERN: You provided a value that doesn't match the required
185//      pattern.
186//
187//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
188//      match the required pattern.
189//
190//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
191//      name can't begin with the reserved prefix AWSServiceRoleFor.
192//
193//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
194//      Name (ARN) for the organization.
195//
196//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
197//
198//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
199//      tag. You can’t add, edit, or delete system tag keys because they're
200//      reserved for AWS use. System tags don’t count against your tags per
201//      resource limit.
202//
203//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
204//      for the operation.
205//
206//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
207//      than allowed.
208//
209//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
210//      value than allowed.
211//
212//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
213//      than allowed.
214//
215//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
216//      value than allowed.
217//
218//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
219//      between entities in the same root.
220//
221//   * ConcurrentModificationException
222//   The target of the operation is currently being modified by a different request.
223//   Try again later.
224//
225//   * ServiceException
226//   AWS Organizations can't complete your request because of an internal service
227//   error. Try again later.
228//
229//   * TooManyRequestsException
230//   You have sent too many requests in too short a period of time. The quota
231//   helps protect against denial-of-service attacks. Try again later.
232//
233//   For information about quotas that affect AWS Organizations, see Quotas for
234//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
235//   the AWS Organizations User Guide.
236//
237//   * AccessDeniedForDependencyException
238//   The operation that you attempted requires you to have the iam:CreateServiceLinkedRole
239//   for organizations.amazonaws.com permission so that AWS Organizations can
240//   create the required service-linked role. You don't have that permission.
241//
242// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AcceptHandshake
243func (c *Organizations) AcceptHandshake(input *AcceptHandshakeInput) (*AcceptHandshakeOutput, error) {
244	req, out := c.AcceptHandshakeRequest(input)
245	return out, req.Send()
246}
247
248// AcceptHandshakeWithContext is the same as AcceptHandshake with the addition of
249// the ability to pass a context and additional request options.
250//
251// See AcceptHandshake for details on how to use this API operation.
252//
253// The context must be non-nil and will be used for request cancellation. If
254// the context is nil a panic will occur. In the future the SDK may create
255// sub-contexts for http.Requests. See https://golang.org/pkg/context/
256// for more information on using Contexts.
257func (c *Organizations) AcceptHandshakeWithContext(ctx aws.Context, input *AcceptHandshakeInput, opts ...request.Option) (*AcceptHandshakeOutput, error) {
258	req, out := c.AcceptHandshakeRequest(input)
259	req.SetContext(ctx)
260	req.ApplyOptions(opts...)
261	return out, req.Send()
262}
263
264const opAttachPolicy = "AttachPolicy"
265
266// AttachPolicyRequest generates a "aws/request.Request" representing the
267// client's request for the AttachPolicy operation. The "output" return
268// value will be populated with the request's response once the request completes
269// successfully.
270//
271// Use "Send" method on the returned Request to send the API call to the service.
272// the "output" return value is not valid until after Send returns without error.
273//
274// See AttachPolicy for more information on using the AttachPolicy
275// API call, and error handling.
276//
277// This method is useful when you want to inject custom logic or configuration
278// into the SDK's request lifecycle. Such as custom headers, or retry logic.
279//
280//
281//    // Example sending a request using the AttachPolicyRequest method.
282//    req, resp := client.AttachPolicyRequest(params)
283//
284//    err := req.Send()
285//    if err == nil { // resp is now filled
286//        fmt.Println(resp)
287//    }
288//
289// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AttachPolicy
290func (c *Organizations) AttachPolicyRequest(input *AttachPolicyInput) (req *request.Request, output *AttachPolicyOutput) {
291	op := &request.Operation{
292		Name:       opAttachPolicy,
293		HTTPMethod: "POST",
294		HTTPPath:   "/",
295	}
296
297	if input == nil {
298		input = &AttachPolicyInput{}
299	}
300
301	output = &AttachPolicyOutput{}
302	req = c.newRequest(op, input, output)
303	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
304	return
305}
306
307// AttachPolicy API operation for AWS Organizations.
308//
309// Attaches a policy to a root, an organizational unit (OU), or an individual
310// account. How the policy affects accounts depends on the type of policy. Refer
311// to the AWS Organizations User Guide for information about each policy type:
312//
313//    * AISERVICES_OPT_OUT_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html)
314//
315//    * BACKUP_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html)
316//
317//    * SERVICE_CONTROL_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html)
318//
319//    * TAG_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html)
320//
321// This operation can be called only from the organization's master account.
322//
323// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
324// with awserr.Error's Code and Message methods to get detailed information about
325// the error.
326//
327// See the AWS API reference guide for AWS Organizations's
328// API operation AttachPolicy for usage and error information.
329//
330// Returned Error Types:
331//   * AccessDeniedException
332//   You don't have permissions to perform the requested operation. The user or
333//   role that is making the request must have at least one IAM permissions policy
334//   attached that grants the required permissions. For more information, see
335//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
336//   in the IAM User Guide.
337//
338//   * AWSOrganizationsNotInUseException
339//   Your account isn't a member of an organization. To make this request, you
340//   must use the credentials of an account that belongs to an organization.
341//
342//   * ConcurrentModificationException
343//   The target of the operation is currently being modified by a different request.
344//   Try again later.
345//
346//   * ConstraintViolationException
347//   Performing this operation violates a minimum or maximum value limit. For
348//   example, attempting to remove the last service control policy (SCP) from
349//   an OU or root, inviting or creating too many accounts to the organization,
350//   or attaching too many policies to an account, OU, or root. This exception
351//   includes a reason that contains additional information about the violated
352//   limit:
353//
354//   Some of the reasons in the following list might not be applicable to this
355//   specific API or operation.
356//
357//      * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master
358//      account from the organization. You can't remove the master account. Instead,
359//      after you remove all member accounts, delete the organization itself.
360//
361//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
362//      from the organization that doesn't yet have enough information to exist
363//      as a standalone account. This account requires you to first agree to the
364//      AWS Customer Agreement. Follow the steps at Removing a member account
365//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
366//      the AWS Organizations User Guide.
367//
368//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
369//      an account from the organization that doesn't yet have enough information
370//      to exist as a standalone account. This account requires you to first complete
371//      phone verification. Follow the steps at Removing a member account from
372//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
373//      in the AWS Organizations User Guide.
374//
375//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
376//      of accounts that you can create in one day.
377//
378//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
379//      the number of accounts in an organization. If you need more accounts,
380//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
381//      request an increase in your limit. Or the number of invitations that you
382//      tried to send would cause you to exceed the limit of accounts in your
383//      organization. Send fewer invitations or contact AWS Support to request
384//      an increase in the number of accounts. Deleted and closed accounts still
385//      count toward your limit. If you get this exception when running a command
386//      immediately after creating the organization, wait one hour and try again.
387//      After an hour, if the command continues to fail with this error, contact
388//      AWS Support (https://console.aws.amazon.com/support/home#/).
389//
390//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
391//      register the master account of the organization as a delegated administrator
392//      for an AWS service integrated with Organizations. You can designate only
393//      a member account as a delegated administrator.
394//
395//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
396//      an account that is registered as a delegated administrator for a service
397//      integrated with your organization. To complete this operation, you must
398//      first deregister this account as a delegated administrator.
399//
400//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
401//      organization in the specified region, you must enable all features mode.
402//
403//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
404//      an AWS account as a delegated administrator for an AWS service that already
405//      has a delegated administrator. To complete this operation, you must first
406//      deregister any existing delegated administrators for this service.
407//
408//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
409//      valid for a limited period of time. You must resubmit the request and
410//      generate a new verfication code.
411//
412//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
413//      handshakes that you can send in one day.
414//
415//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
416//      in this organization, you first must migrate the organization's master
417//      account to the marketplace that corresponds to the master account's address.
418//      For example, accounts with India addresses must be associated with the
419//      AISPL marketplace. All accounts in an organization must be associated
420//      with the same marketplace.
421//
422//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
423//      in China. To create an organization, the master must have an valid business
424//      license. For more information, contact customer support.
425//
426//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
427//      must first provide a valid contact address and phone number for the master
428//      account. Then try the operation again.
429//
430//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
431//      master account must have an associated account in the AWS GovCloud (US-West)
432//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
433//      in the AWS GovCloud User Guide.
434//
435//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
436//      with this master account, you first must associate a valid payment instrument,
437//      such as a credit card, with the account. Follow the steps at To leave
438//      an organization when all required account information has not yet been
439//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
440//      in the AWS Organizations User Guide.
441//
442//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
443//      to register more delegated administrators than allowed for the service
444//      principal.
445//
446//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
447//      number of policies of a certain type that can be attached to an entity
448//      at one time.
449//
450//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
451//      on this resource.
452//
453//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
454//      with this member account, you first must associate a valid payment instrument,
455//      such as a credit card, with the account. Follow the steps at To leave
456//      an organization when all required account information has not yet been
457//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
458//      in the AWS Organizations User Guide.
459//
460//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
461//      policy from an entity that would cause the entity to have fewer than the
462//      minimum number of policies of a certain type required.
463//
464//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
465//      that requires the organization to be configured to support all features.
466//      An organization that supports only consolidated billing features can't
467//      perform this operation.
468//
469//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
470//      too many levels deep.
471//
472//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
473//      that you can have in an organization.
474//
475//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
476//      is larger than the maximum size.
477//
478//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
479//      policies that you can have in an organization.
480//
481//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
482//      tags that are not compliant with the tag policy requirements for this
483//      account.
484//
485//   * DuplicatePolicyAttachmentException
486//   The selected policy is already attached to the specified target.
487//
488//   * InvalidInputException
489//   The requested operation failed because you provided invalid values for one
490//   or more of the request parameters. This exception includes a reason that
491//   contains additional information about the violated limit:
492//
493//   Some of the reasons in the following list might not be applicable to this
494//   specific API or operation.
495//
496//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
497//      can't be modified.
498//
499//      * INPUT_REQUIRED: You must include a value for all required parameters.
500//
501//      * INVALID_ENUM: You specified an invalid value.
502//
503//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
504//      characters.
505//
506//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
507//      at least one invalid value.
508//
509//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
510//      from the response to a previous call of the operation.
511//
512//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
513//      organization, or email) as a party.
514//
515//      * INVALID_PATTERN: You provided a value that doesn't match the required
516//      pattern.
517//
518//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
519//      match the required pattern.
520//
521//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
522//      name can't begin with the reserved prefix AWSServiceRoleFor.
523//
524//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
525//      Name (ARN) for the organization.
526//
527//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
528//
529//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
530//      tag. You can’t add, edit, or delete system tag keys because they're
531//      reserved for AWS use. System tags don’t count against your tags per
532//      resource limit.
533//
534//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
535//      for the operation.
536//
537//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
538//      than allowed.
539//
540//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
541//      value than allowed.
542//
543//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
544//      than allowed.
545//
546//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
547//      value than allowed.
548//
549//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
550//      between entities in the same root.
551//
552//   * PolicyNotFoundException
553//   We can't find a policy with the PolicyId that you specified.
554//
555//   * PolicyTypeNotEnabledException
556//   The specified policy type isn't currently enabled in this root. You can't
557//   attach policies of the specified type to entities in a root until you enable
558//   that type in the root. For more information, see Enabling All Features in
559//   Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
560//   in the AWS Organizations User Guide.
561//
562//   * ServiceException
563//   AWS Organizations can't complete your request because of an internal service
564//   error. Try again later.
565//
566//   * TargetNotFoundException
567//   We can't find a root, OU, or account with the TargetId that you specified.
568//
569//   * TooManyRequestsException
570//   You have sent too many requests in too short a period of time. The quota
571//   helps protect against denial-of-service attacks. Try again later.
572//
573//   For information about quotas that affect AWS Organizations, see Quotas for
574//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
575//   the AWS Organizations User Guide.
576//
577//   * UnsupportedAPIEndpointException
578//   This action isn't available in the current AWS Region.
579//
580//   * PolicyChangesInProgressException
581//   Changes to the effective policy are in progress, and its contents can't be
582//   returned. Try the operation again later.
583//
584// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AttachPolicy
585func (c *Organizations) AttachPolicy(input *AttachPolicyInput) (*AttachPolicyOutput, error) {
586	req, out := c.AttachPolicyRequest(input)
587	return out, req.Send()
588}
589
590// AttachPolicyWithContext is the same as AttachPolicy with the addition of
591// the ability to pass a context and additional request options.
592//
593// See AttachPolicy for details on how to use this API operation.
594//
595// The context must be non-nil and will be used for request cancellation. If
596// the context is nil a panic will occur. In the future the SDK may create
597// sub-contexts for http.Requests. See https://golang.org/pkg/context/
598// for more information on using Contexts.
599func (c *Organizations) AttachPolicyWithContext(ctx aws.Context, input *AttachPolicyInput, opts ...request.Option) (*AttachPolicyOutput, error) {
600	req, out := c.AttachPolicyRequest(input)
601	req.SetContext(ctx)
602	req.ApplyOptions(opts...)
603	return out, req.Send()
604}
605
606const opCancelHandshake = "CancelHandshake"
607
608// CancelHandshakeRequest generates a "aws/request.Request" representing the
609// client's request for the CancelHandshake operation. The "output" return
610// value will be populated with the request's response once the request completes
611// successfully.
612//
613// Use "Send" method on the returned Request to send the API call to the service.
614// the "output" return value is not valid until after Send returns without error.
615//
616// See CancelHandshake for more information on using the CancelHandshake
617// API call, and error handling.
618//
619// This method is useful when you want to inject custom logic or configuration
620// into the SDK's request lifecycle. Such as custom headers, or retry logic.
621//
622//
623//    // Example sending a request using the CancelHandshakeRequest method.
624//    req, resp := client.CancelHandshakeRequest(params)
625//
626//    err := req.Send()
627//    if err == nil { // resp is now filled
628//        fmt.Println(resp)
629//    }
630//
631// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CancelHandshake
632func (c *Organizations) CancelHandshakeRequest(input *CancelHandshakeInput) (req *request.Request, output *CancelHandshakeOutput) {
633	op := &request.Operation{
634		Name:       opCancelHandshake,
635		HTTPMethod: "POST",
636		HTTPPath:   "/",
637	}
638
639	if input == nil {
640		input = &CancelHandshakeInput{}
641	}
642
643	output = &CancelHandshakeOutput{}
644	req = c.newRequest(op, input, output)
645	return
646}
647
648// CancelHandshake API operation for AWS Organizations.
649//
650// Cancels a handshake. Canceling a handshake sets the handshake state to CANCELED.
651//
652// This operation can be called only from the account that originated the handshake.
653// The recipient of the handshake can't cancel it, but can use DeclineHandshake
654// instead. After a handshake is canceled, the recipient can no longer respond
655// to that handshake.
656//
657// After you cancel a handshake, it continues to appear in the results of relevant
658// APIs for only 30 days. After that, it's deleted.
659//
660// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
661// with awserr.Error's Code and Message methods to get detailed information about
662// the error.
663//
664// See the AWS API reference guide for AWS Organizations's
665// API operation CancelHandshake for usage and error information.
666//
667// Returned Error Types:
668//   * AccessDeniedException
669//   You don't have permissions to perform the requested operation. The user or
670//   role that is making the request must have at least one IAM permissions policy
671//   attached that grants the required permissions. For more information, see
672//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
673//   in the IAM User Guide.
674//
675//   * ConcurrentModificationException
676//   The target of the operation is currently being modified by a different request.
677//   Try again later.
678//
679//   * HandshakeNotFoundException
680//   We can't find a handshake with the HandshakeId that you specified.
681//
682//   * InvalidHandshakeTransitionException
683//   You can't perform the operation on the handshake in its current state. For
684//   example, you can't cancel a handshake that was already accepted or accept
685//   a handshake that was already declined.
686//
687//   * HandshakeAlreadyInStateException
688//   The specified handshake is already in the requested state. For example, you
689//   can't accept a handshake that was already accepted.
690//
691//   * InvalidInputException
692//   The requested operation failed because you provided invalid values for one
693//   or more of the request parameters. This exception includes a reason that
694//   contains additional information about the violated limit:
695//
696//   Some of the reasons in the following list might not be applicable to this
697//   specific API or operation.
698//
699//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
700//      can't be modified.
701//
702//      * INPUT_REQUIRED: You must include a value for all required parameters.
703//
704//      * INVALID_ENUM: You specified an invalid value.
705//
706//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
707//      characters.
708//
709//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
710//      at least one invalid value.
711//
712//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
713//      from the response to a previous call of the operation.
714//
715//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
716//      organization, or email) as a party.
717//
718//      * INVALID_PATTERN: You provided a value that doesn't match the required
719//      pattern.
720//
721//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
722//      match the required pattern.
723//
724//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
725//      name can't begin with the reserved prefix AWSServiceRoleFor.
726//
727//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
728//      Name (ARN) for the organization.
729//
730//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
731//
732//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
733//      tag. You can’t add, edit, or delete system tag keys because they're
734//      reserved for AWS use. System tags don’t count against your tags per
735//      resource limit.
736//
737//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
738//      for the operation.
739//
740//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
741//      than allowed.
742//
743//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
744//      value than allowed.
745//
746//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
747//      than allowed.
748//
749//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
750//      value than allowed.
751//
752//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
753//      between entities in the same root.
754//
755//   * ServiceException
756//   AWS Organizations can't complete your request because of an internal service
757//   error. Try again later.
758//
759//   * TooManyRequestsException
760//   You have sent too many requests in too short a period of time. The quota
761//   helps protect against denial-of-service attacks. Try again later.
762//
763//   For information about quotas that affect AWS Organizations, see Quotas for
764//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
765//   the AWS Organizations User Guide.
766//
767// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CancelHandshake
768func (c *Organizations) CancelHandshake(input *CancelHandshakeInput) (*CancelHandshakeOutput, error) {
769	req, out := c.CancelHandshakeRequest(input)
770	return out, req.Send()
771}
772
773// CancelHandshakeWithContext is the same as CancelHandshake with the addition of
774// the ability to pass a context and additional request options.
775//
776// See CancelHandshake for details on how to use this API operation.
777//
778// The context must be non-nil and will be used for request cancellation. If
779// the context is nil a panic will occur. In the future the SDK may create
780// sub-contexts for http.Requests. See https://golang.org/pkg/context/
781// for more information on using Contexts.
782func (c *Organizations) CancelHandshakeWithContext(ctx aws.Context, input *CancelHandshakeInput, opts ...request.Option) (*CancelHandshakeOutput, error) {
783	req, out := c.CancelHandshakeRequest(input)
784	req.SetContext(ctx)
785	req.ApplyOptions(opts...)
786	return out, req.Send()
787}
788
789const opCreateAccount = "CreateAccount"
790
791// CreateAccountRequest generates a "aws/request.Request" representing the
792// client's request for the CreateAccount operation. The "output" return
793// value will be populated with the request's response once the request completes
794// successfully.
795//
796// Use "Send" method on the returned Request to send the API call to the service.
797// the "output" return value is not valid until after Send returns without error.
798//
799// See CreateAccount for more information on using the CreateAccount
800// API call, and error handling.
801//
802// This method is useful when you want to inject custom logic or configuration
803// into the SDK's request lifecycle. Such as custom headers, or retry logic.
804//
805//
806//    // Example sending a request using the CreateAccountRequest method.
807//    req, resp := client.CreateAccountRequest(params)
808//
809//    err := req.Send()
810//    if err == nil { // resp is now filled
811//        fmt.Println(resp)
812//    }
813//
814// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount
815func (c *Organizations) CreateAccountRequest(input *CreateAccountInput) (req *request.Request, output *CreateAccountOutput) {
816	op := &request.Operation{
817		Name:       opCreateAccount,
818		HTTPMethod: "POST",
819		HTTPPath:   "/",
820	}
821
822	if input == nil {
823		input = &CreateAccountInput{}
824	}
825
826	output = &CreateAccountOutput{}
827	req = c.newRequest(op, input, output)
828	return
829}
830
831// CreateAccount API operation for AWS Organizations.
832//
833// Creates an AWS account that is automatically a member of the organization
834// whose credentials made the request. This is an asynchronous request that
835// AWS performs in the background. Because CreateAccount operates asynchronously,
836// it can return a successful completion message even though account initialization
837// might still be in progress. You might need to wait a few minutes before you
838// can successfully access the account. To check the status of the request,
839// do one of the following:
840//
841//    * Use the OperationId response element from this operation to provide
842//    as a parameter to the DescribeCreateAccountStatus operation.
843//
844//    * Check the AWS CloudTrail log for the CreateAccountResult event. For
845//    information on using AWS CloudTrail with AWS Organizations, see Monitoring
846//    the Activity in Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_monitoring.html)
847//    in the AWS Organizations User Guide.
848//
849// The user who calls the API to create an account must have the organizations:CreateAccount
850// permission. If you enabled all features in the organization, AWS Organizations
851// creates the required service-linked role named AWSServiceRoleForOrganizations.
852// For more information, see AWS Organizations and Service-Linked Roles (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs)
853// in the AWS Organizations User Guide.
854//
855// AWS Organizations preconfigures the new member account with a role (named
856// OrganizationAccountAccessRole by default) that grants users in the master
857// account administrator permissions in the new member account. Principals in
858// the master account can assume the role. AWS Organizations clones the company
859// name and address information for the new account from the organization's
860// master account.
861//
862// This operation can be called only from the organization's master account.
863//
864// For more information about creating accounts, see Creating an AWS Account
865// in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html)
866// in the AWS Organizations User Guide.
867//
868//    * When you create an account in an organization using the AWS Organizations
869//    console, API, or CLI commands, the information required for the account
870//    to operate as a standalone account, such as a payment method and signing
871//    the end user license agreement (EULA) is not automatically collected.
872//    If you must remove an account from your organization later, you can do
873//    so only after you provide the missing information. Follow the steps at
874//    To leave an organization as a member account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
875//    in the AWS Organizations User Guide.
876//
877//    * If you get an exception that indicates that you exceeded your account
878//    limits for the organization, contact AWS Support (https://console.aws.amazon.com/support/home#/).
879//
880//    * If you get an exception that indicates that the operation failed because
881//    your organization is still initializing, wait one hour and then try again.
882//    If the error persists, contact AWS Support (https://console.aws.amazon.com/support/home#/).
883//
884//    * Using CreateAccount to create multiple temporary accounts isn't recommended.
885//    You can only close an account from the Billing and Cost Management Console,
886//    and you must be signed in as the root user. For information on the requirements
887//    and process for closing an account, see Closing an AWS Account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html)
888//    in the AWS Organizations User Guide.
889//
890// When you create a member account with this operation, you can choose whether
891// to create the account with the IAM User and Role Access to Billing Information
892// switch enabled. If you enable it, IAM users and roles that have appropriate
893// permissions can view billing information for the account. If you disable
894// it, only the account root user can access billing information. For information
895// about how to disable this switch for an account, see Granting Access to Your
896// Billing Information and Tools (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html).
897//
898// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
899// with awserr.Error's Code and Message methods to get detailed information about
900// the error.
901//
902// See the AWS API reference guide for AWS Organizations's
903// API operation CreateAccount for usage and error information.
904//
905// Returned Error Types:
906//   * AccessDeniedException
907//   You don't have permissions to perform the requested operation. The user or
908//   role that is making the request must have at least one IAM permissions policy
909//   attached that grants the required permissions. For more information, see
910//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
911//   in the IAM User Guide.
912//
913//   * AWSOrganizationsNotInUseException
914//   Your account isn't a member of an organization. To make this request, you
915//   must use the credentials of an account that belongs to an organization.
916//
917//   * ConcurrentModificationException
918//   The target of the operation is currently being modified by a different request.
919//   Try again later.
920//
921//   * ConstraintViolationException
922//   Performing this operation violates a minimum or maximum value limit. For
923//   example, attempting to remove the last service control policy (SCP) from
924//   an OU or root, inviting or creating too many accounts to the organization,
925//   or attaching too many policies to an account, OU, or root. This exception
926//   includes a reason that contains additional information about the violated
927//   limit:
928//
929//   Some of the reasons in the following list might not be applicable to this
930//   specific API or operation.
931//
932//      * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master
933//      account from the organization. You can't remove the master account. Instead,
934//      after you remove all member accounts, delete the organization itself.
935//
936//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
937//      from the organization that doesn't yet have enough information to exist
938//      as a standalone account. This account requires you to first agree to the
939//      AWS Customer Agreement. Follow the steps at Removing a member account
940//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
941//      the AWS Organizations User Guide.
942//
943//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
944//      an account from the organization that doesn't yet have enough information
945//      to exist as a standalone account. This account requires you to first complete
946//      phone verification. Follow the steps at Removing a member account from
947//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
948//      in the AWS Organizations User Guide.
949//
950//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
951//      of accounts that you can create in one day.
952//
953//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
954//      the number of accounts in an organization. If you need more accounts,
955//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
956//      request an increase in your limit. Or the number of invitations that you
957//      tried to send would cause you to exceed the limit of accounts in your
958//      organization. Send fewer invitations or contact AWS Support to request
959//      an increase in the number of accounts. Deleted and closed accounts still
960//      count toward your limit. If you get this exception when running a command
961//      immediately after creating the organization, wait one hour and try again.
962//      After an hour, if the command continues to fail with this error, contact
963//      AWS Support (https://console.aws.amazon.com/support/home#/).
964//
965//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
966//      register the master account of the organization as a delegated administrator
967//      for an AWS service integrated with Organizations. You can designate only
968//      a member account as a delegated administrator.
969//
970//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
971//      an account that is registered as a delegated administrator for a service
972//      integrated with your organization. To complete this operation, you must
973//      first deregister this account as a delegated administrator.
974//
975//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
976//      organization in the specified region, you must enable all features mode.
977//
978//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
979//      an AWS account as a delegated administrator for an AWS service that already
980//      has a delegated administrator. To complete this operation, you must first
981//      deregister any existing delegated administrators for this service.
982//
983//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
984//      valid for a limited period of time. You must resubmit the request and
985//      generate a new verfication code.
986//
987//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
988//      handshakes that you can send in one day.
989//
990//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
991//      in this organization, you first must migrate the organization's master
992//      account to the marketplace that corresponds to the master account's address.
993//      For example, accounts with India addresses must be associated with the
994//      AISPL marketplace. All accounts in an organization must be associated
995//      with the same marketplace.
996//
997//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
998//      in China. To create an organization, the master must have an valid business
999//      license. For more information, contact customer support.
1000//
1001//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
1002//      must first provide a valid contact address and phone number for the master
1003//      account. Then try the operation again.
1004//
1005//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
1006//      master account must have an associated account in the AWS GovCloud (US-West)
1007//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
1008//      in the AWS GovCloud User Guide.
1009//
1010//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
1011//      with this master account, you first must associate a valid payment instrument,
1012//      such as a credit card, with the account. Follow the steps at To leave
1013//      an organization when all required account information has not yet been
1014//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
1015//      in the AWS Organizations User Guide.
1016//
1017//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
1018//      to register more delegated administrators than allowed for the service
1019//      principal.
1020//
1021//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
1022//      number of policies of a certain type that can be attached to an entity
1023//      at one time.
1024//
1025//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
1026//      on this resource.
1027//
1028//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
1029//      with this member account, you first must associate a valid payment instrument,
1030//      such as a credit card, with the account. Follow the steps at To leave
1031//      an organization when all required account information has not yet been
1032//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
1033//      in the AWS Organizations User Guide.
1034//
1035//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
1036//      policy from an entity that would cause the entity to have fewer than the
1037//      minimum number of policies of a certain type required.
1038//
1039//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
1040//      that requires the organization to be configured to support all features.
1041//      An organization that supports only consolidated billing features can't
1042//      perform this operation.
1043//
1044//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
1045//      too many levels deep.
1046//
1047//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
1048//      that you can have in an organization.
1049//
1050//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
1051//      is larger than the maximum size.
1052//
1053//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
1054//      policies that you can have in an organization.
1055//
1056//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
1057//      tags that are not compliant with the tag policy requirements for this
1058//      account.
1059//
1060//   * InvalidInputException
1061//   The requested operation failed because you provided invalid values for one
1062//   or more of the request parameters. This exception includes a reason that
1063//   contains additional information about the violated limit:
1064//
1065//   Some of the reasons in the following list might not be applicable to this
1066//   specific API or operation.
1067//
1068//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
1069//      can't be modified.
1070//
1071//      * INPUT_REQUIRED: You must include a value for all required parameters.
1072//
1073//      * INVALID_ENUM: You specified an invalid value.
1074//
1075//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
1076//      characters.
1077//
1078//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
1079//      at least one invalid value.
1080//
1081//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
1082//      from the response to a previous call of the operation.
1083//
1084//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
1085//      organization, or email) as a party.
1086//
1087//      * INVALID_PATTERN: You provided a value that doesn't match the required
1088//      pattern.
1089//
1090//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
1091//      match the required pattern.
1092//
1093//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
1094//      name can't begin with the reserved prefix AWSServiceRoleFor.
1095//
1096//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
1097//      Name (ARN) for the organization.
1098//
1099//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
1100//
1101//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
1102//      tag. You can’t add, edit, or delete system tag keys because they're
1103//      reserved for AWS use. System tags don’t count against your tags per
1104//      resource limit.
1105//
1106//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
1107//      for the operation.
1108//
1109//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
1110//      than allowed.
1111//
1112//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
1113//      value than allowed.
1114//
1115//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
1116//      than allowed.
1117//
1118//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
1119//      value than allowed.
1120//
1121//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
1122//      between entities in the same root.
1123//
1124//   * FinalizingOrganizationException
1125//   AWS Organizations couldn't perform the operation because your organization
1126//   hasn't finished initializing. This can take up to an hour. Try again later.
1127//   If after one hour you continue to receive this error, contact AWS Support
1128//   (https://console.aws.amazon.com/support/home#/).
1129//
1130//   * ServiceException
1131//   AWS Organizations can't complete your request because of an internal service
1132//   error. Try again later.
1133//
1134//   * TooManyRequestsException
1135//   You have sent too many requests in too short a period of time. The quota
1136//   helps protect against denial-of-service attacks. Try again later.
1137//
1138//   For information about quotas that affect AWS Organizations, see Quotas for
1139//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
1140//   the AWS Organizations User Guide.
1141//
1142//   * UnsupportedAPIEndpointException
1143//   This action isn't available in the current AWS Region.
1144//
1145// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount
1146func (c *Organizations) CreateAccount(input *CreateAccountInput) (*CreateAccountOutput, error) {
1147	req, out := c.CreateAccountRequest(input)
1148	return out, req.Send()
1149}
1150
1151// CreateAccountWithContext is the same as CreateAccount with the addition of
1152// the ability to pass a context and additional request options.
1153//
1154// See CreateAccount for details on how to use this API operation.
1155//
1156// The context must be non-nil and will be used for request cancellation. If
1157// the context is nil a panic will occur. In the future the SDK may create
1158// sub-contexts for http.Requests. See https://golang.org/pkg/context/
1159// for more information on using Contexts.
1160func (c *Organizations) CreateAccountWithContext(ctx aws.Context, input *CreateAccountInput, opts ...request.Option) (*CreateAccountOutput, error) {
1161	req, out := c.CreateAccountRequest(input)
1162	req.SetContext(ctx)
1163	req.ApplyOptions(opts...)
1164	return out, req.Send()
1165}
1166
1167const opCreateGovCloudAccount = "CreateGovCloudAccount"
1168
1169// CreateGovCloudAccountRequest generates a "aws/request.Request" representing the
1170// client's request for the CreateGovCloudAccount operation. The "output" return
1171// value will be populated with the request's response once the request completes
1172// successfully.
1173//
1174// Use "Send" method on the returned Request to send the API call to the service.
1175// the "output" return value is not valid until after Send returns without error.
1176//
1177// See CreateGovCloudAccount for more information on using the CreateGovCloudAccount
1178// API call, and error handling.
1179//
1180// This method is useful when you want to inject custom logic or configuration
1181// into the SDK's request lifecycle. Such as custom headers, or retry logic.
1182//
1183//
1184//    // Example sending a request using the CreateGovCloudAccountRequest method.
1185//    req, resp := client.CreateGovCloudAccountRequest(params)
1186//
1187//    err := req.Send()
1188//    if err == nil { // resp is now filled
1189//        fmt.Println(resp)
1190//    }
1191//
1192// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccount
1193func (c *Organizations) CreateGovCloudAccountRequest(input *CreateGovCloudAccountInput) (req *request.Request, output *CreateGovCloudAccountOutput) {
1194	op := &request.Operation{
1195		Name:       opCreateGovCloudAccount,
1196		HTTPMethod: "POST",
1197		HTTPPath:   "/",
1198	}
1199
1200	if input == nil {
1201		input = &CreateGovCloudAccountInput{}
1202	}
1203
1204	output = &CreateGovCloudAccountOutput{}
1205	req = c.newRequest(op, input, output)
1206	return
1207}
1208
1209// CreateGovCloudAccount API operation for AWS Organizations.
1210//
1211// This action is available if all of the following are true:
1212//
1213//    * You're authorized to create accounts in the AWS GovCloud (US) Region.
1214//    For more information on the AWS GovCloud (US) Region, see the AWS GovCloud
1215//    User Guide. (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/welcome.html)
1216//
1217//    * You already have an account in the AWS GovCloud (US) Region that is
1218//    associated with your master account in the commercial Region.
1219//
1220//    * You call this action from the master account of your organization in
1221//    the commercial Region.
1222//
1223//    * You have the organizations:CreateGovCloudAccount permission. AWS Organizations
1224//    creates the required service-linked role named AWSServiceRoleForOrganizations.
1225//    For more information, see AWS Organizations and Service-Linked Roles (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs)
1226//    in the AWS Organizations User Guide.
1227//
1228// AWS automatically enables AWS CloudTrail for AWS GovCloud (US) accounts,
1229// but you should also do the following:
1230//
1231//    * Verify that AWS CloudTrail is enabled to store logs.
1232//
1233//    * Create an S3 bucket for AWS CloudTrail log storage. For more information,
1234//    see Verifying AWS CloudTrail Is Enabled (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/verifying-cloudtrail.html)
1235//    in the AWS GovCloud User Guide.
1236//
1237// You call this action from the master account of your organization in the
1238// commercial Region to create a standalone AWS account in the AWS GovCloud
1239// (US) Region. After the account is created, the master account of an organization
1240// in the AWS GovCloud (US) Region can invite it to that organization. For more
1241// information on inviting standalone accounts in the AWS GovCloud (US) to join
1242// an organization, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
1243// in the AWS GovCloud User Guide.
1244//
1245// Calling CreateGovCloudAccount is an asynchronous request that AWS performs
1246// in the background. Because CreateGovCloudAccount operates asynchronously,
1247// it can return a successful completion message even though account initialization
1248// might still be in progress. You might need to wait a few minutes before you
1249// can successfully access the account. To check the status of the request,
1250// do one of the following:
1251//
1252//    * Use the OperationId response element from this operation to provide
1253//    as a parameter to the DescribeCreateAccountStatus operation.
1254//
1255//    * Check the AWS CloudTrail log for the CreateAccountResult event. For
1256//    information on using AWS CloudTrail with Organizations, see Monitoring
1257//    the Activity in Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_monitoring.html)
1258//    in the AWS Organizations User Guide.
1259//
1260// When you call the CreateGovCloudAccount action, you create two accounts:
1261// a standalone account in the AWS GovCloud (US) Region and an associated account
1262// in the commercial Region for billing and support purposes. The account in
1263// the commercial Region is automatically a member of the organization whose
1264// credentials made the request. Both accounts are associated with the same
1265// email address.
1266//
1267// A role is created in the new account in the commercial Region that allows
1268// the master account in the organization in the commercial Region to assume
1269// it. An AWS GovCloud (US) account is then created and associated with the
1270// commercial account that you just created. A role is created in the new AWS
1271// GovCloud (US) account that can be assumed by the AWS GovCloud (US) account
1272// that is associated with the master account of the commercial organization.
1273// For more information and to view a diagram that explains how account access
1274// works, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
1275// in the AWS GovCloud User Guide.
1276//
1277// For more information about creating accounts, see Creating an AWS Account
1278// in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html)
1279// in the AWS Organizations User Guide.
1280//
1281//    * When you create an account in an organization using the AWS Organizations
1282//    console, API, or CLI commands, the information required for the account
1283//    to operate as a standalone account is not automatically collected. This
1284//    includes a payment method and signing the end user license agreement (EULA).
1285//    If you must remove an account from your organization later, you can do
1286//    so only after you provide the missing information. Follow the steps at
1287//    To leave an organization as a member account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
1288//    in the AWS Organizations User Guide.
1289//
1290//    * If you get an exception that indicates that you exceeded your account
1291//    limits for the organization, contact AWS Support (https://console.aws.amazon.com/support/home#/).
1292//
1293//    * If you get an exception that indicates that the operation failed because
1294//    your organization is still initializing, wait one hour and then try again.
1295//    If the error persists, contact AWS Support (https://console.aws.amazon.com/support/home#/).
1296//
1297//    * Using CreateGovCloudAccount to create multiple temporary accounts isn't
1298//    recommended. You can only close an account from the AWS Billing and Cost
1299//    Management console, and you must be signed in as the root user. For information
1300//    on the requirements and process for closing an account, see Closing an
1301//    AWS Account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html)
1302//    in the AWS Organizations User Guide.
1303//
1304// When you create a member account with this operation, you can choose whether
1305// to create the account with the IAM User and Role Access to Billing Information
1306// switch enabled. If you enable it, IAM users and roles that have appropriate
1307// permissions can view billing information for the account. If you disable
1308// it, only the account root user can access billing information. For information
1309// about how to disable this switch for an account, see Granting Access to Your
1310// Billing Information and Tools (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html).
1311//
1312// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
1313// with awserr.Error's Code and Message methods to get detailed information about
1314// the error.
1315//
1316// See the AWS API reference guide for AWS Organizations's
1317// API operation CreateGovCloudAccount for usage and error information.
1318//
1319// Returned Error Types:
1320//   * AccessDeniedException
1321//   You don't have permissions to perform the requested operation. The user or
1322//   role that is making the request must have at least one IAM permissions policy
1323//   attached that grants the required permissions. For more information, see
1324//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
1325//   in the IAM User Guide.
1326//
1327//   * AWSOrganizationsNotInUseException
1328//   Your account isn't a member of an organization. To make this request, you
1329//   must use the credentials of an account that belongs to an organization.
1330//
1331//   * ConcurrentModificationException
1332//   The target of the operation is currently being modified by a different request.
1333//   Try again later.
1334//
1335//   * ConstraintViolationException
1336//   Performing this operation violates a minimum or maximum value limit. For
1337//   example, attempting to remove the last service control policy (SCP) from
1338//   an OU or root, inviting or creating too many accounts to the organization,
1339//   or attaching too many policies to an account, OU, or root. This exception
1340//   includes a reason that contains additional information about the violated
1341//   limit:
1342//
1343//   Some of the reasons in the following list might not be applicable to this
1344//   specific API or operation.
1345//
1346//      * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master
1347//      account from the organization. You can't remove the master account. Instead,
1348//      after you remove all member accounts, delete the organization itself.
1349//
1350//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
1351//      from the organization that doesn't yet have enough information to exist
1352//      as a standalone account. This account requires you to first agree to the
1353//      AWS Customer Agreement. Follow the steps at Removing a member account
1354//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
1355//      the AWS Organizations User Guide.
1356//
1357//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
1358//      an account from the organization that doesn't yet have enough information
1359//      to exist as a standalone account. This account requires you to first complete
1360//      phone verification. Follow the steps at Removing a member account from
1361//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
1362//      in the AWS Organizations User Guide.
1363//
1364//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
1365//      of accounts that you can create in one day.
1366//
1367//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
1368//      the number of accounts in an organization. If you need more accounts,
1369//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
1370//      request an increase in your limit. Or the number of invitations that you
1371//      tried to send would cause you to exceed the limit of accounts in your
1372//      organization. Send fewer invitations or contact AWS Support to request
1373//      an increase in the number of accounts. Deleted and closed accounts still
1374//      count toward your limit. If you get this exception when running a command
1375//      immediately after creating the organization, wait one hour and try again.
1376//      After an hour, if the command continues to fail with this error, contact
1377//      AWS Support (https://console.aws.amazon.com/support/home#/).
1378//
1379//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
1380//      register the master account of the organization as a delegated administrator
1381//      for an AWS service integrated with Organizations. You can designate only
1382//      a member account as a delegated administrator.
1383//
1384//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
1385//      an account that is registered as a delegated administrator for a service
1386//      integrated with your organization. To complete this operation, you must
1387//      first deregister this account as a delegated administrator.
1388//
1389//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
1390//      organization in the specified region, you must enable all features mode.
1391//
1392//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
1393//      an AWS account as a delegated administrator for an AWS service that already
1394//      has a delegated administrator. To complete this operation, you must first
1395//      deregister any existing delegated administrators for this service.
1396//
1397//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
1398//      valid for a limited period of time. You must resubmit the request and
1399//      generate a new verfication code.
1400//
1401//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
1402//      handshakes that you can send in one day.
1403//
1404//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
1405//      in this organization, you first must migrate the organization's master
1406//      account to the marketplace that corresponds to the master account's address.
1407//      For example, accounts with India addresses must be associated with the
1408//      AISPL marketplace. All accounts in an organization must be associated
1409//      with the same marketplace.
1410//
1411//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
1412//      in China. To create an organization, the master must have an valid business
1413//      license. For more information, contact customer support.
1414//
1415//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
1416//      must first provide a valid contact address and phone number for the master
1417//      account. Then try the operation again.
1418//
1419//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
1420//      master account must have an associated account in the AWS GovCloud (US-West)
1421//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
1422//      in the AWS GovCloud User Guide.
1423//
1424//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
1425//      with this master account, you first must associate a valid payment instrument,
1426//      such as a credit card, with the account. Follow the steps at To leave
1427//      an organization when all required account information has not yet been
1428//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
1429//      in the AWS Organizations User Guide.
1430//
1431//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
1432//      to register more delegated administrators than allowed for the service
1433//      principal.
1434//
1435//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
1436//      number of policies of a certain type that can be attached to an entity
1437//      at one time.
1438//
1439//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
1440//      on this resource.
1441//
1442//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
1443//      with this member account, you first must associate a valid payment instrument,
1444//      such as a credit card, with the account. Follow the steps at To leave
1445//      an organization when all required account information has not yet been
1446//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
1447//      in the AWS Organizations User Guide.
1448//
1449//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
1450//      policy from an entity that would cause the entity to have fewer than the
1451//      minimum number of policies of a certain type required.
1452//
1453//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
1454//      that requires the organization to be configured to support all features.
1455//      An organization that supports only consolidated billing features can't
1456//      perform this operation.
1457//
1458//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
1459//      too many levels deep.
1460//
1461//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
1462//      that you can have in an organization.
1463//
1464//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
1465//      is larger than the maximum size.
1466//
1467//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
1468//      policies that you can have in an organization.
1469//
1470//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
1471//      tags that are not compliant with the tag policy requirements for this
1472//      account.
1473//
1474//   * InvalidInputException
1475//   The requested operation failed because you provided invalid values for one
1476//   or more of the request parameters. This exception includes a reason that
1477//   contains additional information about the violated limit:
1478//
1479//   Some of the reasons in the following list might not be applicable to this
1480//   specific API or operation.
1481//
1482//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
1483//      can't be modified.
1484//
1485//      * INPUT_REQUIRED: You must include a value for all required parameters.
1486//
1487//      * INVALID_ENUM: You specified an invalid value.
1488//
1489//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
1490//      characters.
1491//
1492//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
1493//      at least one invalid value.
1494//
1495//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
1496//      from the response to a previous call of the operation.
1497//
1498//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
1499//      organization, or email) as a party.
1500//
1501//      * INVALID_PATTERN: You provided a value that doesn't match the required
1502//      pattern.
1503//
1504//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
1505//      match the required pattern.
1506//
1507//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
1508//      name can't begin with the reserved prefix AWSServiceRoleFor.
1509//
1510//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
1511//      Name (ARN) for the organization.
1512//
1513//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
1514//
1515//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
1516//      tag. You can’t add, edit, or delete system tag keys because they're
1517//      reserved for AWS use. System tags don’t count against your tags per
1518//      resource limit.
1519//
1520//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
1521//      for the operation.
1522//
1523//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
1524//      than allowed.
1525//
1526//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
1527//      value than allowed.
1528//
1529//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
1530//      than allowed.
1531//
1532//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
1533//      value than allowed.
1534//
1535//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
1536//      between entities in the same root.
1537//
1538//   * FinalizingOrganizationException
1539//   AWS Organizations couldn't perform the operation because your organization
1540//   hasn't finished initializing. This can take up to an hour. Try again later.
1541//   If after one hour you continue to receive this error, contact AWS Support
1542//   (https://console.aws.amazon.com/support/home#/).
1543//
1544//   * ServiceException
1545//   AWS Organizations can't complete your request because of an internal service
1546//   error. Try again later.
1547//
1548//   * TooManyRequestsException
1549//   You have sent too many requests in too short a period of time. The quota
1550//   helps protect against denial-of-service attacks. Try again later.
1551//
1552//   For information about quotas that affect AWS Organizations, see Quotas for
1553//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
1554//   the AWS Organizations User Guide.
1555//
1556//   * UnsupportedAPIEndpointException
1557//   This action isn't available in the current AWS Region.
1558//
1559// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccount
1560func (c *Organizations) CreateGovCloudAccount(input *CreateGovCloudAccountInput) (*CreateGovCloudAccountOutput, error) {
1561	req, out := c.CreateGovCloudAccountRequest(input)
1562	return out, req.Send()
1563}
1564
1565// CreateGovCloudAccountWithContext is the same as CreateGovCloudAccount with the addition of
1566// the ability to pass a context and additional request options.
1567//
1568// See CreateGovCloudAccount for details on how to use this API operation.
1569//
1570// The context must be non-nil and will be used for request cancellation. If
1571// the context is nil a panic will occur. In the future the SDK may create
1572// sub-contexts for http.Requests. See https://golang.org/pkg/context/
1573// for more information on using Contexts.
1574func (c *Organizations) CreateGovCloudAccountWithContext(ctx aws.Context, input *CreateGovCloudAccountInput, opts ...request.Option) (*CreateGovCloudAccountOutput, error) {
1575	req, out := c.CreateGovCloudAccountRequest(input)
1576	req.SetContext(ctx)
1577	req.ApplyOptions(opts...)
1578	return out, req.Send()
1579}
1580
1581const opCreateOrganization = "CreateOrganization"
1582
1583// CreateOrganizationRequest generates a "aws/request.Request" representing the
1584// client's request for the CreateOrganization operation. The "output" return
1585// value will be populated with the request's response once the request completes
1586// successfully.
1587//
1588// Use "Send" method on the returned Request to send the API call to the service.
1589// the "output" return value is not valid until after Send returns without error.
1590//
1591// See CreateOrganization for more information on using the CreateOrganization
1592// API call, and error handling.
1593//
1594// This method is useful when you want to inject custom logic or configuration
1595// into the SDK's request lifecycle. Such as custom headers, or retry logic.
1596//
1597//
1598//    // Example sending a request using the CreateOrganizationRequest method.
1599//    req, resp := client.CreateOrganizationRequest(params)
1600//
1601//    err := req.Send()
1602//    if err == nil { // resp is now filled
1603//        fmt.Println(resp)
1604//    }
1605//
1606// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganization
1607func (c *Organizations) CreateOrganizationRequest(input *CreateOrganizationInput) (req *request.Request, output *CreateOrganizationOutput) {
1608	op := &request.Operation{
1609		Name:       opCreateOrganization,
1610		HTTPMethod: "POST",
1611		HTTPPath:   "/",
1612	}
1613
1614	if input == nil {
1615		input = &CreateOrganizationInput{}
1616	}
1617
1618	output = &CreateOrganizationOutput{}
1619	req = c.newRequest(op, input, output)
1620	return
1621}
1622
1623// CreateOrganization API operation for AWS Organizations.
1624//
1625// Creates an AWS organization. The account whose user is calling the CreateOrganization
1626// operation automatically becomes the master account (https://docs.aws.amazon.com/IAM/latest/UserGuide/orgs_getting-started_concepts.html#account)
1627// of the new organization.
1628//
1629// This operation must be called using credentials from the account that is
1630// to become the new organization's master account. The principal must also
1631// have the relevant IAM permissions.
1632//
1633// By default (or if you set the FeatureSet parameter to ALL), the new organization
1634// is created with all features enabled and service control policies automatically
1635// enabled in the root. If you instead choose to create the organization supporting
1636// only the consolidated billing features by setting the FeatureSet parameter
1637// to CONSOLIDATED_BILLING", no policy types are enabled by default, and you
1638// can't use organization policies
1639//
1640// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
1641// with awserr.Error's Code and Message methods to get detailed information about
1642// the error.
1643//
1644// See the AWS API reference guide for AWS Organizations's
1645// API operation CreateOrganization for usage and error information.
1646//
1647// Returned Error Types:
1648//   * AccessDeniedException
1649//   You don't have permissions to perform the requested operation. The user or
1650//   role that is making the request must have at least one IAM permissions policy
1651//   attached that grants the required permissions. For more information, see
1652//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
1653//   in the IAM User Guide.
1654//
1655//   * AlreadyInOrganizationException
1656//   This account is already a member of an organization. An account can belong
1657//   to only one organization at a time.
1658//
1659//   * ConcurrentModificationException
1660//   The target of the operation is currently being modified by a different request.
1661//   Try again later.
1662//
1663//   * ConstraintViolationException
1664//   Performing this operation violates a minimum or maximum value limit. For
1665//   example, attempting to remove the last service control policy (SCP) from
1666//   an OU or root, inviting or creating too many accounts to the organization,
1667//   or attaching too many policies to an account, OU, or root. This exception
1668//   includes a reason that contains additional information about the violated
1669//   limit:
1670//
1671//   Some of the reasons in the following list might not be applicable to this
1672//   specific API or operation.
1673//
1674//      * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master
1675//      account from the organization. You can't remove the master account. Instead,
1676//      after you remove all member accounts, delete the organization itself.
1677//
1678//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
1679//      from the organization that doesn't yet have enough information to exist
1680//      as a standalone account. This account requires you to first agree to the
1681//      AWS Customer Agreement. Follow the steps at Removing a member account
1682//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
1683//      the AWS Organizations User Guide.
1684//
1685//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
1686//      an account from the organization that doesn't yet have enough information
1687//      to exist as a standalone account. This account requires you to first complete
1688//      phone verification. Follow the steps at Removing a member account from
1689//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
1690//      in the AWS Organizations User Guide.
1691//
1692//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
1693//      of accounts that you can create in one day.
1694//
1695//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
1696//      the number of accounts in an organization. If you need more accounts,
1697//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
1698//      request an increase in your limit. Or the number of invitations that you
1699//      tried to send would cause you to exceed the limit of accounts in your
1700//      organization. Send fewer invitations or contact AWS Support to request
1701//      an increase in the number of accounts. Deleted and closed accounts still
1702//      count toward your limit. If you get this exception when running a command
1703//      immediately after creating the organization, wait one hour and try again.
1704//      After an hour, if the command continues to fail with this error, contact
1705//      AWS Support (https://console.aws.amazon.com/support/home#/).
1706//
1707//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
1708//      register the master account of the organization as a delegated administrator
1709//      for an AWS service integrated with Organizations. You can designate only
1710//      a member account as a delegated administrator.
1711//
1712//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
1713//      an account that is registered as a delegated administrator for a service
1714//      integrated with your organization. To complete this operation, you must
1715//      first deregister this account as a delegated administrator.
1716//
1717//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
1718//      organization in the specified region, you must enable all features mode.
1719//
1720//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
1721//      an AWS account as a delegated administrator for an AWS service that already
1722//      has a delegated administrator. To complete this operation, you must first
1723//      deregister any existing delegated administrators for this service.
1724//
1725//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
1726//      valid for a limited period of time. You must resubmit the request and
1727//      generate a new verfication code.
1728//
1729//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
1730//      handshakes that you can send in one day.
1731//
1732//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
1733//      in this organization, you first must migrate the organization's master
1734//      account to the marketplace that corresponds to the master account's address.
1735//      For example, accounts with India addresses must be associated with the
1736//      AISPL marketplace. All accounts in an organization must be associated
1737//      with the same marketplace.
1738//
1739//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
1740//      in China. To create an organization, the master must have an valid business
1741//      license. For more information, contact customer support.
1742//
1743//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
1744//      must first provide a valid contact address and phone number for the master
1745//      account. Then try the operation again.
1746//
1747//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
1748//      master account must have an associated account in the AWS GovCloud (US-West)
1749//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
1750//      in the AWS GovCloud User Guide.
1751//
1752//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
1753//      with this master account, you first must associate a valid payment instrument,
1754//      such as a credit card, with the account. Follow the steps at To leave
1755//      an organization when all required account information has not yet been
1756//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
1757//      in the AWS Organizations User Guide.
1758//
1759//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
1760//      to register more delegated administrators than allowed for the service
1761//      principal.
1762//
1763//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
1764//      number of policies of a certain type that can be attached to an entity
1765//      at one time.
1766//
1767//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
1768//      on this resource.
1769//
1770//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
1771//      with this member account, you first must associate a valid payment instrument,
1772//      such as a credit card, with the account. Follow the steps at To leave
1773//      an organization when all required account information has not yet been
1774//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
1775//      in the AWS Organizations User Guide.
1776//
1777//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
1778//      policy from an entity that would cause the entity to have fewer than the
1779//      minimum number of policies of a certain type required.
1780//
1781//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
1782//      that requires the organization to be configured to support all features.
1783//      An organization that supports only consolidated billing features can't
1784//      perform this operation.
1785//
1786//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
1787//      too many levels deep.
1788//
1789//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
1790//      that you can have in an organization.
1791//
1792//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
1793//      is larger than the maximum size.
1794//
1795//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
1796//      policies that you can have in an organization.
1797//
1798//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
1799//      tags that are not compliant with the tag policy requirements for this
1800//      account.
1801//
1802//   * InvalidInputException
1803//   The requested operation failed because you provided invalid values for one
1804//   or more of the request parameters. This exception includes a reason that
1805//   contains additional information about the violated limit:
1806//
1807//   Some of the reasons in the following list might not be applicable to this
1808//   specific API or operation.
1809//
1810//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
1811//      can't be modified.
1812//
1813//      * INPUT_REQUIRED: You must include a value for all required parameters.
1814//
1815//      * INVALID_ENUM: You specified an invalid value.
1816//
1817//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
1818//      characters.
1819//
1820//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
1821//      at least one invalid value.
1822//
1823//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
1824//      from the response to a previous call of the operation.
1825//
1826//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
1827//      organization, or email) as a party.
1828//
1829//      * INVALID_PATTERN: You provided a value that doesn't match the required
1830//      pattern.
1831//
1832//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
1833//      match the required pattern.
1834//
1835//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
1836//      name can't begin with the reserved prefix AWSServiceRoleFor.
1837//
1838//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
1839//      Name (ARN) for the organization.
1840//
1841//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
1842//
1843//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
1844//      tag. You can’t add, edit, or delete system tag keys because they're
1845//      reserved for AWS use. System tags don’t count against your tags per
1846//      resource limit.
1847//
1848//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
1849//      for the operation.
1850//
1851//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
1852//      than allowed.
1853//
1854//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
1855//      value than allowed.
1856//
1857//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
1858//      than allowed.
1859//
1860//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
1861//      value than allowed.
1862//
1863//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
1864//      between entities in the same root.
1865//
1866//   * ServiceException
1867//   AWS Organizations can't complete your request because of an internal service
1868//   error. Try again later.
1869//
1870//   * TooManyRequestsException
1871//   You have sent too many requests in too short a period of time. The quota
1872//   helps protect against denial-of-service attacks. Try again later.
1873//
1874//   For information about quotas that affect AWS Organizations, see Quotas for
1875//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
1876//   the AWS Organizations User Guide.
1877//
1878//   * AccessDeniedForDependencyException
1879//   The operation that you attempted requires you to have the iam:CreateServiceLinkedRole
1880//   for organizations.amazonaws.com permission so that AWS Organizations can
1881//   create the required service-linked role. You don't have that permission.
1882//
1883// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganization
1884func (c *Organizations) CreateOrganization(input *CreateOrganizationInput) (*CreateOrganizationOutput, error) {
1885	req, out := c.CreateOrganizationRequest(input)
1886	return out, req.Send()
1887}
1888
1889// CreateOrganizationWithContext is the same as CreateOrganization with the addition of
1890// the ability to pass a context and additional request options.
1891//
1892// See CreateOrganization for details on how to use this API operation.
1893//
1894// The context must be non-nil and will be used for request cancellation. If
1895// the context is nil a panic will occur. In the future the SDK may create
1896// sub-contexts for http.Requests. See https://golang.org/pkg/context/
1897// for more information on using Contexts.
1898func (c *Organizations) CreateOrganizationWithContext(ctx aws.Context, input *CreateOrganizationInput, opts ...request.Option) (*CreateOrganizationOutput, error) {
1899	req, out := c.CreateOrganizationRequest(input)
1900	req.SetContext(ctx)
1901	req.ApplyOptions(opts...)
1902	return out, req.Send()
1903}
1904
1905const opCreateOrganizationalUnit = "CreateOrganizationalUnit"
1906
1907// CreateOrganizationalUnitRequest generates a "aws/request.Request" representing the
1908// client's request for the CreateOrganizationalUnit operation. The "output" return
1909// value will be populated with the request's response once the request completes
1910// successfully.
1911//
1912// Use "Send" method on the returned Request to send the API call to the service.
1913// the "output" return value is not valid until after Send returns without error.
1914//
1915// See CreateOrganizationalUnit for more information on using the CreateOrganizationalUnit
1916// API call, and error handling.
1917//
1918// This method is useful when you want to inject custom logic or configuration
1919// into the SDK's request lifecycle. Such as custom headers, or retry logic.
1920//
1921//
1922//    // Example sending a request using the CreateOrganizationalUnitRequest method.
1923//    req, resp := client.CreateOrganizationalUnitRequest(params)
1924//
1925//    err := req.Send()
1926//    if err == nil { // resp is now filled
1927//        fmt.Println(resp)
1928//    }
1929//
1930// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationalUnit
1931func (c *Organizations) CreateOrganizationalUnitRequest(input *CreateOrganizationalUnitInput) (req *request.Request, output *CreateOrganizationalUnitOutput) {
1932	op := &request.Operation{
1933		Name:       opCreateOrganizationalUnit,
1934		HTTPMethod: "POST",
1935		HTTPPath:   "/",
1936	}
1937
1938	if input == nil {
1939		input = &CreateOrganizationalUnitInput{}
1940	}
1941
1942	output = &CreateOrganizationalUnitOutput{}
1943	req = c.newRequest(op, input, output)
1944	return
1945}
1946
1947// CreateOrganizationalUnit API operation for AWS Organizations.
1948//
1949// Creates an organizational unit (OU) within a root or parent OU. An OU is
1950// a container for accounts that enables you to organize your accounts to apply
1951// policies according to your business requirements. The number of levels deep
1952// that you can nest OUs is dependent upon the policy types enabled for that
1953// root. For service control policies, the limit is five.
1954//
1955// For more information about OUs, see Managing Organizational Units (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_ous.html)
1956// in the AWS Organizations User Guide.
1957//
1958// This operation can be called only from the organization's master account.
1959//
1960// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
1961// with awserr.Error's Code and Message methods to get detailed information about
1962// the error.
1963//
1964// See the AWS API reference guide for AWS Organizations's
1965// API operation CreateOrganizationalUnit for usage and error information.
1966//
1967// Returned Error Types:
1968//   * AccessDeniedException
1969//   You don't have permissions to perform the requested operation. The user or
1970//   role that is making the request must have at least one IAM permissions policy
1971//   attached that grants the required permissions. For more information, see
1972//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
1973//   in the IAM User Guide.
1974//
1975//   * AWSOrganizationsNotInUseException
1976//   Your account isn't a member of an organization. To make this request, you
1977//   must use the credentials of an account that belongs to an organization.
1978//
1979//   * ConcurrentModificationException
1980//   The target of the operation is currently being modified by a different request.
1981//   Try again later.
1982//
1983//   * ConstraintViolationException
1984//   Performing this operation violates a minimum or maximum value limit. For
1985//   example, attempting to remove the last service control policy (SCP) from
1986//   an OU or root, inviting or creating too many accounts to the organization,
1987//   or attaching too many policies to an account, OU, or root. This exception
1988//   includes a reason that contains additional information about the violated
1989//   limit:
1990//
1991//   Some of the reasons in the following list might not be applicable to this
1992//   specific API or operation.
1993//
1994//      * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master
1995//      account from the organization. You can't remove the master account. Instead,
1996//      after you remove all member accounts, delete the organization itself.
1997//
1998//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
1999//      from the organization that doesn't yet have enough information to exist
2000//      as a standalone account. This account requires you to first agree to the
2001//      AWS Customer Agreement. Follow the steps at Removing a member account
2002//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
2003//      the AWS Organizations User Guide.
2004//
2005//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
2006//      an account from the organization that doesn't yet have enough information
2007//      to exist as a standalone account. This account requires you to first complete
2008//      phone verification. Follow the steps at Removing a member account from
2009//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
2010//      in the AWS Organizations User Guide.
2011//
2012//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
2013//      of accounts that you can create in one day.
2014//
2015//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
2016//      the number of accounts in an organization. If you need more accounts,
2017//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
2018//      request an increase in your limit. Or the number of invitations that you
2019//      tried to send would cause you to exceed the limit of accounts in your
2020//      organization. Send fewer invitations or contact AWS Support to request
2021//      an increase in the number of accounts. Deleted and closed accounts still
2022//      count toward your limit. If you get this exception when running a command
2023//      immediately after creating the organization, wait one hour and try again.
2024//      After an hour, if the command continues to fail with this error, contact
2025//      AWS Support (https://console.aws.amazon.com/support/home#/).
2026//
2027//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
2028//      register the master account of the organization as a delegated administrator
2029//      for an AWS service integrated with Organizations. You can designate only
2030//      a member account as a delegated administrator.
2031//
2032//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
2033//      an account that is registered as a delegated administrator for a service
2034//      integrated with your organization. To complete this operation, you must
2035//      first deregister this account as a delegated administrator.
2036//
2037//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
2038//      organization in the specified region, you must enable all features mode.
2039//
2040//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
2041//      an AWS account as a delegated administrator for an AWS service that already
2042//      has a delegated administrator. To complete this operation, you must first
2043//      deregister any existing delegated administrators for this service.
2044//
2045//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
2046//      valid for a limited period of time. You must resubmit the request and
2047//      generate a new verfication code.
2048//
2049//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
2050//      handshakes that you can send in one day.
2051//
2052//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
2053//      in this organization, you first must migrate the organization's master
2054//      account to the marketplace that corresponds to the master account's address.
2055//      For example, accounts with India addresses must be associated with the
2056//      AISPL marketplace. All accounts in an organization must be associated
2057//      with the same marketplace.
2058//
2059//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
2060//      in China. To create an organization, the master must have an valid business
2061//      license. For more information, contact customer support.
2062//
2063//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
2064//      must first provide a valid contact address and phone number for the master
2065//      account. Then try the operation again.
2066//
2067//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
2068//      master account must have an associated account in the AWS GovCloud (US-West)
2069//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
2070//      in the AWS GovCloud User Guide.
2071//
2072//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
2073//      with this master account, you first must associate a valid payment instrument,
2074//      such as a credit card, with the account. Follow the steps at To leave
2075//      an organization when all required account information has not yet been
2076//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
2077//      in the AWS Organizations User Guide.
2078//
2079//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
2080//      to register more delegated administrators than allowed for the service
2081//      principal.
2082//
2083//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
2084//      number of policies of a certain type that can be attached to an entity
2085//      at one time.
2086//
2087//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
2088//      on this resource.
2089//
2090//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
2091//      with this member account, you first must associate a valid payment instrument,
2092//      such as a credit card, with the account. Follow the steps at To leave
2093//      an organization when all required account information has not yet been
2094//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
2095//      in the AWS Organizations User Guide.
2096//
2097//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
2098//      policy from an entity that would cause the entity to have fewer than the
2099//      minimum number of policies of a certain type required.
2100//
2101//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
2102//      that requires the organization to be configured to support all features.
2103//      An organization that supports only consolidated billing features can't
2104//      perform this operation.
2105//
2106//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
2107//      too many levels deep.
2108//
2109//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
2110//      that you can have in an organization.
2111//
2112//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
2113//      is larger than the maximum size.
2114//
2115//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
2116//      policies that you can have in an organization.
2117//
2118//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
2119//      tags that are not compliant with the tag policy requirements for this
2120//      account.
2121//
2122//   * DuplicateOrganizationalUnitException
2123//   An OU with the same name already exists.
2124//
2125//   * InvalidInputException
2126//   The requested operation failed because you provided invalid values for one
2127//   or more of the request parameters. This exception includes a reason that
2128//   contains additional information about the violated limit:
2129//
2130//   Some of the reasons in the following list might not be applicable to this
2131//   specific API or operation.
2132//
2133//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
2134//      can't be modified.
2135//
2136//      * INPUT_REQUIRED: You must include a value for all required parameters.
2137//
2138//      * INVALID_ENUM: You specified an invalid value.
2139//
2140//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
2141//      characters.
2142//
2143//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
2144//      at least one invalid value.
2145//
2146//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
2147//      from the response to a previous call of the operation.
2148//
2149//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
2150//      organization, or email) as a party.
2151//
2152//      * INVALID_PATTERN: You provided a value that doesn't match the required
2153//      pattern.
2154//
2155//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
2156//      match the required pattern.
2157//
2158//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
2159//      name can't begin with the reserved prefix AWSServiceRoleFor.
2160//
2161//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
2162//      Name (ARN) for the organization.
2163//
2164//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
2165//
2166//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
2167//      tag. You can’t add, edit, or delete system tag keys because they're
2168//      reserved for AWS use. System tags don’t count against your tags per
2169//      resource limit.
2170//
2171//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
2172//      for the operation.
2173//
2174//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
2175//      than allowed.
2176//
2177//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
2178//      value than allowed.
2179//
2180//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
2181//      than allowed.
2182//
2183//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
2184//      value than allowed.
2185//
2186//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
2187//      between entities in the same root.
2188//
2189//   * ParentNotFoundException
2190//   We can't find a root or OU with the ParentId that you specified.
2191//
2192//   * ServiceException
2193//   AWS Organizations can't complete your request because of an internal service
2194//   error. Try again later.
2195//
2196//   * TooManyRequestsException
2197//   You have sent too many requests in too short a period of time. The quota
2198//   helps protect against denial-of-service attacks. Try again later.
2199//
2200//   For information about quotas that affect AWS Organizations, see Quotas for
2201//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
2202//   the AWS Organizations User Guide.
2203//
2204// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationalUnit
2205func (c *Organizations) CreateOrganizationalUnit(input *CreateOrganizationalUnitInput) (*CreateOrganizationalUnitOutput, error) {
2206	req, out := c.CreateOrganizationalUnitRequest(input)
2207	return out, req.Send()
2208}
2209
2210// CreateOrganizationalUnitWithContext is the same as CreateOrganizationalUnit with the addition of
2211// the ability to pass a context and additional request options.
2212//
2213// See CreateOrganizationalUnit for details on how to use this API operation.
2214//
2215// The context must be non-nil and will be used for request cancellation. If
2216// the context is nil a panic will occur. In the future the SDK may create
2217// sub-contexts for http.Requests. See https://golang.org/pkg/context/
2218// for more information on using Contexts.
2219func (c *Organizations) CreateOrganizationalUnitWithContext(ctx aws.Context, input *CreateOrganizationalUnitInput, opts ...request.Option) (*CreateOrganizationalUnitOutput, error) {
2220	req, out := c.CreateOrganizationalUnitRequest(input)
2221	req.SetContext(ctx)
2222	req.ApplyOptions(opts...)
2223	return out, req.Send()
2224}
2225
2226const opCreatePolicy = "CreatePolicy"
2227
2228// CreatePolicyRequest generates a "aws/request.Request" representing the
2229// client's request for the CreatePolicy operation. The "output" return
2230// value will be populated with the request's response once the request completes
2231// successfully.
2232//
2233// Use "Send" method on the returned Request to send the API call to the service.
2234// the "output" return value is not valid until after Send returns without error.
2235//
2236// See CreatePolicy for more information on using the CreatePolicy
2237// API call, and error handling.
2238//
2239// This method is useful when you want to inject custom logic or configuration
2240// into the SDK's request lifecycle. Such as custom headers, or retry logic.
2241//
2242//
2243//    // Example sending a request using the CreatePolicyRequest method.
2244//    req, resp := client.CreatePolicyRequest(params)
2245//
2246//    err := req.Send()
2247//    if err == nil { // resp is now filled
2248//        fmt.Println(resp)
2249//    }
2250//
2251// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicy
2252func (c *Organizations) CreatePolicyRequest(input *CreatePolicyInput) (req *request.Request, output *CreatePolicyOutput) {
2253	op := &request.Operation{
2254		Name:       opCreatePolicy,
2255		HTTPMethod: "POST",
2256		HTTPPath:   "/",
2257	}
2258
2259	if input == nil {
2260		input = &CreatePolicyInput{}
2261	}
2262
2263	output = &CreatePolicyOutput{}
2264	req = c.newRequest(op, input, output)
2265	return
2266}
2267
2268// CreatePolicy API operation for AWS Organizations.
2269//
2270// Creates a policy of a specified type that you can attach to a root, an organizational
2271// unit (OU), or an individual AWS account.
2272//
2273// For more information about policies and their use, see Managing Organization
2274// Policies (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html).
2275//
2276// This operation can be called only from the organization's master account.
2277//
2278// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
2279// with awserr.Error's Code and Message methods to get detailed information about
2280// the error.
2281//
2282// See the AWS API reference guide for AWS Organizations's
2283// API operation CreatePolicy for usage and error information.
2284//
2285// Returned Error Types:
2286//   * AccessDeniedException
2287//   You don't have permissions to perform the requested operation. The user or
2288//   role that is making the request must have at least one IAM permissions policy
2289//   attached that grants the required permissions. For more information, see
2290//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
2291//   in the IAM User Guide.
2292//
2293//   * AWSOrganizationsNotInUseException
2294//   Your account isn't a member of an organization. To make this request, you
2295//   must use the credentials of an account that belongs to an organization.
2296//
2297//   * ConcurrentModificationException
2298//   The target of the operation is currently being modified by a different request.
2299//   Try again later.
2300//
2301//   * ConstraintViolationException
2302//   Performing this operation violates a minimum or maximum value limit. For
2303//   example, attempting to remove the last service control policy (SCP) from
2304//   an OU or root, inviting or creating too many accounts to the organization,
2305//   or attaching too many policies to an account, OU, or root. This exception
2306//   includes a reason that contains additional information about the violated
2307//   limit:
2308//
2309//   Some of the reasons in the following list might not be applicable to this
2310//   specific API or operation.
2311//
2312//      * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master
2313//      account from the organization. You can't remove the master account. Instead,
2314//      after you remove all member accounts, delete the organization itself.
2315//
2316//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
2317//      from the organization that doesn't yet have enough information to exist
2318//      as a standalone account. This account requires you to first agree to the
2319//      AWS Customer Agreement. Follow the steps at Removing a member account
2320//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
2321//      the AWS Organizations User Guide.
2322//
2323//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
2324//      an account from the organization that doesn't yet have enough information
2325//      to exist as a standalone account. This account requires you to first complete
2326//      phone verification. Follow the steps at Removing a member account from
2327//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
2328//      in the AWS Organizations User Guide.
2329//
2330//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
2331//      of accounts that you can create in one day.
2332//
2333//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
2334//      the number of accounts in an organization. If you need more accounts,
2335//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
2336//      request an increase in your limit. Or the number of invitations that you
2337//      tried to send would cause you to exceed the limit of accounts in your
2338//      organization. Send fewer invitations or contact AWS Support to request
2339//      an increase in the number of accounts. Deleted and closed accounts still
2340//      count toward your limit. If you get this exception when running a command
2341//      immediately after creating the organization, wait one hour and try again.
2342//      After an hour, if the command continues to fail with this error, contact
2343//      AWS Support (https://console.aws.amazon.com/support/home#/).
2344//
2345//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
2346//      register the master account of the organization as a delegated administrator
2347//      for an AWS service integrated with Organizations. You can designate only
2348//      a member account as a delegated administrator.
2349//
2350//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
2351//      an account that is registered as a delegated administrator for a service
2352//      integrated with your organization. To complete this operation, you must
2353//      first deregister this account as a delegated administrator.
2354//
2355//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
2356//      organization in the specified region, you must enable all features mode.
2357//
2358//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
2359//      an AWS account as a delegated administrator for an AWS service that already
2360//      has a delegated administrator. To complete this operation, you must first
2361//      deregister any existing delegated administrators for this service.
2362//
2363//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
2364//      valid for a limited period of time. You must resubmit the request and
2365//      generate a new verfication code.
2366//
2367//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
2368//      handshakes that you can send in one day.
2369//
2370//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
2371//      in this organization, you first must migrate the organization's master
2372//      account to the marketplace that corresponds to the master account's address.
2373//      For example, accounts with India addresses must be associated with the
2374//      AISPL marketplace. All accounts in an organization must be associated
2375//      with the same marketplace.
2376//
2377//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
2378//      in China. To create an organization, the master must have an valid business
2379//      license. For more information, contact customer support.
2380//
2381//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
2382//      must first provide a valid contact address and phone number for the master
2383//      account. Then try the operation again.
2384//
2385//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
2386//      master account must have an associated account in the AWS GovCloud (US-West)
2387//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
2388//      in the AWS GovCloud User Guide.
2389//
2390//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
2391//      with this master account, you first must associate a valid payment instrument,
2392//      such as a credit card, with the account. Follow the steps at To leave
2393//      an organization when all required account information has not yet been
2394//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
2395//      in the AWS Organizations User Guide.
2396//
2397//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
2398//      to register more delegated administrators than allowed for the service
2399//      principal.
2400//
2401//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
2402//      number of policies of a certain type that can be attached to an entity
2403//      at one time.
2404//
2405//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
2406//      on this resource.
2407//
2408//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
2409//      with this member account, you first must associate a valid payment instrument,
2410//      such as a credit card, with the account. Follow the steps at To leave
2411//      an organization when all required account information has not yet been
2412//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
2413//      in the AWS Organizations User Guide.
2414//
2415//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
2416//      policy from an entity that would cause the entity to have fewer than the
2417//      minimum number of policies of a certain type required.
2418//
2419//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
2420//      that requires the organization to be configured to support all features.
2421//      An organization that supports only consolidated billing features can't
2422//      perform this operation.
2423//
2424//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
2425//      too many levels deep.
2426//
2427//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
2428//      that you can have in an organization.
2429//
2430//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
2431//      is larger than the maximum size.
2432//
2433//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
2434//      policies that you can have in an organization.
2435//
2436//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
2437//      tags that are not compliant with the tag policy requirements for this
2438//      account.
2439//
2440//   * DuplicatePolicyException
2441//   A policy with the same name already exists.
2442//
2443//   * InvalidInputException
2444//   The requested operation failed because you provided invalid values for one
2445//   or more of the request parameters. This exception includes a reason that
2446//   contains additional information about the violated limit:
2447//
2448//   Some of the reasons in the following list might not be applicable to this
2449//   specific API or operation.
2450//
2451//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
2452//      can't be modified.
2453//
2454//      * INPUT_REQUIRED: You must include a value for all required parameters.
2455//
2456//      * INVALID_ENUM: You specified an invalid value.
2457//
2458//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
2459//      characters.
2460//
2461//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
2462//      at least one invalid value.
2463//
2464//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
2465//      from the response to a previous call of the operation.
2466//
2467//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
2468//      organization, or email) as a party.
2469//
2470//      * INVALID_PATTERN: You provided a value that doesn't match the required
2471//      pattern.
2472//
2473//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
2474//      match the required pattern.
2475//
2476//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
2477//      name can't begin with the reserved prefix AWSServiceRoleFor.
2478//
2479//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
2480//      Name (ARN) for the organization.
2481//
2482//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
2483//
2484//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
2485//      tag. You can’t add, edit, or delete system tag keys because they're
2486//      reserved for AWS use. System tags don’t count against your tags per
2487//      resource limit.
2488//
2489//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
2490//      for the operation.
2491//
2492//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
2493//      than allowed.
2494//
2495//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
2496//      value than allowed.
2497//
2498//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
2499//      than allowed.
2500//
2501//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
2502//      value than allowed.
2503//
2504//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
2505//      between entities in the same root.
2506//
2507//   * MalformedPolicyDocumentException
2508//   The provided policy document doesn't meet the requirements of the specified
2509//   policy type. For example, the syntax might be incorrect. For details about
2510//   service control policy syntax, see Service Control Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html)
2511//   in the AWS Organizations User Guide.
2512//
2513//   * PolicyTypeNotAvailableForOrganizationException
2514//   You can't use the specified policy type with the feature set currently enabled
2515//   for this organization. For example, you can enable SCPs only after you enable
2516//   all features in the organization. For more information, see Managing AWS
2517//   Organizations Policies (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root)in
2518//   the AWS Organizations User Guide.
2519//
2520//   * ServiceException
2521//   AWS Organizations can't complete your request because of an internal service
2522//   error. Try again later.
2523//
2524//   * TooManyRequestsException
2525//   You have sent too many requests in too short a period of time. The quota
2526//   helps protect against denial-of-service attacks. Try again later.
2527//
2528//   For information about quotas that affect AWS Organizations, see Quotas for
2529//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
2530//   the AWS Organizations User Guide.
2531//
2532//   * UnsupportedAPIEndpointException
2533//   This action isn't available in the current AWS Region.
2534//
2535// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicy
2536func (c *Organizations) CreatePolicy(input *CreatePolicyInput) (*CreatePolicyOutput, error) {
2537	req, out := c.CreatePolicyRequest(input)
2538	return out, req.Send()
2539}
2540
2541// CreatePolicyWithContext is the same as CreatePolicy with the addition of
2542// the ability to pass a context and additional request options.
2543//
2544// See CreatePolicy for details on how to use this API operation.
2545//
2546// The context must be non-nil and will be used for request cancellation. If
2547// the context is nil a panic will occur. In the future the SDK may create
2548// sub-contexts for http.Requests. See https://golang.org/pkg/context/
2549// for more information on using Contexts.
2550func (c *Organizations) CreatePolicyWithContext(ctx aws.Context, input *CreatePolicyInput, opts ...request.Option) (*CreatePolicyOutput, error) {
2551	req, out := c.CreatePolicyRequest(input)
2552	req.SetContext(ctx)
2553	req.ApplyOptions(opts...)
2554	return out, req.Send()
2555}
2556
2557const opDeclineHandshake = "DeclineHandshake"
2558
2559// DeclineHandshakeRequest generates a "aws/request.Request" representing the
2560// client's request for the DeclineHandshake operation. The "output" return
2561// value will be populated with the request's response once the request completes
2562// successfully.
2563//
2564// Use "Send" method on the returned Request to send the API call to the service.
2565// the "output" return value is not valid until after Send returns without error.
2566//
2567// See DeclineHandshake for more information on using the DeclineHandshake
2568// API call, and error handling.
2569//
2570// This method is useful when you want to inject custom logic or configuration
2571// into the SDK's request lifecycle. Such as custom headers, or retry logic.
2572//
2573//
2574//    // Example sending a request using the DeclineHandshakeRequest method.
2575//    req, resp := client.DeclineHandshakeRequest(params)
2576//
2577//    err := req.Send()
2578//    if err == nil { // resp is now filled
2579//        fmt.Println(resp)
2580//    }
2581//
2582// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeclineHandshake
2583func (c *Organizations) DeclineHandshakeRequest(input *DeclineHandshakeInput) (req *request.Request, output *DeclineHandshakeOutput) {
2584	op := &request.Operation{
2585		Name:       opDeclineHandshake,
2586		HTTPMethod: "POST",
2587		HTTPPath:   "/",
2588	}
2589
2590	if input == nil {
2591		input = &DeclineHandshakeInput{}
2592	}
2593
2594	output = &DeclineHandshakeOutput{}
2595	req = c.newRequest(op, input, output)
2596	return
2597}
2598
2599// DeclineHandshake API operation for AWS Organizations.
2600//
2601// Declines a handshake request. This sets the handshake state to DECLINED and
2602// effectively deactivates the request.
2603//
2604// This operation can be called only from the account that received the handshake.
2605// The originator of the handshake can use CancelHandshake instead. The originator
2606// can't reactivate a declined request, but can reinitiate the process with
2607// a new handshake request.
2608//
2609// After you decline a handshake, it continues to appear in the results of relevant
2610// APIs for only 30 days. After that, it's deleted.
2611//
2612// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
2613// with awserr.Error's Code and Message methods to get detailed information about
2614// the error.
2615//
2616// See the AWS API reference guide for AWS Organizations's
2617// API operation DeclineHandshake for usage and error information.
2618//
2619// Returned Error Types:
2620//   * AccessDeniedException
2621//   You don't have permissions to perform the requested operation. The user or
2622//   role that is making the request must have at least one IAM permissions policy
2623//   attached that grants the required permissions. For more information, see
2624//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
2625//   in the IAM User Guide.
2626//
2627//   * ConcurrentModificationException
2628//   The target of the operation is currently being modified by a different request.
2629//   Try again later.
2630//
2631//   * HandshakeNotFoundException
2632//   We can't find a handshake with the HandshakeId that you specified.
2633//
2634//   * InvalidHandshakeTransitionException
2635//   You can't perform the operation on the handshake in its current state. For
2636//   example, you can't cancel a handshake that was already accepted or accept
2637//   a handshake that was already declined.
2638//
2639//   * HandshakeAlreadyInStateException
2640//   The specified handshake is already in the requested state. For example, you
2641//   can't accept a handshake that was already accepted.
2642//
2643//   * InvalidInputException
2644//   The requested operation failed because you provided invalid values for one
2645//   or more of the request parameters. This exception includes a reason that
2646//   contains additional information about the violated limit:
2647//
2648//   Some of the reasons in the following list might not be applicable to this
2649//   specific API or operation.
2650//
2651//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
2652//      can't be modified.
2653//
2654//      * INPUT_REQUIRED: You must include a value for all required parameters.
2655//
2656//      * INVALID_ENUM: You specified an invalid value.
2657//
2658//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
2659//      characters.
2660//
2661//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
2662//      at least one invalid value.
2663//
2664//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
2665//      from the response to a previous call of the operation.
2666//
2667//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
2668//      organization, or email) as a party.
2669//
2670//      * INVALID_PATTERN: You provided a value that doesn't match the required
2671//      pattern.
2672//
2673//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
2674//      match the required pattern.
2675//
2676//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
2677//      name can't begin with the reserved prefix AWSServiceRoleFor.
2678//
2679//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
2680//      Name (ARN) for the organization.
2681//
2682//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
2683//
2684//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
2685//      tag. You can’t add, edit, or delete system tag keys because they're
2686//      reserved for AWS use. System tags don’t count against your tags per
2687//      resource limit.
2688//
2689//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
2690//      for the operation.
2691//
2692//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
2693//      than allowed.
2694//
2695//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
2696//      value than allowed.
2697//
2698//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
2699//      than allowed.
2700//
2701//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
2702//      value than allowed.
2703//
2704//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
2705//      between entities in the same root.
2706//
2707//   * ServiceException
2708//   AWS Organizations can't complete your request because of an internal service
2709//   error. Try again later.
2710//
2711//   * TooManyRequestsException
2712//   You have sent too many requests in too short a period of time. The quota
2713//   helps protect against denial-of-service attacks. Try again later.
2714//
2715//   For information about quotas that affect AWS Organizations, see Quotas for
2716//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
2717//   the AWS Organizations User Guide.
2718//
2719// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeclineHandshake
2720func (c *Organizations) DeclineHandshake(input *DeclineHandshakeInput) (*DeclineHandshakeOutput, error) {
2721	req, out := c.DeclineHandshakeRequest(input)
2722	return out, req.Send()
2723}
2724
2725// DeclineHandshakeWithContext is the same as DeclineHandshake with the addition of
2726// the ability to pass a context and additional request options.
2727//
2728// See DeclineHandshake for details on how to use this API operation.
2729//
2730// The context must be non-nil and will be used for request cancellation. If
2731// the context is nil a panic will occur. In the future the SDK may create
2732// sub-contexts for http.Requests. See https://golang.org/pkg/context/
2733// for more information on using Contexts.
2734func (c *Organizations) DeclineHandshakeWithContext(ctx aws.Context, input *DeclineHandshakeInput, opts ...request.Option) (*DeclineHandshakeOutput, error) {
2735	req, out := c.DeclineHandshakeRequest(input)
2736	req.SetContext(ctx)
2737	req.ApplyOptions(opts...)
2738	return out, req.Send()
2739}
2740
2741const opDeleteOrganization = "DeleteOrganization"
2742
2743// DeleteOrganizationRequest generates a "aws/request.Request" representing the
2744// client's request for the DeleteOrganization operation. The "output" return
2745// value will be populated with the request's response once the request completes
2746// successfully.
2747//
2748// Use "Send" method on the returned Request to send the API call to the service.
2749// the "output" return value is not valid until after Send returns without error.
2750//
2751// See DeleteOrganization for more information on using the DeleteOrganization
2752// API call, and error handling.
2753//
2754// This method is useful when you want to inject custom logic or configuration
2755// into the SDK's request lifecycle. Such as custom headers, or retry logic.
2756//
2757//
2758//    // Example sending a request using the DeleteOrganizationRequest method.
2759//    req, resp := client.DeleteOrganizationRequest(params)
2760//
2761//    err := req.Send()
2762//    if err == nil { // resp is now filled
2763//        fmt.Println(resp)
2764//    }
2765//
2766// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganization
2767func (c *Organizations) DeleteOrganizationRequest(input *DeleteOrganizationInput) (req *request.Request, output *DeleteOrganizationOutput) {
2768	op := &request.Operation{
2769		Name:       opDeleteOrganization,
2770		HTTPMethod: "POST",
2771		HTTPPath:   "/",
2772	}
2773
2774	if input == nil {
2775		input = &DeleteOrganizationInput{}
2776	}
2777
2778	output = &DeleteOrganizationOutput{}
2779	req = c.newRequest(op, input, output)
2780	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
2781	return
2782}
2783
2784// DeleteOrganization API operation for AWS Organizations.
2785//
2786// Deletes the organization. You can delete an organization only by using credentials
2787// from the master account. The organization must be empty of member accounts.
2788//
2789// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
2790// with awserr.Error's Code and Message methods to get detailed information about
2791// the error.
2792//
2793// See the AWS API reference guide for AWS Organizations's
2794// API operation DeleteOrganization for usage and error information.
2795//
2796// Returned Error Types:
2797//   * AccessDeniedException
2798//   You don't have permissions to perform the requested operation. The user or
2799//   role that is making the request must have at least one IAM permissions policy
2800//   attached that grants the required permissions. For more information, see
2801//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
2802//   in the IAM User Guide.
2803//
2804//   * AWSOrganizationsNotInUseException
2805//   Your account isn't a member of an organization. To make this request, you
2806//   must use the credentials of an account that belongs to an organization.
2807//
2808//   * ConcurrentModificationException
2809//   The target of the operation is currently being modified by a different request.
2810//   Try again later.
2811//
2812//   * InvalidInputException
2813//   The requested operation failed because you provided invalid values for one
2814//   or more of the request parameters. This exception includes a reason that
2815//   contains additional information about the violated limit:
2816//
2817//   Some of the reasons in the following list might not be applicable to this
2818//   specific API or operation.
2819//
2820//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
2821//      can't be modified.
2822//
2823//      * INPUT_REQUIRED: You must include a value for all required parameters.
2824//
2825//      * INVALID_ENUM: You specified an invalid value.
2826//
2827//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
2828//      characters.
2829//
2830//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
2831//      at least one invalid value.
2832//
2833//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
2834//      from the response to a previous call of the operation.
2835//
2836//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
2837//      organization, or email) as a party.
2838//
2839//      * INVALID_PATTERN: You provided a value that doesn't match the required
2840//      pattern.
2841//
2842//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
2843//      match the required pattern.
2844//
2845//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
2846//      name can't begin with the reserved prefix AWSServiceRoleFor.
2847//
2848//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
2849//      Name (ARN) for the organization.
2850//
2851//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
2852//
2853//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
2854//      tag. You can’t add, edit, or delete system tag keys because they're
2855//      reserved for AWS use. System tags don’t count against your tags per
2856//      resource limit.
2857//
2858//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
2859//      for the operation.
2860//
2861//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
2862//      than allowed.
2863//
2864//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
2865//      value than allowed.
2866//
2867//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
2868//      than allowed.
2869//
2870//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
2871//      value than allowed.
2872//
2873//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
2874//      between entities in the same root.
2875//
2876//   * OrganizationNotEmptyException
2877//   The organization isn't empty. To delete an organization, you must first remove
2878//   all accounts except the master account, delete all OUs, and delete all policies.
2879//
2880//   * ServiceException
2881//   AWS Organizations can't complete your request because of an internal service
2882//   error. Try again later.
2883//
2884//   * TooManyRequestsException
2885//   You have sent too many requests in too short a period of time. The quota
2886//   helps protect against denial-of-service attacks. Try again later.
2887//
2888//   For information about quotas that affect AWS Organizations, see Quotas for
2889//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
2890//   the AWS Organizations User Guide.
2891//
2892// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganization
2893func (c *Organizations) DeleteOrganization(input *DeleteOrganizationInput) (*DeleteOrganizationOutput, error) {
2894	req, out := c.DeleteOrganizationRequest(input)
2895	return out, req.Send()
2896}
2897
2898// DeleteOrganizationWithContext is the same as DeleteOrganization with the addition of
2899// the ability to pass a context and additional request options.
2900//
2901// See DeleteOrganization for details on how to use this API operation.
2902//
2903// The context must be non-nil and will be used for request cancellation. If
2904// the context is nil a panic will occur. In the future the SDK may create
2905// sub-contexts for http.Requests. See https://golang.org/pkg/context/
2906// for more information on using Contexts.
2907func (c *Organizations) DeleteOrganizationWithContext(ctx aws.Context, input *DeleteOrganizationInput, opts ...request.Option) (*DeleteOrganizationOutput, error) {
2908	req, out := c.DeleteOrganizationRequest(input)
2909	req.SetContext(ctx)
2910	req.ApplyOptions(opts...)
2911	return out, req.Send()
2912}
2913
2914const opDeleteOrganizationalUnit = "DeleteOrganizationalUnit"
2915
2916// DeleteOrganizationalUnitRequest generates a "aws/request.Request" representing the
2917// client's request for the DeleteOrganizationalUnit operation. The "output" return
2918// value will be populated with the request's response once the request completes
2919// successfully.
2920//
2921// Use "Send" method on the returned Request to send the API call to the service.
2922// the "output" return value is not valid until after Send returns without error.
2923//
2924// See DeleteOrganizationalUnit for more information on using the DeleteOrganizationalUnit
2925// API call, and error handling.
2926//
2927// This method is useful when you want to inject custom logic or configuration
2928// into the SDK's request lifecycle. Such as custom headers, or retry logic.
2929//
2930//
2931//    // Example sending a request using the DeleteOrganizationalUnitRequest method.
2932//    req, resp := client.DeleteOrganizationalUnitRequest(params)
2933//
2934//    err := req.Send()
2935//    if err == nil { // resp is now filled
2936//        fmt.Println(resp)
2937//    }
2938//
2939// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganizationalUnit
2940func (c *Organizations) DeleteOrganizationalUnitRequest(input *DeleteOrganizationalUnitInput) (req *request.Request, output *DeleteOrganizationalUnitOutput) {
2941	op := &request.Operation{
2942		Name:       opDeleteOrganizationalUnit,
2943		HTTPMethod: "POST",
2944		HTTPPath:   "/",
2945	}
2946
2947	if input == nil {
2948		input = &DeleteOrganizationalUnitInput{}
2949	}
2950
2951	output = &DeleteOrganizationalUnitOutput{}
2952	req = c.newRequest(op, input, output)
2953	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
2954	return
2955}
2956
2957// DeleteOrganizationalUnit API operation for AWS Organizations.
2958//
2959// Deletes an organizational unit (OU) from a root or another OU. You must first
2960// remove all accounts and child OUs from the OU that you want to delete.
2961//
2962// This operation can be called only from the organization's master account.
2963//
2964// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
2965// with awserr.Error's Code and Message methods to get detailed information about
2966// the error.
2967//
2968// See the AWS API reference guide for AWS Organizations's
2969// API operation DeleteOrganizationalUnit for usage and error information.
2970//
2971// Returned Error Types:
2972//   * AccessDeniedException
2973//   You don't have permissions to perform the requested operation. The user or
2974//   role that is making the request must have at least one IAM permissions policy
2975//   attached that grants the required permissions. For more information, see
2976//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
2977//   in the IAM User Guide.
2978//
2979//   * AWSOrganizationsNotInUseException
2980//   Your account isn't a member of an organization. To make this request, you
2981//   must use the credentials of an account that belongs to an organization.
2982//
2983//   * ConcurrentModificationException
2984//   The target of the operation is currently being modified by a different request.
2985//   Try again later.
2986//
2987//   * InvalidInputException
2988//   The requested operation failed because you provided invalid values for one
2989//   or more of the request parameters. This exception includes a reason that
2990//   contains additional information about the violated limit:
2991//
2992//   Some of the reasons in the following list might not be applicable to this
2993//   specific API or operation.
2994//
2995//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
2996//      can't be modified.
2997//
2998//      * INPUT_REQUIRED: You must include a value for all required parameters.
2999//
3000//      * INVALID_ENUM: You specified an invalid value.
3001//
3002//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
3003//      characters.
3004//
3005//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
3006//      at least one invalid value.
3007//
3008//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
3009//      from the response to a previous call of the operation.
3010//
3011//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
3012//      organization, or email) as a party.
3013//
3014//      * INVALID_PATTERN: You provided a value that doesn't match the required
3015//      pattern.
3016//
3017//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
3018//      match the required pattern.
3019//
3020//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
3021//      name can't begin with the reserved prefix AWSServiceRoleFor.
3022//
3023//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
3024//      Name (ARN) for the organization.
3025//
3026//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
3027//
3028//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
3029//      tag. You can’t add, edit, or delete system tag keys because they're
3030//      reserved for AWS use. System tags don’t count against your tags per
3031//      resource limit.
3032//
3033//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
3034//      for the operation.
3035//
3036//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
3037//      than allowed.
3038//
3039//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
3040//      value than allowed.
3041//
3042//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
3043//      than allowed.
3044//
3045//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
3046//      value than allowed.
3047//
3048//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
3049//      between entities in the same root.
3050//
3051//   * OrganizationalUnitNotEmptyException
3052//   The specified OU is not empty. Move all accounts to another root or to other
3053//   OUs, remove all child OUs, and try the operation again.
3054//
3055//   * OrganizationalUnitNotFoundException
3056//   We can't find an OU with the OrganizationalUnitId that you specified.
3057//
3058//   * ServiceException
3059//   AWS Organizations can't complete your request because of an internal service
3060//   error. Try again later.
3061//
3062//   * TooManyRequestsException
3063//   You have sent too many requests in too short a period of time. The quota
3064//   helps protect against denial-of-service attacks. Try again later.
3065//
3066//   For information about quotas that affect AWS Organizations, see Quotas for
3067//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
3068//   the AWS Organizations User Guide.
3069//
3070// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganizationalUnit
3071func (c *Organizations) DeleteOrganizationalUnit(input *DeleteOrganizationalUnitInput) (*DeleteOrganizationalUnitOutput, error) {
3072	req, out := c.DeleteOrganizationalUnitRequest(input)
3073	return out, req.Send()
3074}
3075
3076// DeleteOrganizationalUnitWithContext is the same as DeleteOrganizationalUnit with the addition of
3077// the ability to pass a context and additional request options.
3078//
3079// See DeleteOrganizationalUnit for details on how to use this API operation.
3080//
3081// The context must be non-nil and will be used for request cancellation. If
3082// the context is nil a panic will occur. In the future the SDK may create
3083// sub-contexts for http.Requests. See https://golang.org/pkg/context/
3084// for more information on using Contexts.
3085func (c *Organizations) DeleteOrganizationalUnitWithContext(ctx aws.Context, input *DeleteOrganizationalUnitInput, opts ...request.Option) (*DeleteOrganizationalUnitOutput, error) {
3086	req, out := c.DeleteOrganizationalUnitRequest(input)
3087	req.SetContext(ctx)
3088	req.ApplyOptions(opts...)
3089	return out, req.Send()
3090}
3091
3092const opDeletePolicy = "DeletePolicy"
3093
3094// DeletePolicyRequest generates a "aws/request.Request" representing the
3095// client's request for the DeletePolicy operation. The "output" return
3096// value will be populated with the request's response once the request completes
3097// successfully.
3098//
3099// Use "Send" method on the returned Request to send the API call to the service.
3100// the "output" return value is not valid until after Send returns without error.
3101//
3102// See DeletePolicy for more information on using the DeletePolicy
3103// API call, and error handling.
3104//
3105// This method is useful when you want to inject custom logic or configuration
3106// into the SDK's request lifecycle. Such as custom headers, or retry logic.
3107//
3108//
3109//    // Example sending a request using the DeletePolicyRequest method.
3110//    req, resp := client.DeletePolicyRequest(params)
3111//
3112//    err := req.Send()
3113//    if err == nil { // resp is now filled
3114//        fmt.Println(resp)
3115//    }
3116//
3117// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeletePolicy
3118func (c *Organizations) DeletePolicyRequest(input *DeletePolicyInput) (req *request.Request, output *DeletePolicyOutput) {
3119	op := &request.Operation{
3120		Name:       opDeletePolicy,
3121		HTTPMethod: "POST",
3122		HTTPPath:   "/",
3123	}
3124
3125	if input == nil {
3126		input = &DeletePolicyInput{}
3127	}
3128
3129	output = &DeletePolicyOutput{}
3130	req = c.newRequest(op, input, output)
3131	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
3132	return
3133}
3134
3135// DeletePolicy API operation for AWS Organizations.
3136//
3137// Deletes the specified policy from your organization. Before you perform this
3138// operation, you must first detach the policy from all organizational units
3139// (OUs), roots, and accounts.
3140//
3141// This operation can be called only from the organization's master account.
3142//
3143// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
3144// with awserr.Error's Code and Message methods to get detailed information about
3145// the error.
3146//
3147// See the AWS API reference guide for AWS Organizations's
3148// API operation DeletePolicy for usage and error information.
3149//
3150// Returned Error Types:
3151//   * AccessDeniedException
3152//   You don't have permissions to perform the requested operation. The user or
3153//   role that is making the request must have at least one IAM permissions policy
3154//   attached that grants the required permissions. For more information, see
3155//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
3156//   in the IAM User Guide.
3157//
3158//   * AWSOrganizationsNotInUseException
3159//   Your account isn't a member of an organization. To make this request, you
3160//   must use the credentials of an account that belongs to an organization.
3161//
3162//   * ConcurrentModificationException
3163//   The target of the operation is currently being modified by a different request.
3164//   Try again later.
3165//
3166//   * InvalidInputException
3167//   The requested operation failed because you provided invalid values for one
3168//   or more of the request parameters. This exception includes a reason that
3169//   contains additional information about the violated limit:
3170//
3171//   Some of the reasons in the following list might not be applicable to this
3172//   specific API or operation.
3173//
3174//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
3175//      can't be modified.
3176//
3177//      * INPUT_REQUIRED: You must include a value for all required parameters.
3178//
3179//      * INVALID_ENUM: You specified an invalid value.
3180//
3181//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
3182//      characters.
3183//
3184//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
3185//      at least one invalid value.
3186//
3187//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
3188//      from the response to a previous call of the operation.
3189//
3190//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
3191//      organization, or email) as a party.
3192//
3193//      * INVALID_PATTERN: You provided a value that doesn't match the required
3194//      pattern.
3195//
3196//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
3197//      match the required pattern.
3198//
3199//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
3200//      name can't begin with the reserved prefix AWSServiceRoleFor.
3201//
3202//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
3203//      Name (ARN) for the organization.
3204//
3205//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
3206//
3207//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
3208//      tag. You can’t add, edit, or delete system tag keys because they're
3209//      reserved for AWS use. System tags don’t count against your tags per
3210//      resource limit.
3211//
3212//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
3213//      for the operation.
3214//
3215//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
3216//      than allowed.
3217//
3218//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
3219//      value than allowed.
3220//
3221//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
3222//      than allowed.
3223//
3224//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
3225//      value than allowed.
3226//
3227//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
3228//      between entities in the same root.
3229//
3230//   * PolicyInUseException
3231//   The policy is attached to one or more entities. You must detach it from all
3232//   roots, OUs, and accounts before performing this operation.
3233//
3234//   * PolicyNotFoundException
3235//   We can't find a policy with the PolicyId that you specified.
3236//
3237//   * ServiceException
3238//   AWS Organizations can't complete your request because of an internal service
3239//   error. Try again later.
3240//
3241//   * TooManyRequestsException
3242//   You have sent too many requests in too short a period of time. The quota
3243//   helps protect against denial-of-service attacks. Try again later.
3244//
3245//   For information about quotas that affect AWS Organizations, see Quotas for
3246//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
3247//   the AWS Organizations User Guide.
3248//
3249//   * UnsupportedAPIEndpointException
3250//   This action isn't available in the current AWS Region.
3251//
3252// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeletePolicy
3253func (c *Organizations) DeletePolicy(input *DeletePolicyInput) (*DeletePolicyOutput, error) {
3254	req, out := c.DeletePolicyRequest(input)
3255	return out, req.Send()
3256}
3257
3258// DeletePolicyWithContext is the same as DeletePolicy with the addition of
3259// the ability to pass a context and additional request options.
3260//
3261// See DeletePolicy for details on how to use this API operation.
3262//
3263// The context must be non-nil and will be used for request cancellation. If
3264// the context is nil a panic will occur. In the future the SDK may create
3265// sub-contexts for http.Requests. See https://golang.org/pkg/context/
3266// for more information on using Contexts.
3267func (c *Organizations) DeletePolicyWithContext(ctx aws.Context, input *DeletePolicyInput, opts ...request.Option) (*DeletePolicyOutput, error) {
3268	req, out := c.DeletePolicyRequest(input)
3269	req.SetContext(ctx)
3270	req.ApplyOptions(opts...)
3271	return out, req.Send()
3272}
3273
3274const opDeregisterDelegatedAdministrator = "DeregisterDelegatedAdministrator"
3275
3276// DeregisterDelegatedAdministratorRequest generates a "aws/request.Request" representing the
3277// client's request for the DeregisterDelegatedAdministrator operation. The "output" return
3278// value will be populated with the request's response once the request completes
3279// successfully.
3280//
3281// Use "Send" method on the returned Request to send the API call to the service.
3282// the "output" return value is not valid until after Send returns without error.
3283//
3284// See DeregisterDelegatedAdministrator for more information on using the DeregisterDelegatedAdministrator
3285// API call, and error handling.
3286//
3287// This method is useful when you want to inject custom logic or configuration
3288// into the SDK's request lifecycle. Such as custom headers, or retry logic.
3289//
3290//
3291//    // Example sending a request using the DeregisterDelegatedAdministratorRequest method.
3292//    req, resp := client.DeregisterDelegatedAdministratorRequest(params)
3293//
3294//    err := req.Send()
3295//    if err == nil { // resp is now filled
3296//        fmt.Println(resp)
3297//    }
3298//
3299// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeregisterDelegatedAdministrator
3300func (c *Organizations) DeregisterDelegatedAdministratorRequest(input *DeregisterDelegatedAdministratorInput) (req *request.Request, output *DeregisterDelegatedAdministratorOutput) {
3301	op := &request.Operation{
3302		Name:       opDeregisterDelegatedAdministrator,
3303		HTTPMethod: "POST",
3304		HTTPPath:   "/",
3305	}
3306
3307	if input == nil {
3308		input = &DeregisterDelegatedAdministratorInput{}
3309	}
3310
3311	output = &DeregisterDelegatedAdministratorOutput{}
3312	req = c.newRequest(op, input, output)
3313	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
3314	return
3315}
3316
3317// DeregisterDelegatedAdministrator API operation for AWS Organizations.
3318//
3319// Removes the specified member AWS account as a delegated administrator for
3320// the specified AWS service.
3321//
3322// Deregistering a delegated administrator can have unintended impacts on the
3323// functionality of the enabled AWS service. See the documentation for the enabled
3324// service before you deregister a delegated administrator so that you understand
3325// any potential impacts.
3326//
3327// You can run this action only for AWS services that support this feature.
3328// For a current list of services that support it, see the column Supports Delegated
3329// Administrator in the table at AWS Services that you can use with AWS Organizations
3330// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrated-services-list.html)
3331// in the AWS Organizations User Guide.
3332//
3333// This operation can be called only from the organization's master account.
3334//
3335// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
3336// with awserr.Error's Code and Message methods to get detailed information about
3337// the error.
3338//
3339// See the AWS API reference guide for AWS Organizations's
3340// API operation DeregisterDelegatedAdministrator for usage and error information.
3341//
3342// Returned Error Types:
3343//   * AccessDeniedException
3344//   You don't have permissions to perform the requested operation. The user or
3345//   role that is making the request must have at least one IAM permissions policy
3346//   attached that grants the required permissions. For more information, see
3347//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
3348//   in the IAM User Guide.
3349//
3350//   * AccountNotFoundException
3351//   We can't find an AWS account with the AccountId that you specified, or the
3352//   account whose credentials you used to make this request isn't a member of
3353//   an organization.
3354//
3355//   * AccountNotRegisteredException
3356//   The specified account is not a delegated administrator for this AWS service.
3357//
3358//   * AWSOrganizationsNotInUseException
3359//   Your account isn't a member of an organization. To make this request, you
3360//   must use the credentials of an account that belongs to an organization.
3361//
3362//   * ConcurrentModificationException
3363//   The target of the operation is currently being modified by a different request.
3364//   Try again later.
3365//
3366//   * ConstraintViolationException
3367//   Performing this operation violates a minimum or maximum value limit. For
3368//   example, attempting to remove the last service control policy (SCP) from
3369//   an OU or root, inviting or creating too many accounts to the organization,
3370//   or attaching too many policies to an account, OU, or root. This exception
3371//   includes a reason that contains additional information about the violated
3372//   limit:
3373//
3374//   Some of the reasons in the following list might not be applicable to this
3375//   specific API or operation.
3376//
3377//      * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master
3378//      account from the organization. You can't remove the master account. Instead,
3379//      after you remove all member accounts, delete the organization itself.
3380//
3381//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
3382//      from the organization that doesn't yet have enough information to exist
3383//      as a standalone account. This account requires you to first agree to the
3384//      AWS Customer Agreement. Follow the steps at Removing a member account
3385//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
3386//      the AWS Organizations User Guide.
3387//
3388//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
3389//      an account from the organization that doesn't yet have enough information
3390//      to exist as a standalone account. This account requires you to first complete
3391//      phone verification. Follow the steps at Removing a member account from
3392//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
3393//      in the AWS Organizations User Guide.
3394//
3395//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
3396//      of accounts that you can create in one day.
3397//
3398//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
3399//      the number of accounts in an organization. If you need more accounts,
3400//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
3401//      request an increase in your limit. Or the number of invitations that you
3402//      tried to send would cause you to exceed the limit of accounts in your
3403//      organization. Send fewer invitations or contact AWS Support to request
3404//      an increase in the number of accounts. Deleted and closed accounts still
3405//      count toward your limit. If you get this exception when running a command
3406//      immediately after creating the organization, wait one hour and try again.
3407//      After an hour, if the command continues to fail with this error, contact
3408//      AWS Support (https://console.aws.amazon.com/support/home#/).
3409//
3410//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
3411//      register the master account of the organization as a delegated administrator
3412//      for an AWS service integrated with Organizations. You can designate only
3413//      a member account as a delegated administrator.
3414//
3415//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
3416//      an account that is registered as a delegated administrator for a service
3417//      integrated with your organization. To complete this operation, you must
3418//      first deregister this account as a delegated administrator.
3419//
3420//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
3421//      organization in the specified region, you must enable all features mode.
3422//
3423//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
3424//      an AWS account as a delegated administrator for an AWS service that already
3425//      has a delegated administrator. To complete this operation, you must first
3426//      deregister any existing delegated administrators for this service.
3427//
3428//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
3429//      valid for a limited period of time. You must resubmit the request and
3430//      generate a new verfication code.
3431//
3432//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
3433//      handshakes that you can send in one day.
3434//
3435//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
3436//      in this organization, you first must migrate the organization's master
3437//      account to the marketplace that corresponds to the master account's address.
3438//      For example, accounts with India addresses must be associated with the
3439//      AISPL marketplace. All accounts in an organization must be associated
3440//      with the same marketplace.
3441//
3442//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
3443//      in China. To create an organization, the master must have an valid business
3444//      license. For more information, contact customer support.
3445//
3446//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
3447//      must first provide a valid contact address and phone number for the master
3448//      account. Then try the operation again.
3449//
3450//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
3451//      master account must have an associated account in the AWS GovCloud (US-West)
3452//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
3453//      in the AWS GovCloud User Guide.
3454//
3455//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
3456//      with this master account, you first must associate a valid payment instrument,
3457//      such as a credit card, with the account. Follow the steps at To leave
3458//      an organization when all required account information has not yet been
3459//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
3460//      in the AWS Organizations User Guide.
3461//
3462//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
3463//      to register more delegated administrators than allowed for the service
3464//      principal.
3465//
3466//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
3467//      number of policies of a certain type that can be attached to an entity
3468//      at one time.
3469//
3470//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
3471//      on this resource.
3472//
3473//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
3474//      with this member account, you first must associate a valid payment instrument,
3475//      such as a credit card, with the account. Follow the steps at To leave
3476//      an organization when all required account information has not yet been
3477//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
3478//      in the AWS Organizations User Guide.
3479//
3480//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
3481//      policy from an entity that would cause the entity to have fewer than the
3482//      minimum number of policies of a certain type required.
3483//
3484//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
3485//      that requires the organization to be configured to support all features.
3486//      An organization that supports only consolidated billing features can't
3487//      perform this operation.
3488//
3489//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
3490//      too many levels deep.
3491//
3492//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
3493//      that you can have in an organization.
3494//
3495//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
3496//      is larger than the maximum size.
3497//
3498//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
3499//      policies that you can have in an organization.
3500//
3501//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
3502//      tags that are not compliant with the tag policy requirements for this
3503//      account.
3504//
3505//   * InvalidInputException
3506//   The requested operation failed because you provided invalid values for one
3507//   or more of the request parameters. This exception includes a reason that
3508//   contains additional information about the violated limit:
3509//
3510//   Some of the reasons in the following list might not be applicable to this
3511//   specific API or operation.
3512//
3513//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
3514//      can't be modified.
3515//
3516//      * INPUT_REQUIRED: You must include a value for all required parameters.
3517//
3518//      * INVALID_ENUM: You specified an invalid value.
3519//
3520//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
3521//      characters.
3522//
3523//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
3524//      at least one invalid value.
3525//
3526//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
3527//      from the response to a previous call of the operation.
3528//
3529//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
3530//      organization, or email) as a party.
3531//
3532//      * INVALID_PATTERN: You provided a value that doesn't match the required
3533//      pattern.
3534//
3535//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
3536//      match the required pattern.
3537//
3538//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
3539//      name can't begin with the reserved prefix AWSServiceRoleFor.
3540//
3541//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
3542//      Name (ARN) for the organization.
3543//
3544//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
3545//
3546//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
3547//      tag. You can’t add, edit, or delete system tag keys because they're
3548//      reserved for AWS use. System tags don’t count against your tags per
3549//      resource limit.
3550//
3551//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
3552//      for the operation.
3553//
3554//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
3555//      than allowed.
3556//
3557//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
3558//      value than allowed.
3559//
3560//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
3561//      than allowed.
3562//
3563//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
3564//      value than allowed.
3565//
3566//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
3567//      between entities in the same root.
3568//
3569//   * TooManyRequestsException
3570//   You have sent too many requests in too short a period of time. The quota
3571//   helps protect against denial-of-service attacks. Try again later.
3572//
3573//   For information about quotas that affect AWS Organizations, see Quotas for
3574//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
3575//   the AWS Organizations User Guide.
3576//
3577//   * ServiceException
3578//   AWS Organizations can't complete your request because of an internal service
3579//   error. Try again later.
3580//
3581//   * UnsupportedAPIEndpointException
3582//   This action isn't available in the current AWS Region.
3583//
3584// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeregisterDelegatedAdministrator
3585func (c *Organizations) DeregisterDelegatedAdministrator(input *DeregisterDelegatedAdministratorInput) (*DeregisterDelegatedAdministratorOutput, error) {
3586	req, out := c.DeregisterDelegatedAdministratorRequest(input)
3587	return out, req.Send()
3588}
3589
3590// DeregisterDelegatedAdministratorWithContext is the same as DeregisterDelegatedAdministrator with the addition of
3591// the ability to pass a context and additional request options.
3592//
3593// See DeregisterDelegatedAdministrator for details on how to use this API operation.
3594//
3595// The context must be non-nil and will be used for request cancellation. If
3596// the context is nil a panic will occur. In the future the SDK may create
3597// sub-contexts for http.Requests. See https://golang.org/pkg/context/
3598// for more information on using Contexts.
3599func (c *Organizations) DeregisterDelegatedAdministratorWithContext(ctx aws.Context, input *DeregisterDelegatedAdministratorInput, opts ...request.Option) (*DeregisterDelegatedAdministratorOutput, error) {
3600	req, out := c.DeregisterDelegatedAdministratorRequest(input)
3601	req.SetContext(ctx)
3602	req.ApplyOptions(opts...)
3603	return out, req.Send()
3604}
3605
3606const opDescribeAccount = "DescribeAccount"
3607
3608// DescribeAccountRequest generates a "aws/request.Request" representing the
3609// client's request for the DescribeAccount operation. The "output" return
3610// value will be populated with the request's response once the request completes
3611// successfully.
3612//
3613// Use "Send" method on the returned Request to send the API call to the service.
3614// the "output" return value is not valid until after Send returns without error.
3615//
3616// See DescribeAccount for more information on using the DescribeAccount
3617// API call, and error handling.
3618//
3619// This method is useful when you want to inject custom logic or configuration
3620// into the SDK's request lifecycle. Such as custom headers, or retry logic.
3621//
3622//
3623//    // Example sending a request using the DescribeAccountRequest method.
3624//    req, resp := client.DescribeAccountRequest(params)
3625//
3626//    err := req.Send()
3627//    if err == nil { // resp is now filled
3628//        fmt.Println(resp)
3629//    }
3630//
3631// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeAccount
3632func (c *Organizations) DescribeAccountRequest(input *DescribeAccountInput) (req *request.Request, output *DescribeAccountOutput) {
3633	op := &request.Operation{
3634		Name:       opDescribeAccount,
3635		HTTPMethod: "POST",
3636		HTTPPath:   "/",
3637	}
3638
3639	if input == nil {
3640		input = &DescribeAccountInput{}
3641	}
3642
3643	output = &DescribeAccountOutput{}
3644	req = c.newRequest(op, input, output)
3645	return
3646}
3647
3648// DescribeAccount API operation for AWS Organizations.
3649//
3650// Retrieves AWS Organizations-related information about the specified account.
3651//
3652// This operation can be called only from the organization's master account
3653// or by a member account that is a delegated administrator for an AWS service.
3654//
3655// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
3656// with awserr.Error's Code and Message methods to get detailed information about
3657// the error.
3658//
3659// See the AWS API reference guide for AWS Organizations's
3660// API operation DescribeAccount for usage and error information.
3661//
3662// Returned Error Types:
3663//   * AccessDeniedException
3664//   You don't have permissions to perform the requested operation. The user or
3665//   role that is making the request must have at least one IAM permissions policy
3666//   attached that grants the required permissions. For more information, see
3667//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
3668//   in the IAM User Guide.
3669//
3670//   * AccountNotFoundException
3671//   We can't find an AWS account with the AccountId that you specified, or the
3672//   account whose credentials you used to make this request isn't a member of
3673//   an organization.
3674//
3675//   * AWSOrganizationsNotInUseException
3676//   Your account isn't a member of an organization. To make this request, you
3677//   must use the credentials of an account that belongs to an organization.
3678//
3679//   * InvalidInputException
3680//   The requested operation failed because you provided invalid values for one
3681//   or more of the request parameters. This exception includes a reason that
3682//   contains additional information about the violated limit:
3683//
3684//   Some of the reasons in the following list might not be applicable to this
3685//   specific API or operation.
3686//
3687//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
3688//      can't be modified.
3689//
3690//      * INPUT_REQUIRED: You must include a value for all required parameters.
3691//
3692//      * INVALID_ENUM: You specified an invalid value.
3693//
3694//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
3695//      characters.
3696//
3697//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
3698//      at least one invalid value.
3699//
3700//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
3701//      from the response to a previous call of the operation.
3702//
3703//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
3704//      organization, or email) as a party.
3705//
3706//      * INVALID_PATTERN: You provided a value that doesn't match the required
3707//      pattern.
3708//
3709//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
3710//      match the required pattern.
3711//
3712//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
3713//      name can't begin with the reserved prefix AWSServiceRoleFor.
3714//
3715//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
3716//      Name (ARN) for the organization.
3717//
3718//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
3719//
3720//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
3721//      tag. You can’t add, edit, or delete system tag keys because they're
3722//      reserved for AWS use. System tags don’t count against your tags per
3723//      resource limit.
3724//
3725//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
3726//      for the operation.
3727//
3728//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
3729//      than allowed.
3730//
3731//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
3732//      value than allowed.
3733//
3734//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
3735//      than allowed.
3736//
3737//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
3738//      value than allowed.
3739//
3740//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
3741//      between entities in the same root.
3742//
3743//   * ServiceException
3744//   AWS Organizations can't complete your request because of an internal service
3745//   error. Try again later.
3746//
3747//   * TooManyRequestsException
3748//   You have sent too many requests in too short a period of time. The quota
3749//   helps protect against denial-of-service attacks. Try again later.
3750//
3751//   For information about quotas that affect AWS Organizations, see Quotas for
3752//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
3753//   the AWS Organizations User Guide.
3754//
3755// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeAccount
3756func (c *Organizations) DescribeAccount(input *DescribeAccountInput) (*DescribeAccountOutput, error) {
3757	req, out := c.DescribeAccountRequest(input)
3758	return out, req.Send()
3759}
3760
3761// DescribeAccountWithContext is the same as DescribeAccount with the addition of
3762// the ability to pass a context and additional request options.
3763//
3764// See DescribeAccount for details on how to use this API operation.
3765//
3766// The context must be non-nil and will be used for request cancellation. If
3767// the context is nil a panic will occur. In the future the SDK may create
3768// sub-contexts for http.Requests. See https://golang.org/pkg/context/
3769// for more information on using Contexts.
3770func (c *Organizations) DescribeAccountWithContext(ctx aws.Context, input *DescribeAccountInput, opts ...request.Option) (*DescribeAccountOutput, error) {
3771	req, out := c.DescribeAccountRequest(input)
3772	req.SetContext(ctx)
3773	req.ApplyOptions(opts...)
3774	return out, req.Send()
3775}
3776
3777const opDescribeCreateAccountStatus = "DescribeCreateAccountStatus"
3778
3779// DescribeCreateAccountStatusRequest generates a "aws/request.Request" representing the
3780// client's request for the DescribeCreateAccountStatus operation. The "output" return
3781// value will be populated with the request's response once the request completes
3782// successfully.
3783//
3784// Use "Send" method on the returned Request to send the API call to the service.
3785// the "output" return value is not valid until after Send returns without error.
3786//
3787// See DescribeCreateAccountStatus for more information on using the DescribeCreateAccountStatus
3788// API call, and error handling.
3789//
3790// This method is useful when you want to inject custom logic or configuration
3791// into the SDK's request lifecycle. Such as custom headers, or retry logic.
3792//
3793//
3794//    // Example sending a request using the DescribeCreateAccountStatusRequest method.
3795//    req, resp := client.DescribeCreateAccountStatusRequest(params)
3796//
3797//    err := req.Send()
3798//    if err == nil { // resp is now filled
3799//        fmt.Println(resp)
3800//    }
3801//
3802// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus
3803func (c *Organizations) DescribeCreateAccountStatusRequest(input *DescribeCreateAccountStatusInput) (req *request.Request, output *DescribeCreateAccountStatusOutput) {
3804	op := &request.Operation{
3805		Name:       opDescribeCreateAccountStatus,
3806		HTTPMethod: "POST",
3807		HTTPPath:   "/",
3808	}
3809
3810	if input == nil {
3811		input = &DescribeCreateAccountStatusInput{}
3812	}
3813
3814	output = &DescribeCreateAccountStatusOutput{}
3815	req = c.newRequest(op, input, output)
3816	return
3817}
3818
3819// DescribeCreateAccountStatus API operation for AWS Organizations.
3820//
3821// Retrieves the current status of an asynchronous request to create an account.
3822//
3823// This operation can be called only from the organization's master account
3824// or by a member account that is a delegated administrator for an AWS service.
3825//
3826// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
3827// with awserr.Error's Code and Message methods to get detailed information about
3828// the error.
3829//
3830// See the AWS API reference guide for AWS Organizations's
3831// API operation DescribeCreateAccountStatus for usage and error information.
3832//
3833// Returned Error Types:
3834//   * AccessDeniedException
3835//   You don't have permissions to perform the requested operation. The user or
3836//   role that is making the request must have at least one IAM permissions policy
3837//   attached that grants the required permissions. For more information, see
3838//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
3839//   in the IAM User Guide.
3840//
3841//   * AWSOrganizationsNotInUseException
3842//   Your account isn't a member of an organization. To make this request, you
3843//   must use the credentials of an account that belongs to an organization.
3844//
3845//   * CreateAccountStatusNotFoundException
3846//   We can't find an create account request with the CreateAccountRequestId that
3847//   you specified.
3848//
3849//   * InvalidInputException
3850//   The requested operation failed because you provided invalid values for one
3851//   or more of the request parameters. This exception includes a reason that
3852//   contains additional information about the violated limit:
3853//
3854//   Some of the reasons in the following list might not be applicable to this
3855//   specific API or operation.
3856//
3857//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
3858//      can't be modified.
3859//
3860//      * INPUT_REQUIRED: You must include a value for all required parameters.
3861//
3862//      * INVALID_ENUM: You specified an invalid value.
3863//
3864//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
3865//      characters.
3866//
3867//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
3868//      at least one invalid value.
3869//
3870//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
3871//      from the response to a previous call of the operation.
3872//
3873//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
3874//      organization, or email) as a party.
3875//
3876//      * INVALID_PATTERN: You provided a value that doesn't match the required
3877//      pattern.
3878//
3879//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
3880//      match the required pattern.
3881//
3882//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
3883//      name can't begin with the reserved prefix AWSServiceRoleFor.
3884//
3885//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
3886//      Name (ARN) for the organization.
3887//
3888//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
3889//
3890//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
3891//      tag. You can’t add, edit, or delete system tag keys because they're
3892//      reserved for AWS use. System tags don’t count against your tags per
3893//      resource limit.
3894//
3895//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
3896//      for the operation.
3897//
3898//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
3899//      than allowed.
3900//
3901//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
3902//      value than allowed.
3903//
3904//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
3905//      than allowed.
3906//
3907//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
3908//      value than allowed.
3909//
3910//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
3911//      between entities in the same root.
3912//
3913//   * ServiceException
3914//   AWS Organizations can't complete your request because of an internal service
3915//   error. Try again later.
3916//
3917//   * TooManyRequestsException
3918//   You have sent too many requests in too short a period of time. The quota
3919//   helps protect against denial-of-service attacks. Try again later.
3920//
3921//   For information about quotas that affect AWS Organizations, see Quotas for
3922//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
3923//   the AWS Organizations User Guide.
3924//
3925//   * UnsupportedAPIEndpointException
3926//   This action isn't available in the current AWS Region.
3927//
3928// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus
3929func (c *Organizations) DescribeCreateAccountStatus(input *DescribeCreateAccountStatusInput) (*DescribeCreateAccountStatusOutput, error) {
3930	req, out := c.DescribeCreateAccountStatusRequest(input)
3931	return out, req.Send()
3932}
3933
3934// DescribeCreateAccountStatusWithContext is the same as DescribeCreateAccountStatus with the addition of
3935// the ability to pass a context and additional request options.
3936//
3937// See DescribeCreateAccountStatus for details on how to use this API operation.
3938//
3939// The context must be non-nil and will be used for request cancellation. If
3940// the context is nil a panic will occur. In the future the SDK may create
3941// sub-contexts for http.Requests. See https://golang.org/pkg/context/
3942// for more information on using Contexts.
3943func (c *Organizations) DescribeCreateAccountStatusWithContext(ctx aws.Context, input *DescribeCreateAccountStatusInput, opts ...request.Option) (*DescribeCreateAccountStatusOutput, error) {
3944	req, out := c.DescribeCreateAccountStatusRequest(input)
3945	req.SetContext(ctx)
3946	req.ApplyOptions(opts...)
3947	return out, req.Send()
3948}
3949
3950const opDescribeEffectivePolicy = "DescribeEffectivePolicy"
3951
3952// DescribeEffectivePolicyRequest generates a "aws/request.Request" representing the
3953// client's request for the DescribeEffectivePolicy operation. The "output" return
3954// value will be populated with the request's response once the request completes
3955// successfully.
3956//
3957// Use "Send" method on the returned Request to send the API call to the service.
3958// the "output" return value is not valid until after Send returns without error.
3959//
3960// See DescribeEffectivePolicy for more information on using the DescribeEffectivePolicy
3961// API call, and error handling.
3962//
3963// This method is useful when you want to inject custom logic or configuration
3964// into the SDK's request lifecycle. Such as custom headers, or retry logic.
3965//
3966//
3967//    // Example sending a request using the DescribeEffectivePolicyRequest method.
3968//    req, resp := client.DescribeEffectivePolicyRequest(params)
3969//
3970//    err := req.Send()
3971//    if err == nil { // resp is now filled
3972//        fmt.Println(resp)
3973//    }
3974//
3975// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeEffectivePolicy
3976func (c *Organizations) DescribeEffectivePolicyRequest(input *DescribeEffectivePolicyInput) (req *request.Request, output *DescribeEffectivePolicyOutput) {
3977	op := &request.Operation{
3978		Name:       opDescribeEffectivePolicy,
3979		HTTPMethod: "POST",
3980		HTTPPath:   "/",
3981	}
3982
3983	if input == nil {
3984		input = &DescribeEffectivePolicyInput{}
3985	}
3986
3987	output = &DescribeEffectivePolicyOutput{}
3988	req = c.newRequest(op, input, output)
3989	return
3990}
3991
3992// DescribeEffectivePolicy API operation for AWS Organizations.
3993//
3994// Returns the contents of the effective policy for specified policy type and
3995// account. The effective policy is the aggregation of any policies of the specified
3996// type that the account inherits, plus any policy of that type that is directly
3997// attached to the account.
3998//
3999// This operation applies only to policy types other than service control policies
4000// (SCPs).
4001//
4002// For more information about policy inheritance, see How Policy Inheritance
4003// Works (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies-inheritance.html)
4004// in the AWS Organizations User Guide.
4005//
4006// This operation can be called only from the organization's master account
4007// or by a member account that is a delegated administrator for an AWS service.
4008//
4009// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
4010// with awserr.Error's Code and Message methods to get detailed information about
4011// the error.
4012//
4013// See the AWS API reference guide for AWS Organizations's
4014// API operation DescribeEffectivePolicy for usage and error information.
4015//
4016// Returned Error Types:
4017//   * AccessDeniedException
4018//   You don't have permissions to perform the requested operation. The user or
4019//   role that is making the request must have at least one IAM permissions policy
4020//   attached that grants the required permissions. For more information, see
4021//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
4022//   in the IAM User Guide.
4023//
4024//   * AWSOrganizationsNotInUseException
4025//   Your account isn't a member of an organization. To make this request, you
4026//   must use the credentials of an account that belongs to an organization.
4027//
4028//   * ConstraintViolationException
4029//   Performing this operation violates a minimum or maximum value limit. For
4030//   example, attempting to remove the last service control policy (SCP) from
4031//   an OU or root, inviting or creating too many accounts to the organization,
4032//   or attaching too many policies to an account, OU, or root. This exception
4033//   includes a reason that contains additional information about the violated
4034//   limit:
4035//
4036//   Some of the reasons in the following list might not be applicable to this
4037//   specific API or operation.
4038//
4039//      * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master
4040//      account from the organization. You can't remove the master account. Instead,
4041//      after you remove all member accounts, delete the organization itself.
4042//
4043//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
4044//      from the organization that doesn't yet have enough information to exist
4045//      as a standalone account. This account requires you to first agree to the
4046//      AWS Customer Agreement. Follow the steps at Removing a member account
4047//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
4048//      the AWS Organizations User Guide.
4049//
4050//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
4051//      an account from the organization that doesn't yet have enough information
4052//      to exist as a standalone account. This account requires you to first complete
4053//      phone verification. Follow the steps at Removing a member account from
4054//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
4055//      in the AWS Organizations User Guide.
4056//
4057//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
4058//      of accounts that you can create in one day.
4059//
4060//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
4061//      the number of accounts in an organization. If you need more accounts,
4062//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
4063//      request an increase in your limit. Or the number of invitations that you
4064//      tried to send would cause you to exceed the limit of accounts in your
4065//      organization. Send fewer invitations or contact AWS Support to request
4066//      an increase in the number of accounts. Deleted and closed accounts still
4067//      count toward your limit. If you get this exception when running a command
4068//      immediately after creating the organization, wait one hour and try again.
4069//      After an hour, if the command continues to fail with this error, contact
4070//      AWS Support (https://console.aws.amazon.com/support/home#/).
4071//
4072//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
4073//      register the master account of the organization as a delegated administrator
4074//      for an AWS service integrated with Organizations. You can designate only
4075//      a member account as a delegated administrator.
4076//
4077//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
4078//      an account that is registered as a delegated administrator for a service
4079//      integrated with your organization. To complete this operation, you must
4080//      first deregister this account as a delegated administrator.
4081//
4082//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
4083//      organization in the specified region, you must enable all features mode.
4084//
4085//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
4086//      an AWS account as a delegated administrator for an AWS service that already
4087//      has a delegated administrator. To complete this operation, you must first
4088//      deregister any existing delegated administrators for this service.
4089//
4090//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
4091//      valid for a limited period of time. You must resubmit the request and
4092//      generate a new verfication code.
4093//
4094//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
4095//      handshakes that you can send in one day.
4096//
4097//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
4098//      in this organization, you first must migrate the organization's master
4099//      account to the marketplace that corresponds to the master account's address.
4100//      For example, accounts with India addresses must be associated with the
4101//      AISPL marketplace. All accounts in an organization must be associated
4102//      with the same marketplace.
4103//
4104//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
4105//      in China. To create an organization, the master must have an valid business
4106//      license. For more information, contact customer support.
4107//
4108//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
4109//      must first provide a valid contact address and phone number for the master
4110//      account. Then try the operation again.
4111//
4112//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
4113//      master account must have an associated account in the AWS GovCloud (US-West)
4114//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
4115//      in the AWS GovCloud User Guide.
4116//
4117//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
4118//      with this master account, you first must associate a valid payment instrument,
4119//      such as a credit card, with the account. Follow the steps at To leave
4120//      an organization when all required account information has not yet been
4121//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
4122//      in the AWS Organizations User Guide.
4123//
4124//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
4125//      to register more delegated administrators than allowed for the service
4126//      principal.
4127//
4128//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
4129//      number of policies of a certain type that can be attached to an entity
4130//      at one time.
4131//
4132//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
4133//      on this resource.
4134//
4135//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
4136//      with this member account, you first must associate a valid payment instrument,
4137//      such as a credit card, with the account. Follow the steps at To leave
4138//      an organization when all required account information has not yet been
4139//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
4140//      in the AWS Organizations User Guide.
4141//
4142//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
4143//      policy from an entity that would cause the entity to have fewer than the
4144//      minimum number of policies of a certain type required.
4145//
4146//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
4147//      that requires the organization to be configured to support all features.
4148//      An organization that supports only consolidated billing features can't
4149//      perform this operation.
4150//
4151//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
4152//      too many levels deep.
4153//
4154//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
4155//      that you can have in an organization.
4156//
4157//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
4158//      is larger than the maximum size.
4159//
4160//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
4161//      policies that you can have in an organization.
4162//
4163//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
4164//      tags that are not compliant with the tag policy requirements for this
4165//      account.
4166//
4167//   * ServiceException
4168//   AWS Organizations can't complete your request because of an internal service
4169//   error. Try again later.
4170//
4171//   * TooManyRequestsException
4172//   You have sent too many requests in too short a period of time. The quota
4173//   helps protect against denial-of-service attacks. Try again later.
4174//
4175//   For information about quotas that affect AWS Organizations, see Quotas for
4176//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
4177//   the AWS Organizations User Guide.
4178//
4179//   * TargetNotFoundException
4180//   We can't find a root, OU, or account with the TargetId that you specified.
4181//
4182//   * EffectivePolicyNotFoundException
4183//   If you ran this action on the master account, this policy type is not enabled.
4184//   If you ran the action on a member account, the account doesn't have an effective
4185//   policy of this type. Contact the administrator of your organization about
4186//   attaching a policy of this type to the account.
4187//
4188//   * InvalidInputException
4189//   The requested operation failed because you provided invalid values for one
4190//   or more of the request parameters. This exception includes a reason that
4191//   contains additional information about the violated limit:
4192//
4193//   Some of the reasons in the following list might not be applicable to this
4194//   specific API or operation.
4195//
4196//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
4197//      can't be modified.
4198//
4199//      * INPUT_REQUIRED: You must include a value for all required parameters.
4200//
4201//      * INVALID_ENUM: You specified an invalid value.
4202//
4203//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
4204//      characters.
4205//
4206//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
4207//      at least one invalid value.
4208//
4209//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
4210//      from the response to a previous call of the operation.
4211//
4212//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
4213//      organization, or email) as a party.
4214//
4215//      * INVALID_PATTERN: You provided a value that doesn't match the required
4216//      pattern.
4217//
4218//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
4219//      match the required pattern.
4220//
4221//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
4222//      name can't begin with the reserved prefix AWSServiceRoleFor.
4223//
4224//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
4225//      Name (ARN) for the organization.
4226//
4227//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
4228//
4229//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
4230//      tag. You can’t add, edit, or delete system tag keys because they're
4231//      reserved for AWS use. System tags don’t count against your tags per
4232//      resource limit.
4233//
4234//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
4235//      for the operation.
4236//
4237//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
4238//      than allowed.
4239//
4240//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
4241//      value than allowed.
4242//
4243//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
4244//      than allowed.
4245//
4246//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
4247//      value than allowed.
4248//
4249//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
4250//      between entities in the same root.
4251//
4252//   * UnsupportedAPIEndpointException
4253//   This action isn't available in the current AWS Region.
4254//
4255// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeEffectivePolicy
4256func (c *Organizations) DescribeEffectivePolicy(input *DescribeEffectivePolicyInput) (*DescribeEffectivePolicyOutput, error) {
4257	req, out := c.DescribeEffectivePolicyRequest(input)
4258	return out, req.Send()
4259}
4260
4261// DescribeEffectivePolicyWithContext is the same as DescribeEffectivePolicy with the addition of
4262// the ability to pass a context and additional request options.
4263//
4264// See DescribeEffectivePolicy for details on how to use this API operation.
4265//
4266// The context must be non-nil and will be used for request cancellation. If
4267// the context is nil a panic will occur. In the future the SDK may create
4268// sub-contexts for http.Requests. See https://golang.org/pkg/context/
4269// for more information on using Contexts.
4270func (c *Organizations) DescribeEffectivePolicyWithContext(ctx aws.Context, input *DescribeEffectivePolicyInput, opts ...request.Option) (*DescribeEffectivePolicyOutput, error) {
4271	req, out := c.DescribeEffectivePolicyRequest(input)
4272	req.SetContext(ctx)
4273	req.ApplyOptions(opts...)
4274	return out, req.Send()
4275}
4276
4277const opDescribeHandshake = "DescribeHandshake"
4278
4279// DescribeHandshakeRequest generates a "aws/request.Request" representing the
4280// client's request for the DescribeHandshake operation. The "output" return
4281// value will be populated with the request's response once the request completes
4282// successfully.
4283//
4284// Use "Send" method on the returned Request to send the API call to the service.
4285// the "output" return value is not valid until after Send returns without error.
4286//
4287// See DescribeHandshake for more information on using the DescribeHandshake
4288// API call, and error handling.
4289//
4290// This method is useful when you want to inject custom logic or configuration
4291// into the SDK's request lifecycle. Such as custom headers, or retry logic.
4292//
4293//
4294//    // Example sending a request using the DescribeHandshakeRequest method.
4295//    req, resp := client.DescribeHandshakeRequest(params)
4296//
4297//    err := req.Send()
4298//    if err == nil { // resp is now filled
4299//        fmt.Println(resp)
4300//    }
4301//
4302// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeHandshake
4303func (c *Organizations) DescribeHandshakeRequest(input *DescribeHandshakeInput) (req *request.Request, output *DescribeHandshakeOutput) {
4304	op := &request.Operation{
4305		Name:       opDescribeHandshake,
4306		HTTPMethod: "POST",
4307		HTTPPath:   "/",
4308	}
4309
4310	if input == nil {
4311		input = &DescribeHandshakeInput{}
4312	}
4313
4314	output = &DescribeHandshakeOutput{}
4315	req = c.newRequest(op, input, output)
4316	return
4317}
4318
4319// DescribeHandshake API operation for AWS Organizations.
4320//
4321// Retrieves information about a previously requested handshake. The handshake
4322// ID comes from the response to the original InviteAccountToOrganization operation
4323// that generated the handshake.
4324//
4325// You can access handshakes that are ACCEPTED, DECLINED, or CANCELED for only
4326// 30 days after they change to that state. They're then deleted and no longer
4327// accessible.
4328//
4329// This operation can be called from any account in the organization.
4330//
4331// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
4332// with awserr.Error's Code and Message methods to get detailed information about
4333// the error.
4334//
4335// See the AWS API reference guide for AWS Organizations's
4336// API operation DescribeHandshake for usage and error information.
4337//
4338// Returned Error Types:
4339//   * AccessDeniedException
4340//   You don't have permissions to perform the requested operation. The user or
4341//   role that is making the request must have at least one IAM permissions policy
4342//   attached that grants the required permissions. For more information, see
4343//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
4344//   in the IAM User Guide.
4345//
4346//   * ConcurrentModificationException
4347//   The target of the operation is currently being modified by a different request.
4348//   Try again later.
4349//
4350//   * HandshakeNotFoundException
4351//   We can't find a handshake with the HandshakeId that you specified.
4352//
4353//   * InvalidInputException
4354//   The requested operation failed because you provided invalid values for one
4355//   or more of the request parameters. This exception includes a reason that
4356//   contains additional information about the violated limit:
4357//
4358//   Some of the reasons in the following list might not be applicable to this
4359//   specific API or operation.
4360//
4361//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
4362//      can't be modified.
4363//
4364//      * INPUT_REQUIRED: You must include a value for all required parameters.
4365//
4366//      * INVALID_ENUM: You specified an invalid value.
4367//
4368//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
4369//      characters.
4370//
4371//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
4372//      at least one invalid value.
4373//
4374//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
4375//      from the response to a previous call of the operation.
4376//
4377//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
4378//      organization, or email) as a party.
4379//
4380//      * INVALID_PATTERN: You provided a value that doesn't match the required
4381//      pattern.
4382//
4383//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
4384//      match the required pattern.
4385//
4386//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
4387//      name can't begin with the reserved prefix AWSServiceRoleFor.
4388//
4389//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
4390//      Name (ARN) for the organization.
4391//
4392//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
4393//
4394//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
4395//      tag. You can’t add, edit, or delete system tag keys because they're
4396//      reserved for AWS use. System tags don’t count against your tags per
4397//      resource limit.
4398//
4399//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
4400//      for the operation.
4401//
4402//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
4403//      than allowed.
4404//
4405//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
4406//      value than allowed.
4407//
4408//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
4409//      than allowed.
4410//
4411//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
4412//      value than allowed.
4413//
4414//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
4415//      between entities in the same root.
4416//
4417//   * ServiceException
4418//   AWS Organizations can't complete your request because of an internal service
4419//   error. Try again later.
4420//
4421//   * TooManyRequestsException
4422//   You have sent too many requests in too short a period of time. The quota
4423//   helps protect against denial-of-service attacks. Try again later.
4424//
4425//   For information about quotas that affect AWS Organizations, see Quotas for
4426//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
4427//   the AWS Organizations User Guide.
4428//
4429// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeHandshake
4430func (c *Organizations) DescribeHandshake(input *DescribeHandshakeInput) (*DescribeHandshakeOutput, error) {
4431	req, out := c.DescribeHandshakeRequest(input)
4432	return out, req.Send()
4433}
4434
4435// DescribeHandshakeWithContext is the same as DescribeHandshake with the addition of
4436// the ability to pass a context and additional request options.
4437//
4438// See DescribeHandshake for details on how to use this API operation.
4439//
4440// The context must be non-nil and will be used for request cancellation. If
4441// the context is nil a panic will occur. In the future the SDK may create
4442// sub-contexts for http.Requests. See https://golang.org/pkg/context/
4443// for more information on using Contexts.
4444func (c *Organizations) DescribeHandshakeWithContext(ctx aws.Context, input *DescribeHandshakeInput, opts ...request.Option) (*DescribeHandshakeOutput, error) {
4445	req, out := c.DescribeHandshakeRequest(input)
4446	req.SetContext(ctx)
4447	req.ApplyOptions(opts...)
4448	return out, req.Send()
4449}
4450
4451const opDescribeOrganization = "DescribeOrganization"
4452
4453// DescribeOrganizationRequest generates a "aws/request.Request" representing the
4454// client's request for the DescribeOrganization operation. The "output" return
4455// value will be populated with the request's response once the request completes
4456// successfully.
4457//
4458// Use "Send" method on the returned Request to send the API call to the service.
4459// the "output" return value is not valid until after Send returns without error.
4460//
4461// See DescribeOrganization for more information on using the DescribeOrganization
4462// API call, and error handling.
4463//
4464// This method is useful when you want to inject custom logic or configuration
4465// into the SDK's request lifecycle. Such as custom headers, or retry logic.
4466//
4467//
4468//    // Example sending a request using the DescribeOrganizationRequest method.
4469//    req, resp := client.DescribeOrganizationRequest(params)
4470//
4471//    err := req.Send()
4472//    if err == nil { // resp is now filled
4473//        fmt.Println(resp)
4474//    }
4475//
4476// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganization
4477func (c *Organizations) DescribeOrganizationRequest(input *DescribeOrganizationInput) (req *request.Request, output *DescribeOrganizationOutput) {
4478	op := &request.Operation{
4479		Name:       opDescribeOrganization,
4480		HTTPMethod: "POST",
4481		HTTPPath:   "/",
4482	}
4483
4484	if input == nil {
4485		input = &DescribeOrganizationInput{}
4486	}
4487
4488	output = &DescribeOrganizationOutput{}
4489	req = c.newRequest(op, input, output)
4490	return
4491}
4492
4493// DescribeOrganization API operation for AWS Organizations.
4494//
4495// Retrieves information about the organization that the user's account belongs
4496// to.
4497//
4498// This operation can be called from any account in the organization.
4499//
4500// Even if a policy type is shown as available in the organization, you can
4501// disable it separately at the root level with DisablePolicyType. Use ListRoots
4502// to see the status of policy types for a specified root.
4503//
4504// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
4505// with awserr.Error's Code and Message methods to get detailed information about
4506// the error.
4507//
4508// See the AWS API reference guide for AWS Organizations's
4509// API operation DescribeOrganization for usage and error information.
4510//
4511// Returned Error Types:
4512//   * AccessDeniedException
4513//   You don't have permissions to perform the requested operation. The user or
4514//   role that is making the request must have at least one IAM permissions policy
4515//   attached that grants the required permissions. For more information, see
4516//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
4517//   in the IAM User Guide.
4518//
4519//   * AWSOrganizationsNotInUseException
4520//   Your account isn't a member of an organization. To make this request, you
4521//   must use the credentials of an account that belongs to an organization.
4522//
4523//   * ConcurrentModificationException
4524//   The target of the operation is currently being modified by a different request.
4525//   Try again later.
4526//
4527//   * ServiceException
4528//   AWS Organizations can't complete your request because of an internal service
4529//   error. Try again later.
4530//
4531//   * TooManyRequestsException
4532//   You have sent too many requests in too short a period of time. The quota
4533//   helps protect against denial-of-service attacks. Try again later.
4534//
4535//   For information about quotas that affect AWS Organizations, see Quotas for
4536//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
4537//   the AWS Organizations User Guide.
4538//
4539// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganization
4540func (c *Organizations) DescribeOrganization(input *DescribeOrganizationInput) (*DescribeOrganizationOutput, error) {
4541	req, out := c.DescribeOrganizationRequest(input)
4542	return out, req.Send()
4543}
4544
4545// DescribeOrganizationWithContext is the same as DescribeOrganization with the addition of
4546// the ability to pass a context and additional request options.
4547//
4548// See DescribeOrganization for details on how to use this API operation.
4549//
4550// The context must be non-nil and will be used for request cancellation. If
4551// the context is nil a panic will occur. In the future the SDK may create
4552// sub-contexts for http.Requests. See https://golang.org/pkg/context/
4553// for more information on using Contexts.
4554func (c *Organizations) DescribeOrganizationWithContext(ctx aws.Context, input *DescribeOrganizationInput, opts ...request.Option) (*DescribeOrganizationOutput, error) {
4555	req, out := c.DescribeOrganizationRequest(input)
4556	req.SetContext(ctx)
4557	req.ApplyOptions(opts...)
4558	return out, req.Send()
4559}
4560
4561const opDescribeOrganizationalUnit = "DescribeOrganizationalUnit"
4562
4563// DescribeOrganizationalUnitRequest generates a "aws/request.Request" representing the
4564// client's request for the DescribeOrganizationalUnit operation. The "output" return
4565// value will be populated with the request's response once the request completes
4566// successfully.
4567//
4568// Use "Send" method on the returned Request to send the API call to the service.
4569// the "output" return value is not valid until after Send returns without error.
4570//
4571// See DescribeOrganizationalUnit for more information on using the DescribeOrganizationalUnit
4572// API call, and error handling.
4573//
4574// This method is useful when you want to inject custom logic or configuration
4575// into the SDK's request lifecycle. Such as custom headers, or retry logic.
4576//
4577//
4578//    // Example sending a request using the DescribeOrganizationalUnitRequest method.
4579//    req, resp := client.DescribeOrganizationalUnitRequest(params)
4580//
4581//    err := req.Send()
4582//    if err == nil { // resp is now filled
4583//        fmt.Println(resp)
4584//    }
4585//
4586// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationalUnit
4587func (c *Organizations) DescribeOrganizationalUnitRequest(input *DescribeOrganizationalUnitInput) (req *request.Request, output *DescribeOrganizationalUnitOutput) {
4588	op := &request.Operation{
4589		Name:       opDescribeOrganizationalUnit,
4590		HTTPMethod: "POST",
4591		HTTPPath:   "/",
4592	}
4593
4594	if input == nil {
4595		input = &DescribeOrganizationalUnitInput{}
4596	}
4597
4598	output = &DescribeOrganizationalUnitOutput{}
4599	req = c.newRequest(op, input, output)
4600	return
4601}
4602
4603// DescribeOrganizationalUnit API operation for AWS Organizations.
4604//
4605// Retrieves information about an organizational unit (OU).
4606//
4607// This operation can be called only from the organization's master account
4608// or by a member account that is a delegated administrator for an AWS service.
4609//
4610// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
4611// with awserr.Error's Code and Message methods to get detailed information about
4612// the error.
4613//
4614// See the AWS API reference guide for AWS Organizations's
4615// API operation DescribeOrganizationalUnit for usage and error information.
4616//
4617// Returned Error Types:
4618//   * AccessDeniedException
4619//   You don't have permissions to perform the requested operation. The user or
4620//   role that is making the request must have at least one IAM permissions policy
4621//   attached that grants the required permissions. For more information, see
4622//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
4623//   in the IAM User Guide.
4624//
4625//   * AWSOrganizationsNotInUseException
4626//   Your account isn't a member of an organization. To make this request, you
4627//   must use the credentials of an account that belongs to an organization.
4628//
4629//   * InvalidInputException
4630//   The requested operation failed because you provided invalid values for one
4631//   or more of the request parameters. This exception includes a reason that
4632//   contains additional information about the violated limit:
4633//
4634//   Some of the reasons in the following list might not be applicable to this
4635//   specific API or operation.
4636//
4637//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
4638//      can't be modified.
4639//
4640//      * INPUT_REQUIRED: You must include a value for all required parameters.
4641//
4642//      * INVALID_ENUM: You specified an invalid value.
4643//
4644//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
4645//      characters.
4646//
4647//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
4648//      at least one invalid value.
4649//
4650//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
4651//      from the response to a previous call of the operation.
4652//
4653//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
4654//      organization, or email) as a party.
4655//
4656//      * INVALID_PATTERN: You provided a value that doesn't match the required
4657//      pattern.
4658//
4659//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
4660//      match the required pattern.
4661//
4662//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
4663//      name can't begin with the reserved prefix AWSServiceRoleFor.
4664//
4665//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
4666//      Name (ARN) for the organization.
4667//
4668//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
4669//
4670//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
4671//      tag. You can’t add, edit, or delete system tag keys because they're
4672//      reserved for AWS use. System tags don’t count against your tags per
4673//      resource limit.
4674//
4675//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
4676//      for the operation.
4677//
4678//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
4679//      than allowed.
4680//
4681//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
4682//      value than allowed.
4683//
4684//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
4685//      than allowed.
4686//
4687//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
4688//      value than allowed.
4689//
4690//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
4691//      between entities in the same root.
4692//
4693//   * OrganizationalUnitNotFoundException
4694//   We can't find an OU with the OrganizationalUnitId that you specified.
4695//
4696//   * ServiceException
4697//   AWS Organizations can't complete your request because of an internal service
4698//   error. Try again later.
4699//
4700//   * TooManyRequestsException
4701//   You have sent too many requests in too short a period of time. The quota
4702//   helps protect against denial-of-service attacks. Try again later.
4703//
4704//   For information about quotas that affect AWS Organizations, see Quotas for
4705//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
4706//   the AWS Organizations User Guide.
4707//
4708// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationalUnit
4709func (c *Organizations) DescribeOrganizationalUnit(input *DescribeOrganizationalUnitInput) (*DescribeOrganizationalUnitOutput, error) {
4710	req, out := c.DescribeOrganizationalUnitRequest(input)
4711	return out, req.Send()
4712}
4713
4714// DescribeOrganizationalUnitWithContext is the same as DescribeOrganizationalUnit with the addition of
4715// the ability to pass a context and additional request options.
4716//
4717// See DescribeOrganizationalUnit for details on how to use this API operation.
4718//
4719// The context must be non-nil and will be used for request cancellation. If
4720// the context is nil a panic will occur. In the future the SDK may create
4721// sub-contexts for http.Requests. See https://golang.org/pkg/context/
4722// for more information on using Contexts.
4723func (c *Organizations) DescribeOrganizationalUnitWithContext(ctx aws.Context, input *DescribeOrganizationalUnitInput, opts ...request.Option) (*DescribeOrganizationalUnitOutput, error) {
4724	req, out := c.DescribeOrganizationalUnitRequest(input)
4725	req.SetContext(ctx)
4726	req.ApplyOptions(opts...)
4727	return out, req.Send()
4728}
4729
4730const opDescribePolicy = "DescribePolicy"
4731
4732// DescribePolicyRequest generates a "aws/request.Request" representing the
4733// client's request for the DescribePolicy operation. The "output" return
4734// value will be populated with the request's response once the request completes
4735// successfully.
4736//
4737// Use "Send" method on the returned Request to send the API call to the service.
4738// the "output" return value is not valid until after Send returns without error.
4739//
4740// See DescribePolicy for more information on using the DescribePolicy
4741// API call, and error handling.
4742//
4743// This method is useful when you want to inject custom logic or configuration
4744// into the SDK's request lifecycle. Such as custom headers, or retry logic.
4745//
4746//
4747//    // Example sending a request using the DescribePolicyRequest method.
4748//    req, resp := client.DescribePolicyRequest(params)
4749//
4750//    err := req.Send()
4751//    if err == nil { // resp is now filled
4752//        fmt.Println(resp)
4753//    }
4754//
4755// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribePolicy
4756func (c *Organizations) DescribePolicyRequest(input *DescribePolicyInput) (req *request.Request, output *DescribePolicyOutput) {
4757	op := &request.Operation{
4758		Name:       opDescribePolicy,
4759		HTTPMethod: "POST",
4760		HTTPPath:   "/",
4761	}
4762
4763	if input == nil {
4764		input = &DescribePolicyInput{}
4765	}
4766
4767	output = &DescribePolicyOutput{}
4768	req = c.newRequest(op, input, output)
4769	return
4770}
4771
4772// DescribePolicy API operation for AWS Organizations.
4773//
4774// Retrieves information about a policy.
4775//
4776// This operation can be called only from the organization's master account
4777// or by a member account that is a delegated administrator for an AWS service.
4778//
4779// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
4780// with awserr.Error's Code and Message methods to get detailed information about
4781// the error.
4782//
4783// See the AWS API reference guide for AWS Organizations's
4784// API operation DescribePolicy for usage and error information.
4785//
4786// Returned Error Types:
4787//   * AccessDeniedException
4788//   You don't have permissions to perform the requested operation. The user or
4789//   role that is making the request must have at least one IAM permissions policy
4790//   attached that grants the required permissions. For more information, see
4791//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
4792//   in the IAM User Guide.
4793//
4794//   * AWSOrganizationsNotInUseException
4795//   Your account isn't a member of an organization. To make this request, you
4796//   must use the credentials of an account that belongs to an organization.
4797//
4798//   * InvalidInputException
4799//   The requested operation failed because you provided invalid values for one
4800//   or more of the request parameters. This exception includes a reason that
4801//   contains additional information about the violated limit:
4802//
4803//   Some of the reasons in the following list might not be applicable to this
4804//   specific API or operation.
4805//
4806//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
4807//      can't be modified.
4808//
4809//      * INPUT_REQUIRED: You must include a value for all required parameters.
4810//
4811//      * INVALID_ENUM: You specified an invalid value.
4812//
4813//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
4814//      characters.
4815//
4816//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
4817//      at least one invalid value.
4818//
4819//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
4820//      from the response to a previous call of the operation.
4821//
4822//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
4823//      organization, or email) as a party.
4824//
4825//      * INVALID_PATTERN: You provided a value that doesn't match the required
4826//      pattern.
4827//
4828//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
4829//      match the required pattern.
4830//
4831//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
4832//      name can't begin with the reserved prefix AWSServiceRoleFor.
4833//
4834//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
4835//      Name (ARN) for the organization.
4836//
4837//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
4838//
4839//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
4840//      tag. You can’t add, edit, or delete system tag keys because they're
4841//      reserved for AWS use. System tags don’t count against your tags per
4842//      resource limit.
4843//
4844//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
4845//      for the operation.
4846//
4847//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
4848//      than allowed.
4849//
4850//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
4851//      value than allowed.
4852//
4853//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
4854//      than allowed.
4855//
4856//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
4857//      value than allowed.
4858//
4859//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
4860//      between entities in the same root.
4861//
4862//   * PolicyNotFoundException
4863//   We can't find a policy with the PolicyId that you specified.
4864//
4865//   * ServiceException
4866//   AWS Organizations can't complete your request because of an internal service
4867//   error. Try again later.
4868//
4869//   * TooManyRequestsException
4870//   You have sent too many requests in too short a period of time. The quota
4871//   helps protect against denial-of-service attacks. Try again later.
4872//
4873//   For information about quotas that affect AWS Organizations, see Quotas for
4874//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
4875//   the AWS Organizations User Guide.
4876//
4877//   * UnsupportedAPIEndpointException
4878//   This action isn't available in the current AWS Region.
4879//
4880// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribePolicy
4881func (c *Organizations) DescribePolicy(input *DescribePolicyInput) (*DescribePolicyOutput, error) {
4882	req, out := c.DescribePolicyRequest(input)
4883	return out, req.Send()
4884}
4885
4886// DescribePolicyWithContext is the same as DescribePolicy with the addition of
4887// the ability to pass a context and additional request options.
4888//
4889// See DescribePolicy for details on how to use this API operation.
4890//
4891// The context must be non-nil and will be used for request cancellation. If
4892// the context is nil a panic will occur. In the future the SDK may create
4893// sub-contexts for http.Requests. See https://golang.org/pkg/context/
4894// for more information on using Contexts.
4895func (c *Organizations) DescribePolicyWithContext(ctx aws.Context, input *DescribePolicyInput, opts ...request.Option) (*DescribePolicyOutput, error) {
4896	req, out := c.DescribePolicyRequest(input)
4897	req.SetContext(ctx)
4898	req.ApplyOptions(opts...)
4899	return out, req.Send()
4900}
4901
4902const opDetachPolicy = "DetachPolicy"
4903
4904// DetachPolicyRequest generates a "aws/request.Request" representing the
4905// client's request for the DetachPolicy operation. The "output" return
4906// value will be populated with the request's response once the request completes
4907// successfully.
4908//
4909// Use "Send" method on the returned Request to send the API call to the service.
4910// the "output" return value is not valid until after Send returns without error.
4911//
4912// See DetachPolicy for more information on using the DetachPolicy
4913// API call, and error handling.
4914//
4915// This method is useful when you want to inject custom logic or configuration
4916// into the SDK's request lifecycle. Such as custom headers, or retry logic.
4917//
4918//
4919//    // Example sending a request using the DetachPolicyRequest method.
4920//    req, resp := client.DetachPolicyRequest(params)
4921//
4922//    err := req.Send()
4923//    if err == nil { // resp is now filled
4924//        fmt.Println(resp)
4925//    }
4926//
4927// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DetachPolicy
4928func (c *Organizations) DetachPolicyRequest(input *DetachPolicyInput) (req *request.Request, output *DetachPolicyOutput) {
4929	op := &request.Operation{
4930		Name:       opDetachPolicy,
4931		HTTPMethod: "POST",
4932		HTTPPath:   "/",
4933	}
4934
4935	if input == nil {
4936		input = &DetachPolicyInput{}
4937	}
4938
4939	output = &DetachPolicyOutput{}
4940	req = c.newRequest(op, input, output)
4941	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
4942	return
4943}
4944
4945// DetachPolicy API operation for AWS Organizations.
4946//
4947// Detaches a policy from a target root, organizational unit (OU), or account.
4948//
4949// If the policy being detached is a service control policy (SCP), the changes
4950// to permissions for AWS Identity and Access Management (IAM) users and roles
4951// in affected accounts are immediate.
4952//
4953// Every root, OU, and account must have at least one SCP attached. If you want
4954// to replace the default FullAWSAccess policy with an SCP that limits the permissions
4955// that can be delegated, you must attach the replacement SCP before you can
4956// remove the default SCP. This is the authorization strategy of an "allow list
4957// (https://docs.aws.amazon.com/organizations/latest/userguide/SCP_strategies.html#orgs_policies_allowlist)".
4958// If you instead attach a second SCP and leave the FullAWSAccess SCP still
4959// attached, and specify "Effect": "Deny" in the second SCP to override the
4960// "Effect": "Allow" in the FullAWSAccess policy (or any other attached SCP),
4961// you're using the authorization strategy of a "deny list (https://docs.aws.amazon.com/organizations/latest/userguide/SCP_strategies.html#orgs_policies_denylist)".
4962//
4963// This operation can be called only from the organization's master account.
4964//
4965// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
4966// with awserr.Error's Code and Message methods to get detailed information about
4967// the error.
4968//
4969// See the AWS API reference guide for AWS Organizations's
4970// API operation DetachPolicy for usage and error information.
4971//
4972// Returned Error Types:
4973//   * AccessDeniedException
4974//   You don't have permissions to perform the requested operation. The user or
4975//   role that is making the request must have at least one IAM permissions policy
4976//   attached that grants the required permissions. For more information, see
4977//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
4978//   in the IAM User Guide.
4979//
4980//   * AWSOrganizationsNotInUseException
4981//   Your account isn't a member of an organization. To make this request, you
4982//   must use the credentials of an account that belongs to an organization.
4983//
4984//   * ConcurrentModificationException
4985//   The target of the operation is currently being modified by a different request.
4986//   Try again later.
4987//
4988//   * ConstraintViolationException
4989//   Performing this operation violates a minimum or maximum value limit. For
4990//   example, attempting to remove the last service control policy (SCP) from
4991//   an OU or root, inviting or creating too many accounts to the organization,
4992//   or attaching too many policies to an account, OU, or root. This exception
4993//   includes a reason that contains additional information about the violated
4994//   limit:
4995//
4996//   Some of the reasons in the following list might not be applicable to this
4997//   specific API or operation.
4998//
4999//      * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master
5000//      account from the organization. You can't remove the master account. Instead,
5001//      after you remove all member accounts, delete the organization itself.
5002//
5003//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
5004//      from the organization that doesn't yet have enough information to exist
5005//      as a standalone account. This account requires you to first agree to the
5006//      AWS Customer Agreement. Follow the steps at Removing a member account
5007//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
5008//      the AWS Organizations User Guide.
5009//
5010//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
5011//      an account from the organization that doesn't yet have enough information
5012//      to exist as a standalone account. This account requires you to first complete
5013//      phone verification. Follow the steps at Removing a member account from
5014//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
5015//      in the AWS Organizations User Guide.
5016//
5017//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
5018//      of accounts that you can create in one day.
5019//
5020//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
5021//      the number of accounts in an organization. If you need more accounts,
5022//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
5023//      request an increase in your limit. Or the number of invitations that you
5024//      tried to send would cause you to exceed the limit of accounts in your
5025//      organization. Send fewer invitations or contact AWS Support to request
5026//      an increase in the number of accounts. Deleted and closed accounts still
5027//      count toward your limit. If you get this exception when running a command
5028//      immediately after creating the organization, wait one hour and try again.
5029//      After an hour, if the command continues to fail with this error, contact
5030//      AWS Support (https://console.aws.amazon.com/support/home#/).
5031//
5032//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
5033//      register the master account of the organization as a delegated administrator
5034//      for an AWS service integrated with Organizations. You can designate only
5035//      a member account as a delegated administrator.
5036//
5037//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
5038//      an account that is registered as a delegated administrator for a service
5039//      integrated with your organization. To complete this operation, you must
5040//      first deregister this account as a delegated administrator.
5041//
5042//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
5043//      organization in the specified region, you must enable all features mode.
5044//
5045//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
5046//      an AWS account as a delegated administrator for an AWS service that already
5047//      has a delegated administrator. To complete this operation, you must first
5048//      deregister any existing delegated administrators for this service.
5049//
5050//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
5051//      valid for a limited period of time. You must resubmit the request and
5052//      generate a new verfication code.
5053//
5054//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
5055//      handshakes that you can send in one day.
5056//
5057//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
5058//      in this organization, you first must migrate the organization's master
5059//      account to the marketplace that corresponds to the master account's address.
5060//      For example, accounts with India addresses must be associated with the
5061//      AISPL marketplace. All accounts in an organization must be associated
5062//      with the same marketplace.
5063//
5064//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
5065//      in China. To create an organization, the master must have an valid business
5066//      license. For more information, contact customer support.
5067//
5068//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
5069//      must first provide a valid contact address and phone number for the master
5070//      account. Then try the operation again.
5071//
5072//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
5073//      master account must have an associated account in the AWS GovCloud (US-West)
5074//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
5075//      in the AWS GovCloud User Guide.
5076//
5077//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
5078//      with this master account, you first must associate a valid payment instrument,
5079//      such as a credit card, with the account. Follow the steps at To leave
5080//      an organization when all required account information has not yet been
5081//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
5082//      in the AWS Organizations User Guide.
5083//
5084//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
5085//      to register more delegated administrators than allowed for the service
5086//      principal.
5087//
5088//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
5089//      number of policies of a certain type that can be attached to an entity
5090//      at one time.
5091//
5092//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
5093//      on this resource.
5094//
5095//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
5096//      with this member account, you first must associate a valid payment instrument,
5097//      such as a credit card, with the account. Follow the steps at To leave
5098//      an organization when all required account information has not yet been
5099//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
5100//      in the AWS Organizations User Guide.
5101//
5102//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
5103//      policy from an entity that would cause the entity to have fewer than the
5104//      minimum number of policies of a certain type required.
5105//
5106//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
5107//      that requires the organization to be configured to support all features.
5108//      An organization that supports only consolidated billing features can't
5109//      perform this operation.
5110//
5111//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
5112//      too many levels deep.
5113//
5114//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
5115//      that you can have in an organization.
5116//
5117//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
5118//      is larger than the maximum size.
5119//
5120//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
5121//      policies that you can have in an organization.
5122//
5123//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
5124//      tags that are not compliant with the tag policy requirements for this
5125//      account.
5126//
5127//   * InvalidInputException
5128//   The requested operation failed because you provided invalid values for one
5129//   or more of the request parameters. This exception includes a reason that
5130//   contains additional information about the violated limit:
5131//
5132//   Some of the reasons in the following list might not be applicable to this
5133//   specific API or operation.
5134//
5135//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
5136//      can't be modified.
5137//
5138//      * INPUT_REQUIRED: You must include a value for all required parameters.
5139//
5140//      * INVALID_ENUM: You specified an invalid value.
5141//
5142//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
5143//      characters.
5144//
5145//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
5146//      at least one invalid value.
5147//
5148//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
5149//      from the response to a previous call of the operation.
5150//
5151//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
5152//      organization, or email) as a party.
5153//
5154//      * INVALID_PATTERN: You provided a value that doesn't match the required
5155//      pattern.
5156//
5157//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
5158//      match the required pattern.
5159//
5160//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
5161//      name can't begin with the reserved prefix AWSServiceRoleFor.
5162//
5163//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
5164//      Name (ARN) for the organization.
5165//
5166//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
5167//
5168//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
5169//      tag. You can’t add, edit, or delete system tag keys because they're
5170//      reserved for AWS use. System tags don’t count against your tags per
5171//      resource limit.
5172//
5173//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
5174//      for the operation.
5175//
5176//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
5177//      than allowed.
5178//
5179//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
5180//      value than allowed.
5181//
5182//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
5183//      than allowed.
5184//
5185//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
5186//      value than allowed.
5187//
5188//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
5189//      between entities in the same root.
5190//
5191//   * PolicyNotAttachedException
5192//   The policy isn't attached to the specified target in the specified root.
5193//
5194//   * PolicyNotFoundException
5195//   We can't find a policy with the PolicyId that you specified.
5196//
5197//   * ServiceException
5198//   AWS Organizations can't complete your request because of an internal service
5199//   error. Try again later.
5200//
5201//   * TargetNotFoundException
5202//   We can't find a root, OU, or account with the TargetId that you specified.
5203//
5204//   * TooManyRequestsException
5205//   You have sent too many requests in too short a period of time. The quota
5206//   helps protect against denial-of-service attacks. Try again later.
5207//
5208//   For information about quotas that affect AWS Organizations, see Quotas for
5209//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
5210//   the AWS Organizations User Guide.
5211//
5212//   * UnsupportedAPIEndpointException
5213//   This action isn't available in the current AWS Region.
5214//
5215//   * PolicyChangesInProgressException
5216//   Changes to the effective policy are in progress, and its contents can't be
5217//   returned. Try the operation again later.
5218//
5219// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DetachPolicy
5220func (c *Organizations) DetachPolicy(input *DetachPolicyInput) (*DetachPolicyOutput, error) {
5221	req, out := c.DetachPolicyRequest(input)
5222	return out, req.Send()
5223}
5224
5225// DetachPolicyWithContext is the same as DetachPolicy with the addition of
5226// the ability to pass a context and additional request options.
5227//
5228// See DetachPolicy for details on how to use this API operation.
5229//
5230// The context must be non-nil and will be used for request cancellation. If
5231// the context is nil a panic will occur. In the future the SDK may create
5232// sub-contexts for http.Requests. See https://golang.org/pkg/context/
5233// for more information on using Contexts.
5234func (c *Organizations) DetachPolicyWithContext(ctx aws.Context, input *DetachPolicyInput, opts ...request.Option) (*DetachPolicyOutput, error) {
5235	req, out := c.DetachPolicyRequest(input)
5236	req.SetContext(ctx)
5237	req.ApplyOptions(opts...)
5238	return out, req.Send()
5239}
5240
5241const opDisableAWSServiceAccess = "DisableAWSServiceAccess"
5242
5243// DisableAWSServiceAccessRequest generates a "aws/request.Request" representing the
5244// client's request for the DisableAWSServiceAccess operation. The "output" return
5245// value will be populated with the request's response once the request completes
5246// successfully.
5247//
5248// Use "Send" method on the returned Request to send the API call to the service.
5249// the "output" return value is not valid until after Send returns without error.
5250//
5251// See DisableAWSServiceAccess for more information on using the DisableAWSServiceAccess
5252// API call, and error handling.
5253//
5254// This method is useful when you want to inject custom logic or configuration
5255// into the SDK's request lifecycle. Such as custom headers, or retry logic.
5256//
5257//
5258//    // Example sending a request using the DisableAWSServiceAccessRequest method.
5259//    req, resp := client.DisableAWSServiceAccessRequest(params)
5260//
5261//    err := req.Send()
5262//    if err == nil { // resp is now filled
5263//        fmt.Println(resp)
5264//    }
5265//
5266// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisableAWSServiceAccess
5267func (c *Organizations) DisableAWSServiceAccessRequest(input *DisableAWSServiceAccessInput) (req *request.Request, output *DisableAWSServiceAccessOutput) {
5268	op := &request.Operation{
5269		Name:       opDisableAWSServiceAccess,
5270		HTTPMethod: "POST",
5271		HTTPPath:   "/",
5272	}
5273
5274	if input == nil {
5275		input = &DisableAWSServiceAccessInput{}
5276	}
5277
5278	output = &DisableAWSServiceAccessOutput{}
5279	req = c.newRequest(op, input, output)
5280	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
5281	return
5282}
5283
5284// DisableAWSServiceAccess API operation for AWS Organizations.
5285//
5286// Disables the integration of an AWS service (the service that is specified
5287// by ServicePrincipal) with AWS Organizations. When you disable integration,
5288// the specified service no longer can create a service-linked role (http://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html)
5289// in new accounts in your organization. This means the service can't perform
5290// operations on your behalf on any new accounts in your organization. The service
5291// can still perform operations in older accounts until the service completes
5292// its clean-up from AWS Organizations.
5293//
5294// We recommend that you disable integration between AWS Organizations and the
5295// specified AWS service by using the console or commands that are provided
5296// by the specified service. Doing so ensures that the other service is aware
5297// that it can clean up any resources that are required only for the integration.
5298// How the service cleans up its resources in the organization's accounts depends
5299// on that service. For more information, see the documentation for the other
5300// AWS service.
5301//
5302// After you perform the DisableAWSServiceAccess operation, the specified service
5303// can no longer perform operations in your organization's accounts unless the
5304// operations are explicitly permitted by the IAM policies that are attached
5305// to your roles.
5306//
5307// For more information about integrating other services with AWS Organizations,
5308// including the list of services that work with Organizations, see Integrating
5309// AWS Organizations with Other AWS Services (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html)
5310// in the AWS Organizations User Guide.
5311//
5312// This operation can be called only from the organization's master account.
5313//
5314// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
5315// with awserr.Error's Code and Message methods to get detailed information about
5316// the error.
5317//
5318// See the AWS API reference guide for AWS Organizations's
5319// API operation DisableAWSServiceAccess for usage and error information.
5320//
5321// Returned Error Types:
5322//   * AccessDeniedException
5323//   You don't have permissions to perform the requested operation. The user or
5324//   role that is making the request must have at least one IAM permissions policy
5325//   attached that grants the required permissions. For more information, see
5326//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
5327//   in the IAM User Guide.
5328//
5329//   * AWSOrganizationsNotInUseException
5330//   Your account isn't a member of an organization. To make this request, you
5331//   must use the credentials of an account that belongs to an organization.
5332//
5333//   * ConcurrentModificationException
5334//   The target of the operation is currently being modified by a different request.
5335//   Try again later.
5336//
5337//   * ConstraintViolationException
5338//   Performing this operation violates a minimum or maximum value limit. For
5339//   example, attempting to remove the last service control policy (SCP) from
5340//   an OU or root, inviting or creating too many accounts to the organization,
5341//   or attaching too many policies to an account, OU, or root. This exception
5342//   includes a reason that contains additional information about the violated
5343//   limit:
5344//
5345//   Some of the reasons in the following list might not be applicable to this
5346//   specific API or operation.
5347//
5348//      * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master
5349//      account from the organization. You can't remove the master account. Instead,
5350//      after you remove all member accounts, delete the organization itself.
5351//
5352//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
5353//      from the organization that doesn't yet have enough information to exist
5354//      as a standalone account. This account requires you to first agree to the
5355//      AWS Customer Agreement. Follow the steps at Removing a member account
5356//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
5357//      the AWS Organizations User Guide.
5358//
5359//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
5360//      an account from the organization that doesn't yet have enough information
5361//      to exist as a standalone account. This account requires you to first complete
5362//      phone verification. Follow the steps at Removing a member account from
5363//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
5364//      in the AWS Organizations User Guide.
5365//
5366//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
5367//      of accounts that you can create in one day.
5368//
5369//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
5370//      the number of accounts in an organization. If you need more accounts,
5371//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
5372//      request an increase in your limit. Or the number of invitations that you
5373//      tried to send would cause you to exceed the limit of accounts in your
5374//      organization. Send fewer invitations or contact AWS Support to request
5375//      an increase in the number of accounts. Deleted and closed accounts still
5376//      count toward your limit. If you get this exception when running a command
5377//      immediately after creating the organization, wait one hour and try again.
5378//      After an hour, if the command continues to fail with this error, contact
5379//      AWS Support (https://console.aws.amazon.com/support/home#/).
5380//
5381//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
5382//      register the master account of the organization as a delegated administrator
5383//      for an AWS service integrated with Organizations. You can designate only
5384//      a member account as a delegated administrator.
5385//
5386//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
5387//      an account that is registered as a delegated administrator for a service
5388//      integrated with your organization. To complete this operation, you must
5389//      first deregister this account as a delegated administrator.
5390//
5391//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
5392//      organization in the specified region, you must enable all features mode.
5393//
5394//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
5395//      an AWS account as a delegated administrator for an AWS service that already
5396//      has a delegated administrator. To complete this operation, you must first
5397//      deregister any existing delegated administrators for this service.
5398//
5399//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
5400//      valid for a limited period of time. You must resubmit the request and
5401//      generate a new verfication code.
5402//
5403//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
5404//      handshakes that you can send in one day.
5405//
5406//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
5407//      in this organization, you first must migrate the organization's master
5408//      account to the marketplace that corresponds to the master account's address.
5409//      For example, accounts with India addresses must be associated with the
5410//      AISPL marketplace. All accounts in an organization must be associated
5411//      with the same marketplace.
5412//
5413//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
5414//      in China. To create an organization, the master must have an valid business
5415//      license. For more information, contact customer support.
5416//
5417//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
5418//      must first provide a valid contact address and phone number for the master
5419//      account. Then try the operation again.
5420//
5421//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
5422//      master account must have an associated account in the AWS GovCloud (US-West)
5423//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
5424//      in the AWS GovCloud User Guide.
5425//
5426//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
5427//      with this master account, you first must associate a valid payment instrument,
5428//      such as a credit card, with the account. Follow the steps at To leave
5429//      an organization when all required account information has not yet been
5430//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
5431//      in the AWS Organizations User Guide.
5432//
5433//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
5434//      to register more delegated administrators than allowed for the service
5435//      principal.
5436//
5437//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
5438//      number of policies of a certain type that can be attached to an entity
5439//      at one time.
5440//
5441//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
5442//      on this resource.
5443//
5444//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
5445//      with this member account, you first must associate a valid payment instrument,
5446//      such as a credit card, with the account. Follow the steps at To leave
5447//      an organization when all required account information has not yet been
5448//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
5449//      in the AWS Organizations User Guide.
5450//
5451//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
5452//      policy from an entity that would cause the entity to have fewer than the
5453//      minimum number of policies of a certain type required.
5454//
5455//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
5456//      that requires the organization to be configured to support all features.
5457//      An organization that supports only consolidated billing features can't
5458//      perform this operation.
5459//
5460//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
5461//      too many levels deep.
5462//
5463//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
5464//      that you can have in an organization.
5465//
5466//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
5467//      is larger than the maximum size.
5468//
5469//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
5470//      policies that you can have in an organization.
5471//
5472//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
5473//      tags that are not compliant with the tag policy requirements for this
5474//      account.
5475//
5476//   * InvalidInputException
5477//   The requested operation failed because you provided invalid values for one
5478//   or more of the request parameters. This exception includes a reason that
5479//   contains additional information about the violated limit:
5480//
5481//   Some of the reasons in the following list might not be applicable to this
5482//   specific API or operation.
5483//
5484//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
5485//      can't be modified.
5486//
5487//      * INPUT_REQUIRED: You must include a value for all required parameters.
5488//
5489//      * INVALID_ENUM: You specified an invalid value.
5490//
5491//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
5492//      characters.
5493//
5494//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
5495//      at least one invalid value.
5496//
5497//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
5498//      from the response to a previous call of the operation.
5499//
5500//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
5501//      organization, or email) as a party.
5502//
5503//      * INVALID_PATTERN: You provided a value that doesn't match the required
5504//      pattern.
5505//
5506//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
5507//      match the required pattern.
5508//
5509//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
5510//      name can't begin with the reserved prefix AWSServiceRoleFor.
5511//
5512//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
5513//      Name (ARN) for the organization.
5514//
5515//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
5516//
5517//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
5518//      tag. You can’t add, edit, or delete system tag keys because they're
5519//      reserved for AWS use. System tags don’t count against your tags per
5520//      resource limit.
5521//
5522//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
5523//      for the operation.
5524//
5525//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
5526//      than allowed.
5527//
5528//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
5529//      value than allowed.
5530//
5531//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
5532//      than allowed.
5533//
5534//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
5535//      value than allowed.
5536//
5537//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
5538//      between entities in the same root.
5539//
5540//   * ServiceException
5541//   AWS Organizations can't complete your request because of an internal service
5542//   error. Try again later.
5543//
5544//   * TooManyRequestsException
5545//   You have sent too many requests in too short a period of time. The quota
5546//   helps protect against denial-of-service attacks. Try again later.
5547//
5548//   For information about quotas that affect AWS Organizations, see Quotas for
5549//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
5550//   the AWS Organizations User Guide.
5551//
5552//   * UnsupportedAPIEndpointException
5553//   This action isn't available in the current AWS Region.
5554//
5555// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisableAWSServiceAccess
5556func (c *Organizations) DisableAWSServiceAccess(input *DisableAWSServiceAccessInput) (*DisableAWSServiceAccessOutput, error) {
5557	req, out := c.DisableAWSServiceAccessRequest(input)
5558	return out, req.Send()
5559}
5560
5561// DisableAWSServiceAccessWithContext is the same as DisableAWSServiceAccess with the addition of
5562// the ability to pass a context and additional request options.
5563//
5564// See DisableAWSServiceAccess for details on how to use this API operation.
5565//
5566// The context must be non-nil and will be used for request cancellation. If
5567// the context is nil a panic will occur. In the future the SDK may create
5568// sub-contexts for http.Requests. See https://golang.org/pkg/context/
5569// for more information on using Contexts.
5570func (c *Organizations) DisableAWSServiceAccessWithContext(ctx aws.Context, input *DisableAWSServiceAccessInput, opts ...request.Option) (*DisableAWSServiceAccessOutput, error) {
5571	req, out := c.DisableAWSServiceAccessRequest(input)
5572	req.SetContext(ctx)
5573	req.ApplyOptions(opts...)
5574	return out, req.Send()
5575}
5576
5577const opDisablePolicyType = "DisablePolicyType"
5578
5579// DisablePolicyTypeRequest generates a "aws/request.Request" representing the
5580// client's request for the DisablePolicyType operation. The "output" return
5581// value will be populated with the request's response once the request completes
5582// successfully.
5583//
5584// Use "Send" method on the returned Request to send the API call to the service.
5585// the "output" return value is not valid until after Send returns without error.
5586//
5587// See DisablePolicyType for more information on using the DisablePolicyType
5588// API call, and error handling.
5589//
5590// This method is useful when you want to inject custom logic or configuration
5591// into the SDK's request lifecycle. Such as custom headers, or retry logic.
5592//
5593//
5594//    // Example sending a request using the DisablePolicyTypeRequest method.
5595//    req, resp := client.DisablePolicyTypeRequest(params)
5596//
5597//    err := req.Send()
5598//    if err == nil { // resp is now filled
5599//        fmt.Println(resp)
5600//    }
5601//
5602// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyType
5603func (c *Organizations) DisablePolicyTypeRequest(input *DisablePolicyTypeInput) (req *request.Request, output *DisablePolicyTypeOutput) {
5604	op := &request.Operation{
5605		Name:       opDisablePolicyType,
5606		HTTPMethod: "POST",
5607		HTTPPath:   "/",
5608	}
5609
5610	if input == nil {
5611		input = &DisablePolicyTypeInput{}
5612	}
5613
5614	output = &DisablePolicyTypeOutput{}
5615	req = c.newRequest(op, input, output)
5616	return
5617}
5618
5619// DisablePolicyType API operation for AWS Organizations.
5620//
5621// Disables an organizational policy type in a root. A policy of a certain type
5622// can be attached to entities in a root only if that type is enabled in the
5623// root. After you perform this operation, you no longer can attach policies
5624// of the specified type to that root or to any organizational unit (OU) or
5625// account in that root. You can undo this by using the EnablePolicyType operation.
5626//
5627// This is an asynchronous request that AWS performs in the background. If you
5628// disable a policy type for a root, it still appears enabled for the organization
5629// if all features (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
5630// are enabled for the organization. AWS recommends that you first use ListRoots
5631// to see the status of policy types for a specified root, and then use this
5632// operation.
5633//
5634// This operation can be called only from the organization's master account.
5635//
5636// To view the status of available policy types in the organization, use DescribeOrganization.
5637//
5638// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
5639// with awserr.Error's Code and Message methods to get detailed information about
5640// the error.
5641//
5642// See the AWS API reference guide for AWS Organizations's
5643// API operation DisablePolicyType for usage and error information.
5644//
5645// Returned Error Types:
5646//   * AccessDeniedException
5647//   You don't have permissions to perform the requested operation. The user or
5648//   role that is making the request must have at least one IAM permissions policy
5649//   attached that grants the required permissions. For more information, see
5650//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
5651//   in the IAM User Guide.
5652//
5653//   * AWSOrganizationsNotInUseException
5654//   Your account isn't a member of an organization. To make this request, you
5655//   must use the credentials of an account that belongs to an organization.
5656//
5657//   * ConcurrentModificationException
5658//   The target of the operation is currently being modified by a different request.
5659//   Try again later.
5660//
5661//   * ConstraintViolationException
5662//   Performing this operation violates a minimum or maximum value limit. For
5663//   example, attempting to remove the last service control policy (SCP) from
5664//   an OU or root, inviting or creating too many accounts to the organization,
5665//   or attaching too many policies to an account, OU, or root. This exception
5666//   includes a reason that contains additional information about the violated
5667//   limit:
5668//
5669//   Some of the reasons in the following list might not be applicable to this
5670//   specific API or operation.
5671//
5672//      * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master
5673//      account from the organization. You can't remove the master account. Instead,
5674//      after you remove all member accounts, delete the organization itself.
5675//
5676//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
5677//      from the organization that doesn't yet have enough information to exist
5678//      as a standalone account. This account requires you to first agree to the
5679//      AWS Customer Agreement. Follow the steps at Removing a member account
5680//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
5681//      the AWS Organizations User Guide.
5682//
5683//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
5684//      an account from the organization that doesn't yet have enough information
5685//      to exist as a standalone account. This account requires you to first complete
5686//      phone verification. Follow the steps at Removing a member account from
5687//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
5688//      in the AWS Organizations User Guide.
5689//
5690//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
5691//      of accounts that you can create in one day.
5692//
5693//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
5694//      the number of accounts in an organization. If you need more accounts,
5695//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
5696//      request an increase in your limit. Or the number of invitations that you
5697//      tried to send would cause you to exceed the limit of accounts in your
5698//      organization. Send fewer invitations or contact AWS Support to request
5699//      an increase in the number of accounts. Deleted and closed accounts still
5700//      count toward your limit. If you get this exception when running a command
5701//      immediately after creating the organization, wait one hour and try again.
5702//      After an hour, if the command continues to fail with this error, contact
5703//      AWS Support (https://console.aws.amazon.com/support/home#/).
5704//
5705//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
5706//      register the master account of the organization as a delegated administrator
5707//      for an AWS service integrated with Organizations. You can designate only
5708//      a member account as a delegated administrator.
5709//
5710//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
5711//      an account that is registered as a delegated administrator for a service
5712//      integrated with your organization. To complete this operation, you must
5713//      first deregister this account as a delegated administrator.
5714//
5715//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
5716//      organization in the specified region, you must enable all features mode.
5717//
5718//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
5719//      an AWS account as a delegated administrator for an AWS service that already
5720//      has a delegated administrator. To complete this operation, you must first
5721//      deregister any existing delegated administrators for this service.
5722//
5723//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
5724//      valid for a limited period of time. You must resubmit the request and
5725//      generate a new verfication code.
5726//
5727//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
5728//      handshakes that you can send in one day.
5729//
5730//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
5731//      in this organization, you first must migrate the organization's master
5732//      account to the marketplace that corresponds to the master account's address.
5733//      For example, accounts with India addresses must be associated with the
5734//      AISPL marketplace. All accounts in an organization must be associated
5735//      with the same marketplace.
5736//
5737//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
5738//      in China. To create an organization, the master must have an valid business
5739//      license. For more information, contact customer support.
5740//
5741//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
5742//      must first provide a valid contact address and phone number for the master
5743//      account. Then try the operation again.
5744//
5745//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
5746//      master account must have an associated account in the AWS GovCloud (US-West)
5747//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
5748//      in the AWS GovCloud User Guide.
5749//
5750//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
5751//      with this master account, you first must associate a valid payment instrument,
5752//      such as a credit card, with the account. Follow the steps at To leave
5753//      an organization when all required account information has not yet been
5754//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
5755//      in the AWS Organizations User Guide.
5756//
5757//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
5758//      to register more delegated administrators than allowed for the service
5759//      principal.
5760//
5761//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
5762//      number of policies of a certain type that can be attached to an entity
5763//      at one time.
5764//
5765//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
5766//      on this resource.
5767//
5768//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
5769//      with this member account, you first must associate a valid payment instrument,
5770//      such as a credit card, with the account. Follow the steps at To leave
5771//      an organization when all required account information has not yet been
5772//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
5773//      in the AWS Organizations User Guide.
5774//
5775//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
5776//      policy from an entity that would cause the entity to have fewer than the
5777//      minimum number of policies of a certain type required.
5778//
5779//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
5780//      that requires the organization to be configured to support all features.
5781//      An organization that supports only consolidated billing features can't
5782//      perform this operation.
5783//
5784//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
5785//      too many levels deep.
5786//
5787//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
5788//      that you can have in an organization.
5789//
5790//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
5791//      is larger than the maximum size.
5792//
5793//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
5794//      policies that you can have in an organization.
5795//
5796//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
5797//      tags that are not compliant with the tag policy requirements for this
5798//      account.
5799//
5800//   * InvalidInputException
5801//   The requested operation failed because you provided invalid values for one
5802//   or more of the request parameters. This exception includes a reason that
5803//   contains additional information about the violated limit:
5804//
5805//   Some of the reasons in the following list might not be applicable to this
5806//   specific API or operation.
5807//
5808//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
5809//      can't be modified.
5810//
5811//      * INPUT_REQUIRED: You must include a value for all required parameters.
5812//
5813//      * INVALID_ENUM: You specified an invalid value.
5814//
5815//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
5816//      characters.
5817//
5818//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
5819//      at least one invalid value.
5820//
5821//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
5822//      from the response to a previous call of the operation.
5823//
5824//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
5825//      organization, or email) as a party.
5826//
5827//      * INVALID_PATTERN: You provided a value that doesn't match the required
5828//      pattern.
5829//
5830//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
5831//      match the required pattern.
5832//
5833//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
5834//      name can't begin with the reserved prefix AWSServiceRoleFor.
5835//
5836//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
5837//      Name (ARN) for the organization.
5838//
5839//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
5840//
5841//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
5842//      tag. You can’t add, edit, or delete system tag keys because they're
5843//      reserved for AWS use. System tags don’t count against your tags per
5844//      resource limit.
5845//
5846//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
5847//      for the operation.
5848//
5849//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
5850//      than allowed.
5851//
5852//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
5853//      value than allowed.
5854//
5855//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
5856//      than allowed.
5857//
5858//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
5859//      value than allowed.
5860//
5861//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
5862//      between entities in the same root.
5863//
5864//   * PolicyTypeNotEnabledException
5865//   The specified policy type isn't currently enabled in this root. You can't
5866//   attach policies of the specified type to entities in a root until you enable
5867//   that type in the root. For more information, see Enabling All Features in
5868//   Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
5869//   in the AWS Organizations User Guide.
5870//
5871//   * RootNotFoundException
5872//   We can't find a root with the RootId that you specified.
5873//
5874//   * ServiceException
5875//   AWS Organizations can't complete your request because of an internal service
5876//   error. Try again later.
5877//
5878//   * TooManyRequestsException
5879//   You have sent too many requests in too short a period of time. The quota
5880//   helps protect against denial-of-service attacks. Try again later.
5881//
5882//   For information about quotas that affect AWS Organizations, see Quotas for
5883//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
5884//   the AWS Organizations User Guide.
5885//
5886//   * UnsupportedAPIEndpointException
5887//   This action isn't available in the current AWS Region.
5888//
5889//   * PolicyChangesInProgressException
5890//   Changes to the effective policy are in progress, and its contents can't be
5891//   returned. Try the operation again later.
5892//
5893// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyType
5894func (c *Organizations) DisablePolicyType(input *DisablePolicyTypeInput) (*DisablePolicyTypeOutput, error) {
5895	req, out := c.DisablePolicyTypeRequest(input)
5896	return out, req.Send()
5897}
5898
5899// DisablePolicyTypeWithContext is the same as DisablePolicyType with the addition of
5900// the ability to pass a context and additional request options.
5901//
5902// See DisablePolicyType for details on how to use this API operation.
5903//
5904// The context must be non-nil and will be used for request cancellation. If
5905// the context is nil a panic will occur. In the future the SDK may create
5906// sub-contexts for http.Requests. See https://golang.org/pkg/context/
5907// for more information on using Contexts.
5908func (c *Organizations) DisablePolicyTypeWithContext(ctx aws.Context, input *DisablePolicyTypeInput, opts ...request.Option) (*DisablePolicyTypeOutput, error) {
5909	req, out := c.DisablePolicyTypeRequest(input)
5910	req.SetContext(ctx)
5911	req.ApplyOptions(opts...)
5912	return out, req.Send()
5913}
5914
5915const opEnableAWSServiceAccess = "EnableAWSServiceAccess"
5916
5917// EnableAWSServiceAccessRequest generates a "aws/request.Request" representing the
5918// client's request for the EnableAWSServiceAccess operation. The "output" return
5919// value will be populated with the request's response once the request completes
5920// successfully.
5921//
5922// Use "Send" method on the returned Request to send the API call to the service.
5923// the "output" return value is not valid until after Send returns without error.
5924//
5925// See EnableAWSServiceAccess for more information on using the EnableAWSServiceAccess
5926// API call, and error handling.
5927//
5928// This method is useful when you want to inject custom logic or configuration
5929// into the SDK's request lifecycle. Such as custom headers, or retry logic.
5930//
5931//
5932//    // Example sending a request using the EnableAWSServiceAccessRequest method.
5933//    req, resp := client.EnableAWSServiceAccessRequest(params)
5934//
5935//    err := req.Send()
5936//    if err == nil { // resp is now filled
5937//        fmt.Println(resp)
5938//    }
5939//
5940// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAWSServiceAccess
5941func (c *Organizations) EnableAWSServiceAccessRequest(input *EnableAWSServiceAccessInput) (req *request.Request, output *EnableAWSServiceAccessOutput) {
5942	op := &request.Operation{
5943		Name:       opEnableAWSServiceAccess,
5944		HTTPMethod: "POST",
5945		HTTPPath:   "/",
5946	}
5947
5948	if input == nil {
5949		input = &EnableAWSServiceAccessInput{}
5950	}
5951
5952	output = &EnableAWSServiceAccessOutput{}
5953	req = c.newRequest(op, input, output)
5954	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
5955	return
5956}
5957
5958// EnableAWSServiceAccess API operation for AWS Organizations.
5959//
5960// Enables the integration of an AWS service (the service that is specified
5961// by ServicePrincipal) with AWS Organizations. When you enable integration,
5962// you allow the specified service to create a service-linked role (http://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html)
5963// in all the accounts in your organization. This allows the service to perform
5964// operations on your behalf in your organization and its accounts.
5965//
5966// We recommend that you enable integration between AWS Organizations and the
5967// specified AWS service by using the console or commands that are provided
5968// by the specified service. Doing so ensures that the service is aware that
5969// it can create the resources that are required for the integration. How the
5970// service creates those resources in the organization's accounts depends on
5971// that service. For more information, see the documentation for the other AWS
5972// service.
5973//
5974// For more information about enabling services to integrate with AWS Organizations,
5975// see Integrating AWS Organizations with Other AWS Services (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html)
5976// in the AWS Organizations User Guide.
5977//
5978// This operation can be called only from the organization's master account
5979// and only if the organization has enabled all features (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html).
5980//
5981// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
5982// with awserr.Error's Code and Message methods to get detailed information about
5983// the error.
5984//
5985// See the AWS API reference guide for AWS Organizations's
5986// API operation EnableAWSServiceAccess for usage and error information.
5987//
5988// Returned Error Types:
5989//   * AccessDeniedException
5990//   You don't have permissions to perform the requested operation. The user or
5991//   role that is making the request must have at least one IAM permissions policy
5992//   attached that grants the required permissions. For more information, see
5993//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
5994//   in the IAM User Guide.
5995//
5996//   * AWSOrganizationsNotInUseException
5997//   Your account isn't a member of an organization. To make this request, you
5998//   must use the credentials of an account that belongs to an organization.
5999//
6000//   * ConcurrentModificationException
6001//   The target of the operation is currently being modified by a different request.
6002//   Try again later.
6003//
6004//   * ConstraintViolationException
6005//   Performing this operation violates a minimum or maximum value limit. For
6006//   example, attempting to remove the last service control policy (SCP) from
6007//   an OU or root, inviting or creating too many accounts to the organization,
6008//   or attaching too many policies to an account, OU, or root. This exception
6009//   includes a reason that contains additional information about the violated
6010//   limit:
6011//
6012//   Some of the reasons in the following list might not be applicable to this
6013//   specific API or operation.
6014//
6015//      * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master
6016//      account from the organization. You can't remove the master account. Instead,
6017//      after you remove all member accounts, delete the organization itself.
6018//
6019//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
6020//      from the organization that doesn't yet have enough information to exist
6021//      as a standalone account. This account requires you to first agree to the
6022//      AWS Customer Agreement. Follow the steps at Removing a member account
6023//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
6024//      the AWS Organizations User Guide.
6025//
6026//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
6027//      an account from the organization that doesn't yet have enough information
6028//      to exist as a standalone account. This account requires you to first complete
6029//      phone verification. Follow the steps at Removing a member account from
6030//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
6031//      in the AWS Organizations User Guide.
6032//
6033//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
6034//      of accounts that you can create in one day.
6035//
6036//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
6037//      the number of accounts in an organization. If you need more accounts,
6038//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
6039//      request an increase in your limit. Or the number of invitations that you
6040//      tried to send would cause you to exceed the limit of accounts in your
6041//      organization. Send fewer invitations or contact AWS Support to request
6042//      an increase in the number of accounts. Deleted and closed accounts still
6043//      count toward your limit. If you get this exception when running a command
6044//      immediately after creating the organization, wait one hour and try again.
6045//      After an hour, if the command continues to fail with this error, contact
6046//      AWS Support (https://console.aws.amazon.com/support/home#/).
6047//
6048//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
6049//      register the master account of the organization as a delegated administrator
6050//      for an AWS service integrated with Organizations. You can designate only
6051//      a member account as a delegated administrator.
6052//
6053//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
6054//      an account that is registered as a delegated administrator for a service
6055//      integrated with your organization. To complete this operation, you must
6056//      first deregister this account as a delegated administrator.
6057//
6058//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
6059//      organization in the specified region, you must enable all features mode.
6060//
6061//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
6062//      an AWS account as a delegated administrator for an AWS service that already
6063//      has a delegated administrator. To complete this operation, you must first
6064//      deregister any existing delegated administrators for this service.
6065//
6066//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
6067//      valid for a limited period of time. You must resubmit the request and
6068//      generate a new verfication code.
6069//
6070//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
6071//      handshakes that you can send in one day.
6072//
6073//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
6074//      in this organization, you first must migrate the organization's master
6075//      account to the marketplace that corresponds to the master account's address.
6076//      For example, accounts with India addresses must be associated with the
6077//      AISPL marketplace. All accounts in an organization must be associated
6078//      with the same marketplace.
6079//
6080//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
6081//      in China. To create an organization, the master must have an valid business
6082//      license. For more information, contact customer support.
6083//
6084//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
6085//      must first provide a valid contact address and phone number for the master
6086//      account. Then try the operation again.
6087//
6088//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
6089//      master account must have an associated account in the AWS GovCloud (US-West)
6090//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
6091//      in the AWS GovCloud User Guide.
6092//
6093//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
6094//      with this master account, you first must associate a valid payment instrument,
6095//      such as a credit card, with the account. Follow the steps at To leave
6096//      an organization when all required account information has not yet been
6097//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
6098//      in the AWS Organizations User Guide.
6099//
6100//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
6101//      to register more delegated administrators than allowed for the service
6102//      principal.
6103//
6104//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
6105//      number of policies of a certain type that can be attached to an entity
6106//      at one time.
6107//
6108//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
6109//      on this resource.
6110//
6111//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
6112//      with this member account, you first must associate a valid payment instrument,
6113//      such as a credit card, with the account. Follow the steps at To leave
6114//      an organization when all required account information has not yet been
6115//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
6116//      in the AWS Organizations User Guide.
6117//
6118//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
6119//      policy from an entity that would cause the entity to have fewer than the
6120//      minimum number of policies of a certain type required.
6121//
6122//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
6123//      that requires the organization to be configured to support all features.
6124//      An organization that supports only consolidated billing features can't
6125//      perform this operation.
6126//
6127//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
6128//      too many levels deep.
6129//
6130//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
6131//      that you can have in an organization.
6132//
6133//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
6134//      is larger than the maximum size.
6135//
6136//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
6137//      policies that you can have in an organization.
6138//
6139//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
6140//      tags that are not compliant with the tag policy requirements for this
6141//      account.
6142//
6143//   * InvalidInputException
6144//   The requested operation failed because you provided invalid values for one
6145//   or more of the request parameters. This exception includes a reason that
6146//   contains additional information about the violated limit:
6147//
6148//   Some of the reasons in the following list might not be applicable to this
6149//   specific API or operation.
6150//
6151//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
6152//      can't be modified.
6153//
6154//      * INPUT_REQUIRED: You must include a value for all required parameters.
6155//
6156//      * INVALID_ENUM: You specified an invalid value.
6157//
6158//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
6159//      characters.
6160//
6161//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
6162//      at least one invalid value.
6163//
6164//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
6165//      from the response to a previous call of the operation.
6166//
6167//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
6168//      organization, or email) as a party.
6169//
6170//      * INVALID_PATTERN: You provided a value that doesn't match the required
6171//      pattern.
6172//
6173//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
6174//      match the required pattern.
6175//
6176//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
6177//      name can't begin with the reserved prefix AWSServiceRoleFor.
6178//
6179//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
6180//      Name (ARN) for the organization.
6181//
6182//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
6183//
6184//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
6185//      tag. You can’t add, edit, or delete system tag keys because they're
6186//      reserved for AWS use. System tags don’t count against your tags per
6187//      resource limit.
6188//
6189//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
6190//      for the operation.
6191//
6192//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
6193//      than allowed.
6194//
6195//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
6196//      value than allowed.
6197//
6198//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
6199//      than allowed.
6200//
6201//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
6202//      value than allowed.
6203//
6204//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
6205//      between entities in the same root.
6206//
6207//   * ServiceException
6208//   AWS Organizations can't complete your request because of an internal service
6209//   error. Try again later.
6210//
6211//   * TooManyRequestsException
6212//   You have sent too many requests in too short a period of time. The quota
6213//   helps protect against denial-of-service attacks. Try again later.
6214//
6215//   For information about quotas that affect AWS Organizations, see Quotas for
6216//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
6217//   the AWS Organizations User Guide.
6218//
6219//   * UnsupportedAPIEndpointException
6220//   This action isn't available in the current AWS Region.
6221//
6222// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAWSServiceAccess
6223func (c *Organizations) EnableAWSServiceAccess(input *EnableAWSServiceAccessInput) (*EnableAWSServiceAccessOutput, error) {
6224	req, out := c.EnableAWSServiceAccessRequest(input)
6225	return out, req.Send()
6226}
6227
6228// EnableAWSServiceAccessWithContext is the same as EnableAWSServiceAccess with the addition of
6229// the ability to pass a context and additional request options.
6230//
6231// See EnableAWSServiceAccess for details on how to use this API operation.
6232//
6233// The context must be non-nil and will be used for request cancellation. If
6234// the context is nil a panic will occur. In the future the SDK may create
6235// sub-contexts for http.Requests. See https://golang.org/pkg/context/
6236// for more information on using Contexts.
6237func (c *Organizations) EnableAWSServiceAccessWithContext(ctx aws.Context, input *EnableAWSServiceAccessInput, opts ...request.Option) (*EnableAWSServiceAccessOutput, error) {
6238	req, out := c.EnableAWSServiceAccessRequest(input)
6239	req.SetContext(ctx)
6240	req.ApplyOptions(opts...)
6241	return out, req.Send()
6242}
6243
6244const opEnableAllFeatures = "EnableAllFeatures"
6245
6246// EnableAllFeaturesRequest generates a "aws/request.Request" representing the
6247// client's request for the EnableAllFeatures operation. The "output" return
6248// value will be populated with the request's response once the request completes
6249// successfully.
6250//
6251// Use "Send" method on the returned Request to send the API call to the service.
6252// the "output" return value is not valid until after Send returns without error.
6253//
6254// See EnableAllFeatures for more information on using the EnableAllFeatures
6255// API call, and error handling.
6256//
6257// This method is useful when you want to inject custom logic or configuration
6258// into the SDK's request lifecycle. Such as custom headers, or retry logic.
6259//
6260//
6261//    // Example sending a request using the EnableAllFeaturesRequest method.
6262//    req, resp := client.EnableAllFeaturesRequest(params)
6263//
6264//    err := req.Send()
6265//    if err == nil { // resp is now filled
6266//        fmt.Println(resp)
6267//    }
6268//
6269// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAllFeatures
6270func (c *Organizations) EnableAllFeaturesRequest(input *EnableAllFeaturesInput) (req *request.Request, output *EnableAllFeaturesOutput) {
6271	op := &request.Operation{
6272		Name:       opEnableAllFeatures,
6273		HTTPMethod: "POST",
6274		HTTPPath:   "/",
6275	}
6276
6277	if input == nil {
6278		input = &EnableAllFeaturesInput{}
6279	}
6280
6281	output = &EnableAllFeaturesOutput{}
6282	req = c.newRequest(op, input, output)
6283	return
6284}
6285
6286// EnableAllFeatures API operation for AWS Organizations.
6287//
6288// Enables all features in an organization. This enables the use of organization
6289// policies that can restrict the services and actions that can be called in
6290// each account. Until you enable all features, you have access only to consolidated
6291// billing, and you can't use any of the advanced account administration features
6292// that AWS Organizations supports. For more information, see Enabling All Features
6293// in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
6294// in the AWS Organizations User Guide.
6295//
6296// This operation is required only for organizations that were created explicitly
6297// with only the consolidated billing features enabled. Calling this operation
6298// sends a handshake to every invited account in the organization. The feature
6299// set change can be finalized and the additional features enabled only after
6300// all administrators in the invited accounts approve the change by accepting
6301// the handshake.
6302//
6303// After you enable all features, you can separately enable or disable individual
6304// policy types in a root using EnablePolicyType and DisablePolicyType. To see
6305// the status of policy types in a root, use ListRoots.
6306//
6307// After all invited member accounts accept the handshake, you finalize the
6308// feature set change by accepting the handshake that contains "Action": "ENABLE_ALL_FEATURES".
6309// This completes the change.
6310//
6311// After you enable all features in your organization, the master account in
6312// the organization can apply policies on all member accounts. These policies
6313// can restrict what users and even administrators in those accounts can do.
6314// The master account can apply policies that prevent accounts from leaving
6315// the organization. Ensure that your account administrators are aware of this.
6316//
6317// This operation can be called only from the organization's master account.
6318//
6319// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
6320// with awserr.Error's Code and Message methods to get detailed information about
6321// the error.
6322//
6323// See the AWS API reference guide for AWS Organizations's
6324// API operation EnableAllFeatures for usage and error information.
6325//
6326// Returned Error Types:
6327//   * AccessDeniedException
6328//   You don't have permissions to perform the requested operation. The user or
6329//   role that is making the request must have at least one IAM permissions policy
6330//   attached that grants the required permissions. For more information, see
6331//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
6332//   in the IAM User Guide.
6333//
6334//   * AWSOrganizationsNotInUseException
6335//   Your account isn't a member of an organization. To make this request, you
6336//   must use the credentials of an account that belongs to an organization.
6337//
6338//   * ConcurrentModificationException
6339//   The target of the operation is currently being modified by a different request.
6340//   Try again later.
6341//
6342//   * HandshakeConstraintViolationException
6343//   The requested operation would violate the constraint identified in the reason
6344//   code.
6345//
6346//   Some of the reasons in the following list might not be applicable to this
6347//   specific API or operation:
6348//
6349//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
6350//      the number of accounts in an organization. Note that deleted and closed
6351//      accounts still count toward your limit. If you get this exception immediately
6352//      after creating the organization, wait one hour and try again. If after
6353//      an hour it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/).
6354//
6355//      * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because
6356//      the invited account is already a member of an organization.
6357//
6358//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
6359//      handshakes that you can send in one day.
6360//
6361//      * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations
6362//      to join an organization while it's in the process of enabling all features.
6363//      You can resume inviting accounts after you finalize the process when all
6364//      accounts have agreed to the change.
6365//
6366//      * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid
6367//      because the organization has already enabled all features.
6368//
6369//      * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because
6370//      the account is from a different marketplace than the accounts in the organization.
6371//      For example, accounts with India addresses must be associated with the
6372//      AISPL marketplace. All accounts in an organization must be from the same
6373//      marketplace.
6374//
6375//      * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to
6376//      change the membership of an account too quickly after its previous change.
6377//
6378//      * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an
6379//      account that doesn't have a payment instrument, such as a credit card,
6380//      associated with it.
6381//
6382//   * InvalidInputException
6383//   The requested operation failed because you provided invalid values for one
6384//   or more of the request parameters. This exception includes a reason that
6385//   contains additional information about the violated limit:
6386//
6387//   Some of the reasons in the following list might not be applicable to this
6388//   specific API or operation.
6389//
6390//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
6391//      can't be modified.
6392//
6393//      * INPUT_REQUIRED: You must include a value for all required parameters.
6394//
6395//      * INVALID_ENUM: You specified an invalid value.
6396//
6397//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
6398//      characters.
6399//
6400//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
6401//      at least one invalid value.
6402//
6403//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
6404//      from the response to a previous call of the operation.
6405//
6406//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
6407//      organization, or email) as a party.
6408//
6409//      * INVALID_PATTERN: You provided a value that doesn't match the required
6410//      pattern.
6411//
6412//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
6413//      match the required pattern.
6414//
6415//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
6416//      name can't begin with the reserved prefix AWSServiceRoleFor.
6417//
6418//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
6419//      Name (ARN) for the organization.
6420//
6421//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
6422//
6423//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
6424//      tag. You can’t add, edit, or delete system tag keys because they're
6425//      reserved for AWS use. System tags don’t count against your tags per
6426//      resource limit.
6427//
6428//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
6429//      for the operation.
6430//
6431//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
6432//      than allowed.
6433//
6434//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
6435//      value than allowed.
6436//
6437//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
6438//      than allowed.
6439//
6440//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
6441//      value than allowed.
6442//
6443//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
6444//      between entities in the same root.
6445//
6446//   * ServiceException
6447//   AWS Organizations can't complete your request because of an internal service
6448//   error. Try again later.
6449//
6450//   * TooManyRequestsException
6451//   You have sent too many requests in too short a period of time. The quota
6452//   helps protect against denial-of-service attacks. Try again later.
6453//
6454//   For information about quotas that affect AWS Organizations, see Quotas for
6455//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
6456//   the AWS Organizations User Guide.
6457//
6458// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAllFeatures
6459func (c *Organizations) EnableAllFeatures(input *EnableAllFeaturesInput) (*EnableAllFeaturesOutput, error) {
6460	req, out := c.EnableAllFeaturesRequest(input)
6461	return out, req.Send()
6462}
6463
6464// EnableAllFeaturesWithContext is the same as EnableAllFeatures with the addition of
6465// the ability to pass a context and additional request options.
6466//
6467// See EnableAllFeatures for details on how to use this API operation.
6468//
6469// The context must be non-nil and will be used for request cancellation. If
6470// the context is nil a panic will occur. In the future the SDK may create
6471// sub-contexts for http.Requests. See https://golang.org/pkg/context/
6472// for more information on using Contexts.
6473func (c *Organizations) EnableAllFeaturesWithContext(ctx aws.Context, input *EnableAllFeaturesInput, opts ...request.Option) (*EnableAllFeaturesOutput, error) {
6474	req, out := c.EnableAllFeaturesRequest(input)
6475	req.SetContext(ctx)
6476	req.ApplyOptions(opts...)
6477	return out, req.Send()
6478}
6479
6480const opEnablePolicyType = "EnablePolicyType"
6481
6482// EnablePolicyTypeRequest generates a "aws/request.Request" representing the
6483// client's request for the EnablePolicyType operation. The "output" return
6484// value will be populated with the request's response once the request completes
6485// successfully.
6486//
6487// Use "Send" method on the returned Request to send the API call to the service.
6488// the "output" return value is not valid until after Send returns without error.
6489//
6490// See EnablePolicyType for more information on using the EnablePolicyType
6491// API call, and error handling.
6492//
6493// This method is useful when you want to inject custom logic or configuration
6494// into the SDK's request lifecycle. Such as custom headers, or retry logic.
6495//
6496//
6497//    // Example sending a request using the EnablePolicyTypeRequest method.
6498//    req, resp := client.EnablePolicyTypeRequest(params)
6499//
6500//    err := req.Send()
6501//    if err == nil { // resp is now filled
6502//        fmt.Println(resp)
6503//    }
6504//
6505// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyType
6506func (c *Organizations) EnablePolicyTypeRequest(input *EnablePolicyTypeInput) (req *request.Request, output *EnablePolicyTypeOutput) {
6507	op := &request.Operation{
6508		Name:       opEnablePolicyType,
6509		HTTPMethod: "POST",
6510		HTTPPath:   "/",
6511	}
6512
6513	if input == nil {
6514		input = &EnablePolicyTypeInput{}
6515	}
6516
6517	output = &EnablePolicyTypeOutput{}
6518	req = c.newRequest(op, input, output)
6519	return
6520}
6521
6522// EnablePolicyType API operation for AWS Organizations.
6523//
6524// Enables a policy type in a root. After you enable a policy type in a root,
6525// you can attach policies of that type to the root, any organizational unit
6526// (OU), or account in that root. You can undo this by using the DisablePolicyType
6527// operation.
6528//
6529// This is an asynchronous request that AWS performs in the background. AWS
6530// recommends that you first use ListRoots to see the status of policy types
6531// for a specified root, and then use this operation.
6532//
6533// This operation can be called only from the organization's master account.
6534//
6535// You can enable a policy type in a root only if that policy type is available
6536// in the organization. To view the status of available policy types in the
6537// organization, use DescribeOrganization.
6538//
6539// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
6540// with awserr.Error's Code and Message methods to get detailed information about
6541// the error.
6542//
6543// See the AWS API reference guide for AWS Organizations's
6544// API operation EnablePolicyType for usage and error information.
6545//
6546// Returned Error Types:
6547//   * AccessDeniedException
6548//   You don't have permissions to perform the requested operation. The user or
6549//   role that is making the request must have at least one IAM permissions policy
6550//   attached that grants the required permissions. For more information, see
6551//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
6552//   in the IAM User Guide.
6553//
6554//   * AWSOrganizationsNotInUseException
6555//   Your account isn't a member of an organization. To make this request, you
6556//   must use the credentials of an account that belongs to an organization.
6557//
6558//   * ConcurrentModificationException
6559//   The target of the operation is currently being modified by a different request.
6560//   Try again later.
6561//
6562//   * ConstraintViolationException
6563//   Performing this operation violates a minimum or maximum value limit. For
6564//   example, attempting to remove the last service control policy (SCP) from
6565//   an OU or root, inviting or creating too many accounts to the organization,
6566//   or attaching too many policies to an account, OU, or root. This exception
6567//   includes a reason that contains additional information about the violated
6568//   limit:
6569//
6570//   Some of the reasons in the following list might not be applicable to this
6571//   specific API or operation.
6572//
6573//      * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master
6574//      account from the organization. You can't remove the master account. Instead,
6575//      after you remove all member accounts, delete the organization itself.
6576//
6577//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
6578//      from the organization that doesn't yet have enough information to exist
6579//      as a standalone account. This account requires you to first agree to the
6580//      AWS Customer Agreement. Follow the steps at Removing a member account
6581//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
6582//      the AWS Organizations User Guide.
6583//
6584//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
6585//      an account from the organization that doesn't yet have enough information
6586//      to exist as a standalone account. This account requires you to first complete
6587//      phone verification. Follow the steps at Removing a member account from
6588//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
6589//      in the AWS Organizations User Guide.
6590//
6591//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
6592//      of accounts that you can create in one day.
6593//
6594//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
6595//      the number of accounts in an organization. If you need more accounts,
6596//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
6597//      request an increase in your limit. Or the number of invitations that you
6598//      tried to send would cause you to exceed the limit of accounts in your
6599//      organization. Send fewer invitations or contact AWS Support to request
6600//      an increase in the number of accounts. Deleted and closed accounts still
6601//      count toward your limit. If you get this exception when running a command
6602//      immediately after creating the organization, wait one hour and try again.
6603//      After an hour, if the command continues to fail with this error, contact
6604//      AWS Support (https://console.aws.amazon.com/support/home#/).
6605//
6606//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
6607//      register the master account of the organization as a delegated administrator
6608//      for an AWS service integrated with Organizations. You can designate only
6609//      a member account as a delegated administrator.
6610//
6611//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
6612//      an account that is registered as a delegated administrator for a service
6613//      integrated with your organization. To complete this operation, you must
6614//      first deregister this account as a delegated administrator.
6615//
6616//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
6617//      organization in the specified region, you must enable all features mode.
6618//
6619//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
6620//      an AWS account as a delegated administrator for an AWS service that already
6621//      has a delegated administrator. To complete this operation, you must first
6622//      deregister any existing delegated administrators for this service.
6623//
6624//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
6625//      valid for a limited period of time. You must resubmit the request and
6626//      generate a new verfication code.
6627//
6628//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
6629//      handshakes that you can send in one day.
6630//
6631//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
6632//      in this organization, you first must migrate the organization's master
6633//      account to the marketplace that corresponds to the master account's address.
6634//      For example, accounts with India addresses must be associated with the
6635//      AISPL marketplace. All accounts in an organization must be associated
6636//      with the same marketplace.
6637//
6638//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
6639//      in China. To create an organization, the master must have an valid business
6640//      license. For more information, contact customer support.
6641//
6642//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
6643//      must first provide a valid contact address and phone number for the master
6644//      account. Then try the operation again.
6645//
6646//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
6647//      master account must have an associated account in the AWS GovCloud (US-West)
6648//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
6649//      in the AWS GovCloud User Guide.
6650//
6651//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
6652//      with this master account, you first must associate a valid payment instrument,
6653//      such as a credit card, with the account. Follow the steps at To leave
6654//      an organization when all required account information has not yet been
6655//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
6656//      in the AWS Organizations User Guide.
6657//
6658//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
6659//      to register more delegated administrators than allowed for the service
6660//      principal.
6661//
6662//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
6663//      number of policies of a certain type that can be attached to an entity
6664//      at one time.
6665//
6666//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
6667//      on this resource.
6668//
6669//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
6670//      with this member account, you first must associate a valid payment instrument,
6671//      such as a credit card, with the account. Follow the steps at To leave
6672//      an organization when all required account information has not yet been
6673//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
6674//      in the AWS Organizations User Guide.
6675//
6676//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
6677//      policy from an entity that would cause the entity to have fewer than the
6678//      minimum number of policies of a certain type required.
6679//
6680//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
6681//      that requires the organization to be configured to support all features.
6682//      An organization that supports only consolidated billing features can't
6683//      perform this operation.
6684//
6685//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
6686//      too many levels deep.
6687//
6688//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
6689//      that you can have in an organization.
6690//
6691//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
6692//      is larger than the maximum size.
6693//
6694//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
6695//      policies that you can have in an organization.
6696//
6697//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
6698//      tags that are not compliant with the tag policy requirements for this
6699//      account.
6700//
6701//   * InvalidInputException
6702//   The requested operation failed because you provided invalid values for one
6703//   or more of the request parameters. This exception includes a reason that
6704//   contains additional information about the violated limit:
6705//
6706//   Some of the reasons in the following list might not be applicable to this
6707//   specific API or operation.
6708//
6709//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
6710//      can't be modified.
6711//
6712//      * INPUT_REQUIRED: You must include a value for all required parameters.
6713//
6714//      * INVALID_ENUM: You specified an invalid value.
6715//
6716//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
6717//      characters.
6718//
6719//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
6720//      at least one invalid value.
6721//
6722//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
6723//      from the response to a previous call of the operation.
6724//
6725//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
6726//      organization, or email) as a party.
6727//
6728//      * INVALID_PATTERN: You provided a value that doesn't match the required
6729//      pattern.
6730//
6731//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
6732//      match the required pattern.
6733//
6734//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
6735//      name can't begin with the reserved prefix AWSServiceRoleFor.
6736//
6737//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
6738//      Name (ARN) for the organization.
6739//
6740//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
6741//
6742//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
6743//      tag. You can’t add, edit, or delete system tag keys because they're
6744//      reserved for AWS use. System tags don’t count against your tags per
6745//      resource limit.
6746//
6747//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
6748//      for the operation.
6749//
6750//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
6751//      than allowed.
6752//
6753//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
6754//      value than allowed.
6755//
6756//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
6757//      than allowed.
6758//
6759//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
6760//      value than allowed.
6761//
6762//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
6763//      between entities in the same root.
6764//
6765//   * PolicyTypeAlreadyEnabledException
6766//   The specified policy type is already enabled in the specified root.
6767//
6768//   * RootNotFoundException
6769//   We can't find a root with the RootId that you specified.
6770//
6771//   * ServiceException
6772//   AWS Organizations can't complete your request because of an internal service
6773//   error. Try again later.
6774//
6775//   * TooManyRequestsException
6776//   You have sent too many requests in too short a period of time. The quota
6777//   helps protect against denial-of-service attacks. Try again later.
6778//
6779//   For information about quotas that affect AWS Organizations, see Quotas for
6780//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
6781//   the AWS Organizations User Guide.
6782//
6783//   * PolicyTypeNotAvailableForOrganizationException
6784//   You can't use the specified policy type with the feature set currently enabled
6785//   for this organization. For example, you can enable SCPs only after you enable
6786//   all features in the organization. For more information, see Managing AWS
6787//   Organizations Policies (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root)in
6788//   the AWS Organizations User Guide.
6789//
6790//   * UnsupportedAPIEndpointException
6791//   This action isn't available in the current AWS Region.
6792//
6793//   * PolicyChangesInProgressException
6794//   Changes to the effective policy are in progress, and its contents can't be
6795//   returned. Try the operation again later.
6796//
6797// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyType
6798func (c *Organizations) EnablePolicyType(input *EnablePolicyTypeInput) (*EnablePolicyTypeOutput, error) {
6799	req, out := c.EnablePolicyTypeRequest(input)
6800	return out, req.Send()
6801}
6802
6803// EnablePolicyTypeWithContext is the same as EnablePolicyType with the addition of
6804// the ability to pass a context and additional request options.
6805//
6806// See EnablePolicyType for details on how to use this API operation.
6807//
6808// The context must be non-nil and will be used for request cancellation. If
6809// the context is nil a panic will occur. In the future the SDK may create
6810// sub-contexts for http.Requests. See https://golang.org/pkg/context/
6811// for more information on using Contexts.
6812func (c *Organizations) EnablePolicyTypeWithContext(ctx aws.Context, input *EnablePolicyTypeInput, opts ...request.Option) (*EnablePolicyTypeOutput, error) {
6813	req, out := c.EnablePolicyTypeRequest(input)
6814	req.SetContext(ctx)
6815	req.ApplyOptions(opts...)
6816	return out, req.Send()
6817}
6818
6819const opInviteAccountToOrganization = "InviteAccountToOrganization"
6820
6821// InviteAccountToOrganizationRequest generates a "aws/request.Request" representing the
6822// client's request for the InviteAccountToOrganization operation. The "output" return
6823// value will be populated with the request's response once the request completes
6824// successfully.
6825//
6826// Use "Send" method on the returned Request to send the API call to the service.
6827// the "output" return value is not valid until after Send returns without error.
6828//
6829// See InviteAccountToOrganization for more information on using the InviteAccountToOrganization
6830// API call, and error handling.
6831//
6832// This method is useful when you want to inject custom logic or configuration
6833// into the SDK's request lifecycle. Such as custom headers, or retry logic.
6834//
6835//
6836//    // Example sending a request using the InviteAccountToOrganizationRequest method.
6837//    req, resp := client.InviteAccountToOrganizationRequest(params)
6838//
6839//    err := req.Send()
6840//    if err == nil { // resp is now filled
6841//        fmt.Println(resp)
6842//    }
6843//
6844// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/InviteAccountToOrganization
6845func (c *Organizations) InviteAccountToOrganizationRequest(input *InviteAccountToOrganizationInput) (req *request.Request, output *InviteAccountToOrganizationOutput) {
6846	op := &request.Operation{
6847		Name:       opInviteAccountToOrganization,
6848		HTTPMethod: "POST",
6849		HTTPPath:   "/",
6850	}
6851
6852	if input == nil {
6853		input = &InviteAccountToOrganizationInput{}
6854	}
6855
6856	output = &InviteAccountToOrganizationOutput{}
6857	req = c.newRequest(op, input, output)
6858	return
6859}
6860
6861// InviteAccountToOrganization API operation for AWS Organizations.
6862//
6863// Sends an invitation to another account to join your organization as a member
6864// account. AWS Organizations sends email on your behalf to the email address
6865// that is associated with the other account's owner. The invitation is implemented
6866// as a Handshake whose details are in the response.
6867//
6868//    * You can invite AWS accounts only from the same seller as the master
6869//    account. For example, if your organization's master account was created
6870//    by Amazon Internet Services Pvt. Ltd (AISPL), an AWS seller in India,
6871//    you can invite only other AISPL accounts to your organization. You can't
6872//    combine accounts from AISPL and AWS or from any other AWS seller. For
6873//    more information, see Consolidated Billing in India (http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/useconsolidatedbilliing-India.html).
6874//
6875//    * If you receive an exception that indicates that you exceeded your account
6876//    limits for the organization or that the operation failed because your
6877//    organization is still initializing, wait one hour and then try again.
6878//    If the error persists after an hour, contact AWS Support (https://console.aws.amazon.com/support/home#/).
6879//
6880// This operation can be called only from the organization's master account.
6881//
6882// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
6883// with awserr.Error's Code and Message methods to get detailed information about
6884// the error.
6885//
6886// See the AWS API reference guide for AWS Organizations's
6887// API operation InviteAccountToOrganization for usage and error information.
6888//
6889// Returned Error Types:
6890//   * AccessDeniedException
6891//   You don't have permissions to perform the requested operation. The user or
6892//   role that is making the request must have at least one IAM permissions policy
6893//   attached that grants the required permissions. For more information, see
6894//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
6895//   in the IAM User Guide.
6896//
6897//   * AWSOrganizationsNotInUseException
6898//   Your account isn't a member of an organization. To make this request, you
6899//   must use the credentials of an account that belongs to an organization.
6900//
6901//   * AccountOwnerNotVerifiedException
6902//   You can't invite an existing account to your organization until you verify
6903//   that you own the email address associated with the master account. For more
6904//   information, see Email Address Verification (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_create.html#about-email-verification)
6905//   in the AWS Organizations User Guide.
6906//
6907//   * ConcurrentModificationException
6908//   The target of the operation is currently being modified by a different request.
6909//   Try again later.
6910//
6911//   * HandshakeConstraintViolationException
6912//   The requested operation would violate the constraint identified in the reason
6913//   code.
6914//
6915//   Some of the reasons in the following list might not be applicable to this
6916//   specific API or operation:
6917//
6918//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
6919//      the number of accounts in an organization. Note that deleted and closed
6920//      accounts still count toward your limit. If you get this exception immediately
6921//      after creating the organization, wait one hour and try again. If after
6922//      an hour it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/).
6923//
6924//      * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because
6925//      the invited account is already a member of an organization.
6926//
6927//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
6928//      handshakes that you can send in one day.
6929//
6930//      * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations
6931//      to join an organization while it's in the process of enabling all features.
6932//      You can resume inviting accounts after you finalize the process when all
6933//      accounts have agreed to the change.
6934//
6935//      * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid
6936//      because the organization has already enabled all features.
6937//
6938//      * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because
6939//      the account is from a different marketplace than the accounts in the organization.
6940//      For example, accounts with India addresses must be associated with the
6941//      AISPL marketplace. All accounts in an organization must be from the same
6942//      marketplace.
6943//
6944//      * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to
6945//      change the membership of an account too quickly after its previous change.
6946//
6947//      * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an
6948//      account that doesn't have a payment instrument, such as a credit card,
6949//      associated with it.
6950//
6951//   * DuplicateHandshakeException
6952//   A handshake with the same action and target already exists. For example,
6953//   if you invited an account to join your organization, the invited account
6954//   might already have a pending invitation from this organization. If you intend
6955//   to resend an invitation to an account, ensure that existing handshakes that
6956//   might be considered duplicates are canceled or declined.
6957//
6958//   * InvalidInputException
6959//   The requested operation failed because you provided invalid values for one
6960//   or more of the request parameters. This exception includes a reason that
6961//   contains additional information about the violated limit:
6962//
6963//   Some of the reasons in the following list might not be applicable to this
6964//   specific API or operation.
6965//
6966//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
6967//      can't be modified.
6968//
6969//      * INPUT_REQUIRED: You must include a value for all required parameters.
6970//
6971//      * INVALID_ENUM: You specified an invalid value.
6972//
6973//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
6974//      characters.
6975//
6976//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
6977//      at least one invalid value.
6978//
6979//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
6980//      from the response to a previous call of the operation.
6981//
6982//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
6983//      organization, or email) as a party.
6984//
6985//      * INVALID_PATTERN: You provided a value that doesn't match the required
6986//      pattern.
6987//
6988//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
6989//      match the required pattern.
6990//
6991//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
6992//      name can't begin with the reserved prefix AWSServiceRoleFor.
6993//
6994//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
6995//      Name (ARN) for the organization.
6996//
6997//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
6998//
6999//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
7000//      tag. You can’t add, edit, or delete system tag keys because they're
7001//      reserved for AWS use. System tags don’t count against your tags per
7002//      resource limit.
7003//
7004//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
7005//      for the operation.
7006//
7007//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
7008//      than allowed.
7009//
7010//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
7011//      value than allowed.
7012//
7013//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
7014//      than allowed.
7015//
7016//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
7017//      value than allowed.
7018//
7019//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
7020//      between entities in the same root.
7021//
7022//   * FinalizingOrganizationException
7023//   AWS Organizations couldn't perform the operation because your organization
7024//   hasn't finished initializing. This can take up to an hour. Try again later.
7025//   If after one hour you continue to receive this error, contact AWS Support
7026//   (https://console.aws.amazon.com/support/home#/).
7027//
7028//   * ServiceException
7029//   AWS Organizations can't complete your request because of an internal service
7030//   error. Try again later.
7031//
7032//   * TooManyRequestsException
7033//   You have sent too many requests in too short a period of time. The quota
7034//   helps protect against denial-of-service attacks. Try again later.
7035//
7036//   For information about quotas that affect AWS Organizations, see Quotas for
7037//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
7038//   the AWS Organizations User Guide.
7039//
7040// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/InviteAccountToOrganization
7041func (c *Organizations) InviteAccountToOrganization(input *InviteAccountToOrganizationInput) (*InviteAccountToOrganizationOutput, error) {
7042	req, out := c.InviteAccountToOrganizationRequest(input)
7043	return out, req.Send()
7044}
7045
7046// InviteAccountToOrganizationWithContext is the same as InviteAccountToOrganization with the addition of
7047// the ability to pass a context and additional request options.
7048//
7049// See InviteAccountToOrganization for details on how to use this API operation.
7050//
7051// The context must be non-nil and will be used for request cancellation. If
7052// the context is nil a panic will occur. In the future the SDK may create
7053// sub-contexts for http.Requests. See https://golang.org/pkg/context/
7054// for more information on using Contexts.
7055func (c *Organizations) InviteAccountToOrganizationWithContext(ctx aws.Context, input *InviteAccountToOrganizationInput, opts ...request.Option) (*InviteAccountToOrganizationOutput, error) {
7056	req, out := c.InviteAccountToOrganizationRequest(input)
7057	req.SetContext(ctx)
7058	req.ApplyOptions(opts...)
7059	return out, req.Send()
7060}
7061
7062const opLeaveOrganization = "LeaveOrganization"
7063
7064// LeaveOrganizationRequest generates a "aws/request.Request" representing the
7065// client's request for the LeaveOrganization operation. The "output" return
7066// value will be populated with the request's response once the request completes
7067// successfully.
7068//
7069// Use "Send" method on the returned Request to send the API call to the service.
7070// the "output" return value is not valid until after Send returns without error.
7071//
7072// See LeaveOrganization for more information on using the LeaveOrganization
7073// API call, and error handling.
7074//
7075// This method is useful when you want to inject custom logic or configuration
7076// into the SDK's request lifecycle. Such as custom headers, or retry logic.
7077//
7078//
7079//    // Example sending a request using the LeaveOrganizationRequest method.
7080//    req, resp := client.LeaveOrganizationRequest(params)
7081//
7082//    err := req.Send()
7083//    if err == nil { // resp is now filled
7084//        fmt.Println(resp)
7085//    }
7086//
7087// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/LeaveOrganization
7088func (c *Organizations) LeaveOrganizationRequest(input *LeaveOrganizationInput) (req *request.Request, output *LeaveOrganizationOutput) {
7089	op := &request.Operation{
7090		Name:       opLeaveOrganization,
7091		HTTPMethod: "POST",
7092		HTTPPath:   "/",
7093	}
7094
7095	if input == nil {
7096		input = &LeaveOrganizationInput{}
7097	}
7098
7099	output = &LeaveOrganizationOutput{}
7100	req = c.newRequest(op, input, output)
7101	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
7102	return
7103}
7104
7105// LeaveOrganization API operation for AWS Organizations.
7106//
7107// Removes a member account from its parent organization. This version of the
7108// operation is performed by the account that wants to leave. To remove a member
7109// account as a user in the master account, use RemoveAccountFromOrganization
7110// instead.
7111//
7112// This operation can be called only from a member account in the organization.
7113//
7114//    * The master account in an organization with all features enabled can
7115//    set service control policies (SCPs) that can restrict what administrators
7116//    of member accounts can do. This includes preventing them from successfully
7117//    calling LeaveOrganization and leaving the organization.
7118//
7119//    * You can leave an organization as a member account only if the account
7120//    is configured with the information required to operate as a standalone
7121//    account. When you create an account in an organization using the AWS Organizations
7122//    console, API, or CLI commands, the information required of standalone
7123//    accounts is not automatically collected. For each account that you want
7124//    to make standalone, you must do the following steps: Accept the end user
7125//    license agreement (EULA) Choose a support plan Provide and verify the
7126//    required contact information Provide a current payment method AWS uses
7127//    the payment method to charge for any billable (not free tier) AWS activity
7128//    that occurs while the account isn't attached to an organization. Follow
7129//    the steps at To leave an organization when all required account information
7130//    has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
7131//    in the AWS Organizations User Guide.
7132//
7133//    * You can leave an organization only after you enable IAM user access
7134//    to billing in your account. For more information, see Activating Access
7135//    to the Billing and Cost Management Console (http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate)
7136//    in the AWS Billing and Cost Management User Guide.
7137//
7138// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
7139// with awserr.Error's Code and Message methods to get detailed information about
7140// the error.
7141//
7142// See the AWS API reference guide for AWS Organizations's
7143// API operation LeaveOrganization for usage and error information.
7144//
7145// Returned Error Types:
7146//   * AccessDeniedException
7147//   You don't have permissions to perform the requested operation. The user or
7148//   role that is making the request must have at least one IAM permissions policy
7149//   attached that grants the required permissions. For more information, see
7150//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
7151//   in the IAM User Guide.
7152//
7153//   * AccountNotFoundException
7154//   We can't find an AWS account with the AccountId that you specified, or the
7155//   account whose credentials you used to make this request isn't a member of
7156//   an organization.
7157//
7158//   * AWSOrganizationsNotInUseException
7159//   Your account isn't a member of an organization. To make this request, you
7160//   must use the credentials of an account that belongs to an organization.
7161//
7162//   * ConcurrentModificationException
7163//   The target of the operation is currently being modified by a different request.
7164//   Try again later.
7165//
7166//   * ConstraintViolationException
7167//   Performing this operation violates a minimum or maximum value limit. For
7168//   example, attempting to remove the last service control policy (SCP) from
7169//   an OU or root, inviting or creating too many accounts to the organization,
7170//   or attaching too many policies to an account, OU, or root. This exception
7171//   includes a reason that contains additional information about the violated
7172//   limit:
7173//
7174//   Some of the reasons in the following list might not be applicable to this
7175//   specific API or operation.
7176//
7177//      * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master
7178//      account from the organization. You can't remove the master account. Instead,
7179//      after you remove all member accounts, delete the organization itself.
7180//
7181//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
7182//      from the organization that doesn't yet have enough information to exist
7183//      as a standalone account. This account requires you to first agree to the
7184//      AWS Customer Agreement. Follow the steps at Removing a member account
7185//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
7186//      the AWS Organizations User Guide.
7187//
7188//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
7189//      an account from the organization that doesn't yet have enough information
7190//      to exist as a standalone account. This account requires you to first complete
7191//      phone verification. Follow the steps at Removing a member account from
7192//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
7193//      in the AWS Organizations User Guide.
7194//
7195//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
7196//      of accounts that you can create in one day.
7197//
7198//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
7199//      the number of accounts in an organization. If you need more accounts,
7200//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
7201//      request an increase in your limit. Or the number of invitations that you
7202//      tried to send would cause you to exceed the limit of accounts in your
7203//      organization. Send fewer invitations or contact AWS Support to request
7204//      an increase in the number of accounts. Deleted and closed accounts still
7205//      count toward your limit. If you get this exception when running a command
7206//      immediately after creating the organization, wait one hour and try again.
7207//      After an hour, if the command continues to fail with this error, contact
7208//      AWS Support (https://console.aws.amazon.com/support/home#/).
7209//
7210//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
7211//      register the master account of the organization as a delegated administrator
7212//      for an AWS service integrated with Organizations. You can designate only
7213//      a member account as a delegated administrator.
7214//
7215//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
7216//      an account that is registered as a delegated administrator for a service
7217//      integrated with your organization. To complete this operation, you must
7218//      first deregister this account as a delegated administrator.
7219//
7220//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
7221//      organization in the specified region, you must enable all features mode.
7222//
7223//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
7224//      an AWS account as a delegated administrator for an AWS service that already
7225//      has a delegated administrator. To complete this operation, you must first
7226//      deregister any existing delegated administrators for this service.
7227//
7228//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
7229//      valid for a limited period of time. You must resubmit the request and
7230//      generate a new verfication code.
7231//
7232//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
7233//      handshakes that you can send in one day.
7234//
7235//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
7236//      in this organization, you first must migrate the organization's master
7237//      account to the marketplace that corresponds to the master account's address.
7238//      For example, accounts with India addresses must be associated with the
7239//      AISPL marketplace. All accounts in an organization must be associated
7240//      with the same marketplace.
7241//
7242//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
7243//      in China. To create an organization, the master must have an valid business
7244//      license. For more information, contact customer support.
7245//
7246//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
7247//      must first provide a valid contact address and phone number for the master
7248//      account. Then try the operation again.
7249//
7250//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
7251//      master account must have an associated account in the AWS GovCloud (US-West)
7252//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
7253//      in the AWS GovCloud User Guide.
7254//
7255//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
7256//      with this master account, you first must associate a valid payment instrument,
7257//      such as a credit card, with the account. Follow the steps at To leave
7258//      an organization when all required account information has not yet been
7259//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
7260//      in the AWS Organizations User Guide.
7261//
7262//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
7263//      to register more delegated administrators than allowed for the service
7264//      principal.
7265//
7266//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
7267//      number of policies of a certain type that can be attached to an entity
7268//      at one time.
7269//
7270//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
7271//      on this resource.
7272//
7273//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
7274//      with this member account, you first must associate a valid payment instrument,
7275//      such as a credit card, with the account. Follow the steps at To leave
7276//      an organization when all required account information has not yet been
7277//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
7278//      in the AWS Organizations User Guide.
7279//
7280//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
7281//      policy from an entity that would cause the entity to have fewer than the
7282//      minimum number of policies of a certain type required.
7283//
7284//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
7285//      that requires the organization to be configured to support all features.
7286//      An organization that supports only consolidated billing features can't
7287//      perform this operation.
7288//
7289//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
7290//      too many levels deep.
7291//
7292//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
7293//      that you can have in an organization.
7294//
7295//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
7296//      is larger than the maximum size.
7297//
7298//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
7299//      policies that you can have in an organization.
7300//
7301//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
7302//      tags that are not compliant with the tag policy requirements for this
7303//      account.
7304//
7305//   * InvalidInputException
7306//   The requested operation failed because you provided invalid values for one
7307//   or more of the request parameters. This exception includes a reason that
7308//   contains additional information about the violated limit:
7309//
7310//   Some of the reasons in the following list might not be applicable to this
7311//   specific API or operation.
7312//
7313//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
7314//      can't be modified.
7315//
7316//      * INPUT_REQUIRED: You must include a value for all required parameters.
7317//
7318//      * INVALID_ENUM: You specified an invalid value.
7319//
7320//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
7321//      characters.
7322//
7323//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
7324//      at least one invalid value.
7325//
7326//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
7327//      from the response to a previous call of the operation.
7328//
7329//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
7330//      organization, or email) as a party.
7331//
7332//      * INVALID_PATTERN: You provided a value that doesn't match the required
7333//      pattern.
7334//
7335//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
7336//      match the required pattern.
7337//
7338//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
7339//      name can't begin with the reserved prefix AWSServiceRoleFor.
7340//
7341//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
7342//      Name (ARN) for the organization.
7343//
7344//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
7345//
7346//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
7347//      tag. You can’t add, edit, or delete system tag keys because they're
7348//      reserved for AWS use. System tags don’t count against your tags per
7349//      resource limit.
7350//
7351//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
7352//      for the operation.
7353//
7354//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
7355//      than allowed.
7356//
7357//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
7358//      value than allowed.
7359//
7360//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
7361//      than allowed.
7362//
7363//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
7364//      value than allowed.
7365//
7366//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
7367//      between entities in the same root.
7368//
7369//   * MasterCannotLeaveOrganizationException
7370//   You can't remove a master account from an organization. If you want the master
7371//   account to become a member account in another organization, you must first
7372//   delete the current organization of the master account.
7373//
7374//   * ServiceException
7375//   AWS Organizations can't complete your request because of an internal service
7376//   error. Try again later.
7377//
7378//   * TooManyRequestsException
7379//   You have sent too many requests in too short a period of time. The quota
7380//   helps protect against denial-of-service attacks. Try again later.
7381//
7382//   For information about quotas that affect AWS Organizations, see Quotas for
7383//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
7384//   the AWS Organizations User Guide.
7385//
7386// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/LeaveOrganization
7387func (c *Organizations) LeaveOrganization(input *LeaveOrganizationInput) (*LeaveOrganizationOutput, error) {
7388	req, out := c.LeaveOrganizationRequest(input)
7389	return out, req.Send()
7390}
7391
7392// LeaveOrganizationWithContext is the same as LeaveOrganization with the addition of
7393// the ability to pass a context and additional request options.
7394//
7395// See LeaveOrganization for details on how to use this API operation.
7396//
7397// The context must be non-nil and will be used for request cancellation. If
7398// the context is nil a panic will occur. In the future the SDK may create
7399// sub-contexts for http.Requests. See https://golang.org/pkg/context/
7400// for more information on using Contexts.
7401func (c *Organizations) LeaveOrganizationWithContext(ctx aws.Context, input *LeaveOrganizationInput, opts ...request.Option) (*LeaveOrganizationOutput, error) {
7402	req, out := c.LeaveOrganizationRequest(input)
7403	req.SetContext(ctx)
7404	req.ApplyOptions(opts...)
7405	return out, req.Send()
7406}
7407
7408const opListAWSServiceAccessForOrganization = "ListAWSServiceAccessForOrganization"
7409
7410// ListAWSServiceAccessForOrganizationRequest generates a "aws/request.Request" representing the
7411// client's request for the ListAWSServiceAccessForOrganization operation. The "output" return
7412// value will be populated with the request's response once the request completes
7413// successfully.
7414//
7415// Use "Send" method on the returned Request to send the API call to the service.
7416// the "output" return value is not valid until after Send returns without error.
7417//
7418// See ListAWSServiceAccessForOrganization for more information on using the ListAWSServiceAccessForOrganization
7419// API call, and error handling.
7420//
7421// This method is useful when you want to inject custom logic or configuration
7422// into the SDK's request lifecycle. Such as custom headers, or retry logic.
7423//
7424//
7425//    // Example sending a request using the ListAWSServiceAccessForOrganizationRequest method.
7426//    req, resp := client.ListAWSServiceAccessForOrganizationRequest(params)
7427//
7428//    err := req.Send()
7429//    if err == nil { // resp is now filled
7430//        fmt.Println(resp)
7431//    }
7432//
7433// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAWSServiceAccessForOrganization
7434func (c *Organizations) ListAWSServiceAccessForOrganizationRequest(input *ListAWSServiceAccessForOrganizationInput) (req *request.Request, output *ListAWSServiceAccessForOrganizationOutput) {
7435	op := &request.Operation{
7436		Name:       opListAWSServiceAccessForOrganization,
7437		HTTPMethod: "POST",
7438		HTTPPath:   "/",
7439		Paginator: &request.Paginator{
7440			InputTokens:     []string{"NextToken"},
7441			OutputTokens:    []string{"NextToken"},
7442			LimitToken:      "MaxResults",
7443			TruncationToken: "",
7444		},
7445	}
7446
7447	if input == nil {
7448		input = &ListAWSServiceAccessForOrganizationInput{}
7449	}
7450
7451	output = &ListAWSServiceAccessForOrganizationOutput{}
7452	req = c.newRequest(op, input, output)
7453	return
7454}
7455
7456// ListAWSServiceAccessForOrganization API operation for AWS Organizations.
7457//
7458// Returns a list of the AWS services that you enabled to integrate with your
7459// organization. After a service on this list creates the resources that it
7460// requires for the integration, it can perform operations on your organization
7461// and its accounts.
7462//
7463// For more information about integrating other services with AWS Organizations,
7464// including the list of services that currently work with Organizations, see
7465// Integrating AWS Organizations with Other AWS Services (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html)
7466// in the AWS Organizations User Guide.
7467//
7468// This operation can be called only from the organization's master account
7469// or by a member account that is a delegated administrator for an AWS service.
7470//
7471// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
7472// with awserr.Error's Code and Message methods to get detailed information about
7473// the error.
7474//
7475// See the AWS API reference guide for AWS Organizations's
7476// API operation ListAWSServiceAccessForOrganization for usage and error information.
7477//
7478// Returned Error Types:
7479//   * AccessDeniedException
7480//   You don't have permissions to perform the requested operation. The user or
7481//   role that is making the request must have at least one IAM permissions policy
7482//   attached that grants the required permissions. For more information, see
7483//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
7484//   in the IAM User Guide.
7485//
7486//   * AWSOrganizationsNotInUseException
7487//   Your account isn't a member of an organization. To make this request, you
7488//   must use the credentials of an account that belongs to an organization.
7489//
7490//   * ConstraintViolationException
7491//   Performing this operation violates a minimum or maximum value limit. For
7492//   example, attempting to remove the last service control policy (SCP) from
7493//   an OU or root, inviting or creating too many accounts to the organization,
7494//   or attaching too many policies to an account, OU, or root. This exception
7495//   includes a reason that contains additional information about the violated
7496//   limit:
7497//
7498//   Some of the reasons in the following list might not be applicable to this
7499//   specific API or operation.
7500//
7501//      * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master
7502//      account from the organization. You can't remove the master account. Instead,
7503//      after you remove all member accounts, delete the organization itself.
7504//
7505//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
7506//      from the organization that doesn't yet have enough information to exist
7507//      as a standalone account. This account requires you to first agree to the
7508//      AWS Customer Agreement. Follow the steps at Removing a member account
7509//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
7510//      the AWS Organizations User Guide.
7511//
7512//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
7513//      an account from the organization that doesn't yet have enough information
7514//      to exist as a standalone account. This account requires you to first complete
7515//      phone verification. Follow the steps at Removing a member account from
7516//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
7517//      in the AWS Organizations User Guide.
7518//
7519//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
7520//      of accounts that you can create in one day.
7521//
7522//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
7523//      the number of accounts in an organization. If you need more accounts,
7524//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
7525//      request an increase in your limit. Or the number of invitations that you
7526//      tried to send would cause you to exceed the limit of accounts in your
7527//      organization. Send fewer invitations or contact AWS Support to request
7528//      an increase in the number of accounts. Deleted and closed accounts still
7529//      count toward your limit. If you get this exception when running a command
7530//      immediately after creating the organization, wait one hour and try again.
7531//      After an hour, if the command continues to fail with this error, contact
7532//      AWS Support (https://console.aws.amazon.com/support/home#/).
7533//
7534//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
7535//      register the master account of the organization as a delegated administrator
7536//      for an AWS service integrated with Organizations. You can designate only
7537//      a member account as a delegated administrator.
7538//
7539//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
7540//      an account that is registered as a delegated administrator for a service
7541//      integrated with your organization. To complete this operation, you must
7542//      first deregister this account as a delegated administrator.
7543//
7544//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
7545//      organization in the specified region, you must enable all features mode.
7546//
7547//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
7548//      an AWS account as a delegated administrator for an AWS service that already
7549//      has a delegated administrator. To complete this operation, you must first
7550//      deregister any existing delegated administrators for this service.
7551//
7552//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
7553//      valid for a limited period of time. You must resubmit the request and
7554//      generate a new verfication code.
7555//
7556//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
7557//      handshakes that you can send in one day.
7558//
7559//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
7560//      in this organization, you first must migrate the organization's master
7561//      account to the marketplace that corresponds to the master account's address.
7562//      For example, accounts with India addresses must be associated with the
7563//      AISPL marketplace. All accounts in an organization must be associated
7564//      with the same marketplace.
7565//
7566//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
7567//      in China. To create an organization, the master must have an valid business
7568//      license. For more information, contact customer support.
7569//
7570//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
7571//      must first provide a valid contact address and phone number for the master
7572//      account. Then try the operation again.
7573//
7574//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
7575//      master account must have an associated account in the AWS GovCloud (US-West)
7576//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
7577//      in the AWS GovCloud User Guide.
7578//
7579//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
7580//      with this master account, you first must associate a valid payment instrument,
7581//      such as a credit card, with the account. Follow the steps at To leave
7582//      an organization when all required account information has not yet been
7583//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
7584//      in the AWS Organizations User Guide.
7585//
7586//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
7587//      to register more delegated administrators than allowed for the service
7588//      principal.
7589//
7590//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
7591//      number of policies of a certain type that can be attached to an entity
7592//      at one time.
7593//
7594//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
7595//      on this resource.
7596//
7597//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
7598//      with this member account, you first must associate a valid payment instrument,
7599//      such as a credit card, with the account. Follow the steps at To leave
7600//      an organization when all required account information has not yet been
7601//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
7602//      in the AWS Organizations User Guide.
7603//
7604//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
7605//      policy from an entity that would cause the entity to have fewer than the
7606//      minimum number of policies of a certain type required.
7607//
7608//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
7609//      that requires the organization to be configured to support all features.
7610//      An organization that supports only consolidated billing features can't
7611//      perform this operation.
7612//
7613//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
7614//      too many levels deep.
7615//
7616//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
7617//      that you can have in an organization.
7618//
7619//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
7620//      is larger than the maximum size.
7621//
7622//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
7623//      policies that you can have in an organization.
7624//
7625//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
7626//      tags that are not compliant with the tag policy requirements for this
7627//      account.
7628//
7629//   * InvalidInputException
7630//   The requested operation failed because you provided invalid values for one
7631//   or more of the request parameters. This exception includes a reason that
7632//   contains additional information about the violated limit:
7633//
7634//   Some of the reasons in the following list might not be applicable to this
7635//   specific API or operation.
7636//
7637//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
7638//      can't be modified.
7639//
7640//      * INPUT_REQUIRED: You must include a value for all required parameters.
7641//
7642//      * INVALID_ENUM: You specified an invalid value.
7643//
7644//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
7645//      characters.
7646//
7647//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
7648//      at least one invalid value.
7649//
7650//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
7651//      from the response to a previous call of the operation.
7652//
7653//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
7654//      organization, or email) as a party.
7655//
7656//      * INVALID_PATTERN: You provided a value that doesn't match the required
7657//      pattern.
7658//
7659//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
7660//      match the required pattern.
7661//
7662//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
7663//      name can't begin with the reserved prefix AWSServiceRoleFor.
7664//
7665//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
7666//      Name (ARN) for the organization.
7667//
7668//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
7669//
7670//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
7671//      tag. You can’t add, edit, or delete system tag keys because they're
7672//      reserved for AWS use. System tags don’t count against your tags per
7673//      resource limit.
7674//
7675//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
7676//      for the operation.
7677//
7678//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
7679//      than allowed.
7680//
7681//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
7682//      value than allowed.
7683//
7684//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
7685//      than allowed.
7686//
7687//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
7688//      value than allowed.
7689//
7690//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
7691//      between entities in the same root.
7692//
7693//   * ServiceException
7694//   AWS Organizations can't complete your request because of an internal service
7695//   error. Try again later.
7696//
7697//   * TooManyRequestsException
7698//   You have sent too many requests in too short a period of time. The quota
7699//   helps protect against denial-of-service attacks. Try again later.
7700//
7701//   For information about quotas that affect AWS Organizations, see Quotas for
7702//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
7703//   the AWS Organizations User Guide.
7704//
7705//   * UnsupportedAPIEndpointException
7706//   This action isn't available in the current AWS Region.
7707//
7708// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAWSServiceAccessForOrganization
7709func (c *Organizations) ListAWSServiceAccessForOrganization(input *ListAWSServiceAccessForOrganizationInput) (*ListAWSServiceAccessForOrganizationOutput, error) {
7710	req, out := c.ListAWSServiceAccessForOrganizationRequest(input)
7711	return out, req.Send()
7712}
7713
7714// ListAWSServiceAccessForOrganizationWithContext is the same as ListAWSServiceAccessForOrganization with the addition of
7715// the ability to pass a context and additional request options.
7716//
7717// See ListAWSServiceAccessForOrganization for details on how to use this API operation.
7718//
7719// The context must be non-nil and will be used for request cancellation. If
7720// the context is nil a panic will occur. In the future the SDK may create
7721// sub-contexts for http.Requests. See https://golang.org/pkg/context/
7722// for more information on using Contexts.
7723func (c *Organizations) ListAWSServiceAccessForOrganizationWithContext(ctx aws.Context, input *ListAWSServiceAccessForOrganizationInput, opts ...request.Option) (*ListAWSServiceAccessForOrganizationOutput, error) {
7724	req, out := c.ListAWSServiceAccessForOrganizationRequest(input)
7725	req.SetContext(ctx)
7726	req.ApplyOptions(opts...)
7727	return out, req.Send()
7728}
7729
7730// ListAWSServiceAccessForOrganizationPages iterates over the pages of a ListAWSServiceAccessForOrganization operation,
7731// calling the "fn" function with the response data for each page. To stop
7732// iterating, return false from the fn function.
7733//
7734// See ListAWSServiceAccessForOrganization method for more information on how to use this operation.
7735//
7736// Note: This operation can generate multiple requests to a service.
7737//
7738//    // Example iterating over at most 3 pages of a ListAWSServiceAccessForOrganization operation.
7739//    pageNum := 0
7740//    err := client.ListAWSServiceAccessForOrganizationPages(params,
7741//        func(page *organizations.ListAWSServiceAccessForOrganizationOutput, lastPage bool) bool {
7742//            pageNum++
7743//            fmt.Println(page)
7744//            return pageNum <= 3
7745//        })
7746//
7747func (c *Organizations) ListAWSServiceAccessForOrganizationPages(input *ListAWSServiceAccessForOrganizationInput, fn func(*ListAWSServiceAccessForOrganizationOutput, bool) bool) error {
7748	return c.ListAWSServiceAccessForOrganizationPagesWithContext(aws.BackgroundContext(), input, fn)
7749}
7750
7751// ListAWSServiceAccessForOrganizationPagesWithContext same as ListAWSServiceAccessForOrganizationPages except
7752// it takes a Context and allows setting request options on the pages.
7753//
7754// The context must be non-nil and will be used for request cancellation. If
7755// the context is nil a panic will occur. In the future the SDK may create
7756// sub-contexts for http.Requests. See https://golang.org/pkg/context/
7757// for more information on using Contexts.
7758func (c *Organizations) ListAWSServiceAccessForOrganizationPagesWithContext(ctx aws.Context, input *ListAWSServiceAccessForOrganizationInput, fn func(*ListAWSServiceAccessForOrganizationOutput, bool) bool, opts ...request.Option) error {
7759	p := request.Pagination{
7760		NewRequest: func() (*request.Request, error) {
7761			var inCpy *ListAWSServiceAccessForOrganizationInput
7762			if input != nil {
7763				tmp := *input
7764				inCpy = &tmp
7765			}
7766			req, _ := c.ListAWSServiceAccessForOrganizationRequest(inCpy)
7767			req.SetContext(ctx)
7768			req.ApplyOptions(opts...)
7769			return req, nil
7770		},
7771	}
7772
7773	for p.Next() {
7774		if !fn(p.Page().(*ListAWSServiceAccessForOrganizationOutput), !p.HasNextPage()) {
7775			break
7776		}
7777	}
7778
7779	return p.Err()
7780}
7781
7782const opListAccounts = "ListAccounts"
7783
7784// ListAccountsRequest generates a "aws/request.Request" representing the
7785// client's request for the ListAccounts operation. The "output" return
7786// value will be populated with the request's response once the request completes
7787// successfully.
7788//
7789// Use "Send" method on the returned Request to send the API call to the service.
7790// the "output" return value is not valid until after Send returns without error.
7791//
7792// See ListAccounts for more information on using the ListAccounts
7793// API call, and error handling.
7794//
7795// This method is useful when you want to inject custom logic or configuration
7796// into the SDK's request lifecycle. Such as custom headers, or retry logic.
7797//
7798//
7799//    // Example sending a request using the ListAccountsRequest method.
7800//    req, resp := client.ListAccountsRequest(params)
7801//
7802//    err := req.Send()
7803//    if err == nil { // resp is now filled
7804//        fmt.Println(resp)
7805//    }
7806//
7807// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccounts
7808func (c *Organizations) ListAccountsRequest(input *ListAccountsInput) (req *request.Request, output *ListAccountsOutput) {
7809	op := &request.Operation{
7810		Name:       opListAccounts,
7811		HTTPMethod: "POST",
7812		HTTPPath:   "/",
7813		Paginator: &request.Paginator{
7814			InputTokens:     []string{"NextToken"},
7815			OutputTokens:    []string{"NextToken"},
7816			LimitToken:      "MaxResults",
7817			TruncationToken: "",
7818		},
7819	}
7820
7821	if input == nil {
7822		input = &ListAccountsInput{}
7823	}
7824
7825	output = &ListAccountsOutput{}
7826	req = c.newRequest(op, input, output)
7827	return
7828}
7829
7830// ListAccounts API operation for AWS Organizations.
7831//
7832// Lists all the accounts in the organization. To request only the accounts
7833// in a specified root or organizational unit (OU), use the ListAccountsForParent
7834// operation instead.
7835//
7836// Always check the NextToken response parameter for a null value when calling
7837// a List* operation. These operations can occasionally return an empty set
7838// of results even when there are more results available. The NextToken response
7839// parameter value is null only when there are no more results to display.
7840//
7841// This operation can be called only from the organization's master account
7842// or by a member account that is a delegated administrator for an AWS service.
7843//
7844// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
7845// with awserr.Error's Code and Message methods to get detailed information about
7846// the error.
7847//
7848// See the AWS API reference guide for AWS Organizations's
7849// API operation ListAccounts for usage and error information.
7850//
7851// Returned Error Types:
7852//   * AccessDeniedException
7853//   You don't have permissions to perform the requested operation. The user or
7854//   role that is making the request must have at least one IAM permissions policy
7855//   attached that grants the required permissions. For more information, see
7856//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
7857//   in the IAM User Guide.
7858//
7859//   * AWSOrganizationsNotInUseException
7860//   Your account isn't a member of an organization. To make this request, you
7861//   must use the credentials of an account that belongs to an organization.
7862//
7863//   * InvalidInputException
7864//   The requested operation failed because you provided invalid values for one
7865//   or more of the request parameters. This exception includes a reason that
7866//   contains additional information about the violated limit:
7867//
7868//   Some of the reasons in the following list might not be applicable to this
7869//   specific API or operation.
7870//
7871//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
7872//      can't be modified.
7873//
7874//      * INPUT_REQUIRED: You must include a value for all required parameters.
7875//
7876//      * INVALID_ENUM: You specified an invalid value.
7877//
7878//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
7879//      characters.
7880//
7881//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
7882//      at least one invalid value.
7883//
7884//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
7885//      from the response to a previous call of the operation.
7886//
7887//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
7888//      organization, or email) as a party.
7889//
7890//      * INVALID_PATTERN: You provided a value that doesn't match the required
7891//      pattern.
7892//
7893//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
7894//      match the required pattern.
7895//
7896//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
7897//      name can't begin with the reserved prefix AWSServiceRoleFor.
7898//
7899//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
7900//      Name (ARN) for the organization.
7901//
7902//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
7903//
7904//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
7905//      tag. You can’t add, edit, or delete system tag keys because they're
7906//      reserved for AWS use. System tags don’t count against your tags per
7907//      resource limit.
7908//
7909//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
7910//      for the operation.
7911//
7912//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
7913//      than allowed.
7914//
7915//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
7916//      value than allowed.
7917//
7918//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
7919//      than allowed.
7920//
7921//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
7922//      value than allowed.
7923//
7924//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
7925//      between entities in the same root.
7926//
7927//   * ServiceException
7928//   AWS Organizations can't complete your request because of an internal service
7929//   error. Try again later.
7930//
7931//   * TooManyRequestsException
7932//   You have sent too many requests in too short a period of time. The quota
7933//   helps protect against denial-of-service attacks. Try again later.
7934//
7935//   For information about quotas that affect AWS Organizations, see Quotas for
7936//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
7937//   the AWS Organizations User Guide.
7938//
7939// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccounts
7940func (c *Organizations) ListAccounts(input *ListAccountsInput) (*ListAccountsOutput, error) {
7941	req, out := c.ListAccountsRequest(input)
7942	return out, req.Send()
7943}
7944
7945// ListAccountsWithContext is the same as ListAccounts with the addition of
7946// the ability to pass a context and additional request options.
7947//
7948// See ListAccounts for details on how to use this API operation.
7949//
7950// The context must be non-nil and will be used for request cancellation. If
7951// the context is nil a panic will occur. In the future the SDK may create
7952// sub-contexts for http.Requests. See https://golang.org/pkg/context/
7953// for more information on using Contexts.
7954func (c *Organizations) ListAccountsWithContext(ctx aws.Context, input *ListAccountsInput, opts ...request.Option) (*ListAccountsOutput, error) {
7955	req, out := c.ListAccountsRequest(input)
7956	req.SetContext(ctx)
7957	req.ApplyOptions(opts...)
7958	return out, req.Send()
7959}
7960
7961// ListAccountsPages iterates over the pages of a ListAccounts operation,
7962// calling the "fn" function with the response data for each page. To stop
7963// iterating, return false from the fn function.
7964//
7965// See ListAccounts method for more information on how to use this operation.
7966//
7967// Note: This operation can generate multiple requests to a service.
7968//
7969//    // Example iterating over at most 3 pages of a ListAccounts operation.
7970//    pageNum := 0
7971//    err := client.ListAccountsPages(params,
7972//        func(page *organizations.ListAccountsOutput, lastPage bool) bool {
7973//            pageNum++
7974//            fmt.Println(page)
7975//            return pageNum <= 3
7976//        })
7977//
7978func (c *Organizations) ListAccountsPages(input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool) error {
7979	return c.ListAccountsPagesWithContext(aws.BackgroundContext(), input, fn)
7980}
7981
7982// ListAccountsPagesWithContext same as ListAccountsPages except
7983// it takes a Context and allows setting request options on the pages.
7984//
7985// The context must be non-nil and will be used for request cancellation. If
7986// the context is nil a panic will occur. In the future the SDK may create
7987// sub-contexts for http.Requests. See https://golang.org/pkg/context/
7988// for more information on using Contexts.
7989func (c *Organizations) ListAccountsPagesWithContext(ctx aws.Context, input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool, opts ...request.Option) error {
7990	p := request.Pagination{
7991		NewRequest: func() (*request.Request, error) {
7992			var inCpy *ListAccountsInput
7993			if input != nil {
7994				tmp := *input
7995				inCpy = &tmp
7996			}
7997			req, _ := c.ListAccountsRequest(inCpy)
7998			req.SetContext(ctx)
7999			req.ApplyOptions(opts...)
8000			return req, nil
8001		},
8002	}
8003
8004	for p.Next() {
8005		if !fn(p.Page().(*ListAccountsOutput), !p.HasNextPage()) {
8006			break
8007		}
8008	}
8009
8010	return p.Err()
8011}
8012
8013const opListAccountsForParent = "ListAccountsForParent"
8014
8015// ListAccountsForParentRequest generates a "aws/request.Request" representing the
8016// client's request for the ListAccountsForParent operation. The "output" return
8017// value will be populated with the request's response once the request completes
8018// successfully.
8019//
8020// Use "Send" method on the returned Request to send the API call to the service.
8021// the "output" return value is not valid until after Send returns without error.
8022//
8023// See ListAccountsForParent for more information on using the ListAccountsForParent
8024// API call, and error handling.
8025//
8026// This method is useful when you want to inject custom logic or configuration
8027// into the SDK's request lifecycle. Such as custom headers, or retry logic.
8028//
8029//
8030//    // Example sending a request using the ListAccountsForParentRequest method.
8031//    req, resp := client.ListAccountsForParentRequest(params)
8032//
8033//    err := req.Send()
8034//    if err == nil { // resp is now filled
8035//        fmt.Println(resp)
8036//    }
8037//
8038// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccountsForParent
8039func (c *Organizations) ListAccountsForParentRequest(input *ListAccountsForParentInput) (req *request.Request, output *ListAccountsForParentOutput) {
8040	op := &request.Operation{
8041		Name:       opListAccountsForParent,
8042		HTTPMethod: "POST",
8043		HTTPPath:   "/",
8044		Paginator: &request.Paginator{
8045			InputTokens:     []string{"NextToken"},
8046			OutputTokens:    []string{"NextToken"},
8047			LimitToken:      "MaxResults",
8048			TruncationToken: "",
8049		},
8050	}
8051
8052	if input == nil {
8053		input = &ListAccountsForParentInput{}
8054	}
8055
8056	output = &ListAccountsForParentOutput{}
8057	req = c.newRequest(op, input, output)
8058	return
8059}
8060
8061// ListAccountsForParent API operation for AWS Organizations.
8062//
8063// Lists the accounts in an organization that are contained by the specified
8064// target root or organizational unit (OU). If you specify the root, you get
8065// a list of all the accounts that aren't in any OU. If you specify an OU, you
8066// get a list of all the accounts in only that OU and not in any child OUs.
8067// To get a list of all accounts in the organization, use the ListAccounts operation.
8068//
8069// Always check the NextToken response parameter for a null value when calling
8070// a List* operation. These operations can occasionally return an empty set
8071// of results even when there are more results available. The NextToken response
8072// parameter value is null only when there are no more results to display.
8073//
8074// This operation can be called only from the organization's master account
8075// or by a member account that is a delegated administrator for an AWS service.
8076//
8077// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
8078// with awserr.Error's Code and Message methods to get detailed information about
8079// the error.
8080//
8081// See the AWS API reference guide for AWS Organizations's
8082// API operation ListAccountsForParent for usage and error information.
8083//
8084// Returned Error Types:
8085//   * AccessDeniedException
8086//   You don't have permissions to perform the requested operation. The user or
8087//   role that is making the request must have at least one IAM permissions policy
8088//   attached that grants the required permissions. For more information, see
8089//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
8090//   in the IAM User Guide.
8091//
8092//   * AWSOrganizationsNotInUseException
8093//   Your account isn't a member of an organization. To make this request, you
8094//   must use the credentials of an account that belongs to an organization.
8095//
8096//   * InvalidInputException
8097//   The requested operation failed because you provided invalid values for one
8098//   or more of the request parameters. This exception includes a reason that
8099//   contains additional information about the violated limit:
8100//
8101//   Some of the reasons in the following list might not be applicable to this
8102//   specific API or operation.
8103//
8104//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
8105//      can't be modified.
8106//
8107//      * INPUT_REQUIRED: You must include a value for all required parameters.
8108//
8109//      * INVALID_ENUM: You specified an invalid value.
8110//
8111//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
8112//      characters.
8113//
8114//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
8115//      at least one invalid value.
8116//
8117//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
8118//      from the response to a previous call of the operation.
8119//
8120//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
8121//      organization, or email) as a party.
8122//
8123//      * INVALID_PATTERN: You provided a value that doesn't match the required
8124//      pattern.
8125//
8126//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
8127//      match the required pattern.
8128//
8129//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
8130//      name can't begin with the reserved prefix AWSServiceRoleFor.
8131//
8132//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
8133//      Name (ARN) for the organization.
8134//
8135//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
8136//
8137//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
8138//      tag. You can’t add, edit, or delete system tag keys because they're
8139//      reserved for AWS use. System tags don’t count against your tags per
8140//      resource limit.
8141//
8142//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
8143//      for the operation.
8144//
8145//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
8146//      than allowed.
8147//
8148//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
8149//      value than allowed.
8150//
8151//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
8152//      than allowed.
8153//
8154//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
8155//      value than allowed.
8156//
8157//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
8158//      between entities in the same root.
8159//
8160//   * ParentNotFoundException
8161//   We can't find a root or OU with the ParentId that you specified.
8162//
8163//   * ServiceException
8164//   AWS Organizations can't complete your request because of an internal service
8165//   error. Try again later.
8166//
8167//   * TooManyRequestsException
8168//   You have sent too many requests in too short a period of time. The quota
8169//   helps protect against denial-of-service attacks. Try again later.
8170//
8171//   For information about quotas that affect AWS Organizations, see Quotas for
8172//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
8173//   the AWS Organizations User Guide.
8174//
8175// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccountsForParent
8176func (c *Organizations) ListAccountsForParent(input *ListAccountsForParentInput) (*ListAccountsForParentOutput, error) {
8177	req, out := c.ListAccountsForParentRequest(input)
8178	return out, req.Send()
8179}
8180
8181// ListAccountsForParentWithContext is the same as ListAccountsForParent with the addition of
8182// the ability to pass a context and additional request options.
8183//
8184// See ListAccountsForParent for details on how to use this API operation.
8185//
8186// The context must be non-nil and will be used for request cancellation. If
8187// the context is nil a panic will occur. In the future the SDK may create
8188// sub-contexts for http.Requests. See https://golang.org/pkg/context/
8189// for more information on using Contexts.
8190func (c *Organizations) ListAccountsForParentWithContext(ctx aws.Context, input *ListAccountsForParentInput, opts ...request.Option) (*ListAccountsForParentOutput, error) {
8191	req, out := c.ListAccountsForParentRequest(input)
8192	req.SetContext(ctx)
8193	req.ApplyOptions(opts...)
8194	return out, req.Send()
8195}
8196
8197// ListAccountsForParentPages iterates over the pages of a ListAccountsForParent operation,
8198// calling the "fn" function with the response data for each page. To stop
8199// iterating, return false from the fn function.
8200//
8201// See ListAccountsForParent method for more information on how to use this operation.
8202//
8203// Note: This operation can generate multiple requests to a service.
8204//
8205//    // Example iterating over at most 3 pages of a ListAccountsForParent operation.
8206//    pageNum := 0
8207//    err := client.ListAccountsForParentPages(params,
8208//        func(page *organizations.ListAccountsForParentOutput, lastPage bool) bool {
8209//            pageNum++
8210//            fmt.Println(page)
8211//            return pageNum <= 3
8212//        })
8213//
8214func (c *Organizations) ListAccountsForParentPages(input *ListAccountsForParentInput, fn func(*ListAccountsForParentOutput, bool) bool) error {
8215	return c.ListAccountsForParentPagesWithContext(aws.BackgroundContext(), input, fn)
8216}
8217
8218// ListAccountsForParentPagesWithContext same as ListAccountsForParentPages except
8219// it takes a Context and allows setting request options on the pages.
8220//
8221// The context must be non-nil and will be used for request cancellation. If
8222// the context is nil a panic will occur. In the future the SDK may create
8223// sub-contexts for http.Requests. See https://golang.org/pkg/context/
8224// for more information on using Contexts.
8225func (c *Organizations) ListAccountsForParentPagesWithContext(ctx aws.Context, input *ListAccountsForParentInput, fn func(*ListAccountsForParentOutput, bool) bool, opts ...request.Option) error {
8226	p := request.Pagination{
8227		NewRequest: func() (*request.Request, error) {
8228			var inCpy *ListAccountsForParentInput
8229			if input != nil {
8230				tmp := *input
8231				inCpy = &tmp
8232			}
8233			req, _ := c.ListAccountsForParentRequest(inCpy)
8234			req.SetContext(ctx)
8235			req.ApplyOptions(opts...)
8236			return req, nil
8237		},
8238	}
8239
8240	for p.Next() {
8241		if !fn(p.Page().(*ListAccountsForParentOutput), !p.HasNextPage()) {
8242			break
8243		}
8244	}
8245
8246	return p.Err()
8247}
8248
8249const opListChildren = "ListChildren"
8250
8251// ListChildrenRequest generates a "aws/request.Request" representing the
8252// client's request for the ListChildren operation. The "output" return
8253// value will be populated with the request's response once the request completes
8254// successfully.
8255//
8256// Use "Send" method on the returned Request to send the API call to the service.
8257// the "output" return value is not valid until after Send returns without error.
8258//
8259// See ListChildren for more information on using the ListChildren
8260// API call, and error handling.
8261//
8262// This method is useful when you want to inject custom logic or configuration
8263// into the SDK's request lifecycle. Such as custom headers, or retry logic.
8264//
8265//
8266//    // Example sending a request using the ListChildrenRequest method.
8267//    req, resp := client.ListChildrenRequest(params)
8268//
8269//    err := req.Send()
8270//    if err == nil { // resp is now filled
8271//        fmt.Println(resp)
8272//    }
8273//
8274// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListChildren
8275func (c *Organizations) ListChildrenRequest(input *ListChildrenInput) (req *request.Request, output *ListChildrenOutput) {
8276	op := &request.Operation{
8277		Name:       opListChildren,
8278		HTTPMethod: "POST",
8279		HTTPPath:   "/",
8280		Paginator: &request.Paginator{
8281			InputTokens:     []string{"NextToken"},
8282			OutputTokens:    []string{"NextToken"},
8283			LimitToken:      "MaxResults",
8284			TruncationToken: "",
8285		},
8286	}
8287
8288	if input == nil {
8289		input = &ListChildrenInput{}
8290	}
8291
8292	output = &ListChildrenOutput{}
8293	req = c.newRequest(op, input, output)
8294	return
8295}
8296
8297// ListChildren API operation for AWS Organizations.
8298//
8299// Lists all of the organizational units (OUs) or accounts that are contained
8300// in the specified parent OU or root. This operation, along with ListParents
8301// enables you to traverse the tree structure that makes up this root.
8302//
8303// Always check the NextToken response parameter for a null value when calling
8304// a List* operation. These operations can occasionally return an empty set
8305// of results even when there are more results available. The NextToken response
8306// parameter value is null only when there are no more results to display.
8307//
8308// This operation can be called only from the organization's master account
8309// or by a member account that is a delegated administrator for an AWS service.
8310//
8311// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
8312// with awserr.Error's Code and Message methods to get detailed information about
8313// the error.
8314//
8315// See the AWS API reference guide for AWS Organizations's
8316// API operation ListChildren for usage and error information.
8317//
8318// Returned Error Types:
8319//   * AccessDeniedException
8320//   You don't have permissions to perform the requested operation. The user or
8321//   role that is making the request must have at least one IAM permissions policy
8322//   attached that grants the required permissions. For more information, see
8323//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
8324//   in the IAM User Guide.
8325//
8326//   * AWSOrganizationsNotInUseException
8327//   Your account isn't a member of an organization. To make this request, you
8328//   must use the credentials of an account that belongs to an organization.
8329//
8330//   * InvalidInputException
8331//   The requested operation failed because you provided invalid values for one
8332//   or more of the request parameters. This exception includes a reason that
8333//   contains additional information about the violated limit:
8334//
8335//   Some of the reasons in the following list might not be applicable to this
8336//   specific API or operation.
8337//
8338//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
8339//      can't be modified.
8340//
8341//      * INPUT_REQUIRED: You must include a value for all required parameters.
8342//
8343//      * INVALID_ENUM: You specified an invalid value.
8344//
8345//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
8346//      characters.
8347//
8348//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
8349//      at least one invalid value.
8350//
8351//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
8352//      from the response to a previous call of the operation.
8353//
8354//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
8355//      organization, or email) as a party.
8356//
8357//      * INVALID_PATTERN: You provided a value that doesn't match the required
8358//      pattern.
8359//
8360//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
8361//      match the required pattern.
8362//
8363//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
8364//      name can't begin with the reserved prefix AWSServiceRoleFor.
8365//
8366//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
8367//      Name (ARN) for the organization.
8368//
8369//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
8370//
8371//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
8372//      tag. You can’t add, edit, or delete system tag keys because they're
8373//      reserved for AWS use. System tags don’t count against your tags per
8374//      resource limit.
8375//
8376//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
8377//      for the operation.
8378//
8379//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
8380//      than allowed.
8381//
8382//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
8383//      value than allowed.
8384//
8385//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
8386//      than allowed.
8387//
8388//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
8389//      value than allowed.
8390//
8391//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
8392//      between entities in the same root.
8393//
8394//   * ParentNotFoundException
8395//   We can't find a root or OU with the ParentId that you specified.
8396//
8397//   * ServiceException
8398//   AWS Organizations can't complete your request because of an internal service
8399//   error. Try again later.
8400//
8401//   * TooManyRequestsException
8402//   You have sent too many requests in too short a period of time. The quota
8403//   helps protect against denial-of-service attacks. Try again later.
8404//
8405//   For information about quotas that affect AWS Organizations, see Quotas for
8406//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
8407//   the AWS Organizations User Guide.
8408//
8409// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListChildren
8410func (c *Organizations) ListChildren(input *ListChildrenInput) (*ListChildrenOutput, error) {
8411	req, out := c.ListChildrenRequest(input)
8412	return out, req.Send()
8413}
8414
8415// ListChildrenWithContext is the same as ListChildren with the addition of
8416// the ability to pass a context and additional request options.
8417//
8418// See ListChildren for details on how to use this API operation.
8419//
8420// The context must be non-nil and will be used for request cancellation. If
8421// the context is nil a panic will occur. In the future the SDK may create
8422// sub-contexts for http.Requests. See https://golang.org/pkg/context/
8423// for more information on using Contexts.
8424func (c *Organizations) ListChildrenWithContext(ctx aws.Context, input *ListChildrenInput, opts ...request.Option) (*ListChildrenOutput, error) {
8425	req, out := c.ListChildrenRequest(input)
8426	req.SetContext(ctx)
8427	req.ApplyOptions(opts...)
8428	return out, req.Send()
8429}
8430
8431// ListChildrenPages iterates over the pages of a ListChildren operation,
8432// calling the "fn" function with the response data for each page. To stop
8433// iterating, return false from the fn function.
8434//
8435// See ListChildren method for more information on how to use this operation.
8436//
8437// Note: This operation can generate multiple requests to a service.
8438//
8439//    // Example iterating over at most 3 pages of a ListChildren operation.
8440//    pageNum := 0
8441//    err := client.ListChildrenPages(params,
8442//        func(page *organizations.ListChildrenOutput, lastPage bool) bool {
8443//            pageNum++
8444//            fmt.Println(page)
8445//            return pageNum <= 3
8446//        })
8447//
8448func (c *Organizations) ListChildrenPages(input *ListChildrenInput, fn func(*ListChildrenOutput, bool) bool) error {
8449	return c.ListChildrenPagesWithContext(aws.BackgroundContext(), input, fn)
8450}
8451
8452// ListChildrenPagesWithContext same as ListChildrenPages except
8453// it takes a Context and allows setting request options on the pages.
8454//
8455// The context must be non-nil and will be used for request cancellation. If
8456// the context is nil a panic will occur. In the future the SDK may create
8457// sub-contexts for http.Requests. See https://golang.org/pkg/context/
8458// for more information on using Contexts.
8459func (c *Organizations) ListChildrenPagesWithContext(ctx aws.Context, input *ListChildrenInput, fn func(*ListChildrenOutput, bool) bool, opts ...request.Option) error {
8460	p := request.Pagination{
8461		NewRequest: func() (*request.Request, error) {
8462			var inCpy *ListChildrenInput
8463			if input != nil {
8464				tmp := *input
8465				inCpy = &tmp
8466			}
8467			req, _ := c.ListChildrenRequest(inCpy)
8468			req.SetContext(ctx)
8469			req.ApplyOptions(opts...)
8470			return req, nil
8471		},
8472	}
8473
8474	for p.Next() {
8475		if !fn(p.Page().(*ListChildrenOutput), !p.HasNextPage()) {
8476			break
8477		}
8478	}
8479
8480	return p.Err()
8481}
8482
8483const opListCreateAccountStatus = "ListCreateAccountStatus"
8484
8485// ListCreateAccountStatusRequest generates a "aws/request.Request" representing the
8486// client's request for the ListCreateAccountStatus operation. The "output" return
8487// value will be populated with the request's response once the request completes
8488// successfully.
8489//
8490// Use "Send" method on the returned Request to send the API call to the service.
8491// the "output" return value is not valid until after Send returns without error.
8492//
8493// See ListCreateAccountStatus for more information on using the ListCreateAccountStatus
8494// API call, and error handling.
8495//
8496// This method is useful when you want to inject custom logic or configuration
8497// into the SDK's request lifecycle. Such as custom headers, or retry logic.
8498//
8499//
8500//    // Example sending a request using the ListCreateAccountStatusRequest method.
8501//    req, resp := client.ListCreateAccountStatusRequest(params)
8502//
8503//    err := req.Send()
8504//    if err == nil { // resp is now filled
8505//        fmt.Println(resp)
8506//    }
8507//
8508// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus
8509func (c *Organizations) ListCreateAccountStatusRequest(input *ListCreateAccountStatusInput) (req *request.Request, output *ListCreateAccountStatusOutput) {
8510	op := &request.Operation{
8511		Name:       opListCreateAccountStatus,
8512		HTTPMethod: "POST",
8513		HTTPPath:   "/",
8514		Paginator: &request.Paginator{
8515			InputTokens:     []string{"NextToken"},
8516			OutputTokens:    []string{"NextToken"},
8517			LimitToken:      "MaxResults",
8518			TruncationToken: "",
8519		},
8520	}
8521
8522	if input == nil {
8523		input = &ListCreateAccountStatusInput{}
8524	}
8525
8526	output = &ListCreateAccountStatusOutput{}
8527	req = c.newRequest(op, input, output)
8528	return
8529}
8530
8531// ListCreateAccountStatus API operation for AWS Organizations.
8532//
8533// Lists the account creation requests that match the specified status that
8534// is currently being tracked for the organization.
8535//
8536// Always check the NextToken response parameter for a null value when calling
8537// a List* operation. These operations can occasionally return an empty set
8538// of results even when there are more results available. The NextToken response
8539// parameter value is null only when there are no more results to display.
8540//
8541// This operation can be called only from the organization's master account
8542// or by a member account that is a delegated administrator for an AWS service.
8543//
8544// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
8545// with awserr.Error's Code and Message methods to get detailed information about
8546// the error.
8547//
8548// See the AWS API reference guide for AWS Organizations's
8549// API operation ListCreateAccountStatus for usage and error information.
8550//
8551// Returned Error Types:
8552//   * AccessDeniedException
8553//   You don't have permissions to perform the requested operation. The user or
8554//   role that is making the request must have at least one IAM permissions policy
8555//   attached that grants the required permissions. For more information, see
8556//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
8557//   in the IAM User Guide.
8558//
8559//   * AWSOrganizationsNotInUseException
8560//   Your account isn't a member of an organization. To make this request, you
8561//   must use the credentials of an account that belongs to an organization.
8562//
8563//   * InvalidInputException
8564//   The requested operation failed because you provided invalid values for one
8565//   or more of the request parameters. This exception includes a reason that
8566//   contains additional information about the violated limit:
8567//
8568//   Some of the reasons in the following list might not be applicable to this
8569//   specific API or operation.
8570//
8571//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
8572//      can't be modified.
8573//
8574//      * INPUT_REQUIRED: You must include a value for all required parameters.
8575//
8576//      * INVALID_ENUM: You specified an invalid value.
8577//
8578//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
8579//      characters.
8580//
8581//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
8582//      at least one invalid value.
8583//
8584//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
8585//      from the response to a previous call of the operation.
8586//
8587//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
8588//      organization, or email) as a party.
8589//
8590//      * INVALID_PATTERN: You provided a value that doesn't match the required
8591//      pattern.
8592//
8593//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
8594//      match the required pattern.
8595//
8596//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
8597//      name can't begin with the reserved prefix AWSServiceRoleFor.
8598//
8599//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
8600//      Name (ARN) for the organization.
8601//
8602//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
8603//
8604//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
8605//      tag. You can’t add, edit, or delete system tag keys because they're
8606//      reserved for AWS use. System tags don’t count against your tags per
8607//      resource limit.
8608//
8609//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
8610//      for the operation.
8611//
8612//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
8613//      than allowed.
8614//
8615//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
8616//      value than allowed.
8617//
8618//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
8619//      than allowed.
8620//
8621//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
8622//      value than allowed.
8623//
8624//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
8625//      between entities in the same root.
8626//
8627//   * ServiceException
8628//   AWS Organizations can't complete your request because of an internal service
8629//   error. Try again later.
8630//
8631//   * TooManyRequestsException
8632//   You have sent too many requests in too short a period of time. The quota
8633//   helps protect against denial-of-service attacks. Try again later.
8634//
8635//   For information about quotas that affect AWS Organizations, see Quotas for
8636//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
8637//   the AWS Organizations User Guide.
8638//
8639//   * UnsupportedAPIEndpointException
8640//   This action isn't available in the current AWS Region.
8641//
8642// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus
8643func (c *Organizations) ListCreateAccountStatus(input *ListCreateAccountStatusInput) (*ListCreateAccountStatusOutput, error) {
8644	req, out := c.ListCreateAccountStatusRequest(input)
8645	return out, req.Send()
8646}
8647
8648// ListCreateAccountStatusWithContext is the same as ListCreateAccountStatus with the addition of
8649// the ability to pass a context and additional request options.
8650//
8651// See ListCreateAccountStatus for details on how to use this API operation.
8652//
8653// The context must be non-nil and will be used for request cancellation. If
8654// the context is nil a panic will occur. In the future the SDK may create
8655// sub-contexts for http.Requests. See https://golang.org/pkg/context/
8656// for more information on using Contexts.
8657func (c *Organizations) ListCreateAccountStatusWithContext(ctx aws.Context, input *ListCreateAccountStatusInput, opts ...request.Option) (*ListCreateAccountStatusOutput, error) {
8658	req, out := c.ListCreateAccountStatusRequest(input)
8659	req.SetContext(ctx)
8660	req.ApplyOptions(opts...)
8661	return out, req.Send()
8662}
8663
8664// ListCreateAccountStatusPages iterates over the pages of a ListCreateAccountStatus operation,
8665// calling the "fn" function with the response data for each page. To stop
8666// iterating, return false from the fn function.
8667//
8668// See ListCreateAccountStatus method for more information on how to use this operation.
8669//
8670// Note: This operation can generate multiple requests to a service.
8671//
8672//    // Example iterating over at most 3 pages of a ListCreateAccountStatus operation.
8673//    pageNum := 0
8674//    err := client.ListCreateAccountStatusPages(params,
8675//        func(page *organizations.ListCreateAccountStatusOutput, lastPage bool) bool {
8676//            pageNum++
8677//            fmt.Println(page)
8678//            return pageNum <= 3
8679//        })
8680//
8681func (c *Organizations) ListCreateAccountStatusPages(input *ListCreateAccountStatusInput, fn func(*ListCreateAccountStatusOutput, bool) bool) error {
8682	return c.ListCreateAccountStatusPagesWithContext(aws.BackgroundContext(), input, fn)
8683}
8684
8685// ListCreateAccountStatusPagesWithContext same as ListCreateAccountStatusPages except
8686// it takes a Context and allows setting request options on the pages.
8687//
8688// The context must be non-nil and will be used for request cancellation. If
8689// the context is nil a panic will occur. In the future the SDK may create
8690// sub-contexts for http.Requests. See https://golang.org/pkg/context/
8691// for more information on using Contexts.
8692func (c *Organizations) ListCreateAccountStatusPagesWithContext(ctx aws.Context, input *ListCreateAccountStatusInput, fn func(*ListCreateAccountStatusOutput, bool) bool, opts ...request.Option) error {
8693	p := request.Pagination{
8694		NewRequest: func() (*request.Request, error) {
8695			var inCpy *ListCreateAccountStatusInput
8696			if input != nil {
8697				tmp := *input
8698				inCpy = &tmp
8699			}
8700			req, _ := c.ListCreateAccountStatusRequest(inCpy)
8701			req.SetContext(ctx)
8702			req.ApplyOptions(opts...)
8703			return req, nil
8704		},
8705	}
8706
8707	for p.Next() {
8708		if !fn(p.Page().(*ListCreateAccountStatusOutput), !p.HasNextPage()) {
8709			break
8710		}
8711	}
8712
8713	return p.Err()
8714}
8715
8716const opListDelegatedAdministrators = "ListDelegatedAdministrators"
8717
8718// ListDelegatedAdministratorsRequest generates a "aws/request.Request" representing the
8719// client's request for the ListDelegatedAdministrators operation. The "output" return
8720// value will be populated with the request's response once the request completes
8721// successfully.
8722//
8723// Use "Send" method on the returned Request to send the API call to the service.
8724// the "output" return value is not valid until after Send returns without error.
8725//
8726// See ListDelegatedAdministrators for more information on using the ListDelegatedAdministrators
8727// API call, and error handling.
8728//
8729// This method is useful when you want to inject custom logic or configuration
8730// into the SDK's request lifecycle. Such as custom headers, or retry logic.
8731//
8732//
8733//    // Example sending a request using the ListDelegatedAdministratorsRequest method.
8734//    req, resp := client.ListDelegatedAdministratorsRequest(params)
8735//
8736//    err := req.Send()
8737//    if err == nil { // resp is now filled
8738//        fmt.Println(resp)
8739//    }
8740//
8741// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListDelegatedAdministrators
8742func (c *Organizations) ListDelegatedAdministratorsRequest(input *ListDelegatedAdministratorsInput) (req *request.Request, output *ListDelegatedAdministratorsOutput) {
8743	op := &request.Operation{
8744		Name:       opListDelegatedAdministrators,
8745		HTTPMethod: "POST",
8746		HTTPPath:   "/",
8747		Paginator: &request.Paginator{
8748			InputTokens:     []string{"NextToken"},
8749			OutputTokens:    []string{"NextToken"},
8750			LimitToken:      "MaxResults",
8751			TruncationToken: "",
8752		},
8753	}
8754
8755	if input == nil {
8756		input = &ListDelegatedAdministratorsInput{}
8757	}
8758
8759	output = &ListDelegatedAdministratorsOutput{}
8760	req = c.newRequest(op, input, output)
8761	return
8762}
8763
8764// ListDelegatedAdministrators API operation for AWS Organizations.
8765//
8766// Lists the AWS accounts that are designated as delegated administrators in
8767// this organization.
8768//
8769// This operation can be called only from the organization's master account
8770// or by a member account that is a delegated administrator for an AWS service.
8771//
8772// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
8773// with awserr.Error's Code and Message methods to get detailed information about
8774// the error.
8775//
8776// See the AWS API reference guide for AWS Organizations's
8777// API operation ListDelegatedAdministrators for usage and error information.
8778//
8779// Returned Error Types:
8780//   * AccessDeniedException
8781//   You don't have permissions to perform the requested operation. The user or
8782//   role that is making the request must have at least one IAM permissions policy
8783//   attached that grants the required permissions. For more information, see
8784//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
8785//   in the IAM User Guide.
8786//
8787//   * AWSOrganizationsNotInUseException
8788//   Your account isn't a member of an organization. To make this request, you
8789//   must use the credentials of an account that belongs to an organization.
8790//
8791//   * ConstraintViolationException
8792//   Performing this operation violates a minimum or maximum value limit. For
8793//   example, attempting to remove the last service control policy (SCP) from
8794//   an OU or root, inviting or creating too many accounts to the organization,
8795//   or attaching too many policies to an account, OU, or root. This exception
8796//   includes a reason that contains additional information about the violated
8797//   limit:
8798//
8799//   Some of the reasons in the following list might not be applicable to this
8800//   specific API or operation.
8801//
8802//      * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master
8803//      account from the organization. You can't remove the master account. Instead,
8804//      after you remove all member accounts, delete the organization itself.
8805//
8806//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
8807//      from the organization that doesn't yet have enough information to exist
8808//      as a standalone account. This account requires you to first agree to the
8809//      AWS Customer Agreement. Follow the steps at Removing a member account
8810//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
8811//      the AWS Organizations User Guide.
8812//
8813//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
8814//      an account from the organization that doesn't yet have enough information
8815//      to exist as a standalone account. This account requires you to first complete
8816//      phone verification. Follow the steps at Removing a member account from
8817//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
8818//      in the AWS Organizations User Guide.
8819//
8820//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
8821//      of accounts that you can create in one day.
8822//
8823//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
8824//      the number of accounts in an organization. If you need more accounts,
8825//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
8826//      request an increase in your limit. Or the number of invitations that you
8827//      tried to send would cause you to exceed the limit of accounts in your
8828//      organization. Send fewer invitations or contact AWS Support to request
8829//      an increase in the number of accounts. Deleted and closed accounts still
8830//      count toward your limit. If you get this exception when running a command
8831//      immediately after creating the organization, wait one hour and try again.
8832//      After an hour, if the command continues to fail with this error, contact
8833//      AWS Support (https://console.aws.amazon.com/support/home#/).
8834//
8835//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
8836//      register the master account of the organization as a delegated administrator
8837//      for an AWS service integrated with Organizations. You can designate only
8838//      a member account as a delegated administrator.
8839//
8840//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
8841//      an account that is registered as a delegated administrator for a service
8842//      integrated with your organization. To complete this operation, you must
8843//      first deregister this account as a delegated administrator.
8844//
8845//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
8846//      organization in the specified region, you must enable all features mode.
8847//
8848//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
8849//      an AWS account as a delegated administrator for an AWS service that already
8850//      has a delegated administrator. To complete this operation, you must first
8851//      deregister any existing delegated administrators for this service.
8852//
8853//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
8854//      valid for a limited period of time. You must resubmit the request and
8855//      generate a new verfication code.
8856//
8857//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
8858//      handshakes that you can send in one day.
8859//
8860//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
8861//      in this organization, you first must migrate the organization's master
8862//      account to the marketplace that corresponds to the master account's address.
8863//      For example, accounts with India addresses must be associated with the
8864//      AISPL marketplace. All accounts in an organization must be associated
8865//      with the same marketplace.
8866//
8867//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
8868//      in China. To create an organization, the master must have an valid business
8869//      license. For more information, contact customer support.
8870//
8871//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
8872//      must first provide a valid contact address and phone number for the master
8873//      account. Then try the operation again.
8874//
8875//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
8876//      master account must have an associated account in the AWS GovCloud (US-West)
8877//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
8878//      in the AWS GovCloud User Guide.
8879//
8880//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
8881//      with this master account, you first must associate a valid payment instrument,
8882//      such as a credit card, with the account. Follow the steps at To leave
8883//      an organization when all required account information has not yet been
8884//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
8885//      in the AWS Organizations User Guide.
8886//
8887//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
8888//      to register more delegated administrators than allowed for the service
8889//      principal.
8890//
8891//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
8892//      number of policies of a certain type that can be attached to an entity
8893//      at one time.
8894//
8895//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
8896//      on this resource.
8897//
8898//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
8899//      with this member account, you first must associate a valid payment instrument,
8900//      such as a credit card, with the account. Follow the steps at To leave
8901//      an organization when all required account information has not yet been
8902//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
8903//      in the AWS Organizations User Guide.
8904//
8905//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
8906//      policy from an entity that would cause the entity to have fewer than the
8907//      minimum number of policies of a certain type required.
8908//
8909//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
8910//      that requires the organization to be configured to support all features.
8911//      An organization that supports only consolidated billing features can't
8912//      perform this operation.
8913//
8914//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
8915//      too many levels deep.
8916//
8917//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
8918//      that you can have in an organization.
8919//
8920//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
8921//      is larger than the maximum size.
8922//
8923//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
8924//      policies that you can have in an organization.
8925//
8926//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
8927//      tags that are not compliant with the tag policy requirements for this
8928//      account.
8929//
8930//   * InvalidInputException
8931//   The requested operation failed because you provided invalid values for one
8932//   or more of the request parameters. This exception includes a reason that
8933//   contains additional information about the violated limit:
8934//
8935//   Some of the reasons in the following list might not be applicable to this
8936//   specific API or operation.
8937//
8938//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
8939//      can't be modified.
8940//
8941//      * INPUT_REQUIRED: You must include a value for all required parameters.
8942//
8943//      * INVALID_ENUM: You specified an invalid value.
8944//
8945//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
8946//      characters.
8947//
8948//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
8949//      at least one invalid value.
8950//
8951//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
8952//      from the response to a previous call of the operation.
8953//
8954//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
8955//      organization, or email) as a party.
8956//
8957//      * INVALID_PATTERN: You provided a value that doesn't match the required
8958//      pattern.
8959//
8960//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
8961//      match the required pattern.
8962//
8963//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
8964//      name can't begin with the reserved prefix AWSServiceRoleFor.
8965//
8966//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
8967//      Name (ARN) for the organization.
8968//
8969//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
8970//
8971//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
8972//      tag. You can’t add, edit, or delete system tag keys because they're
8973//      reserved for AWS use. System tags don’t count against your tags per
8974//      resource limit.
8975//
8976//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
8977//      for the operation.
8978//
8979//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
8980//      than allowed.
8981//
8982//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
8983//      value than allowed.
8984//
8985//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
8986//      than allowed.
8987//
8988//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
8989//      value than allowed.
8990//
8991//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
8992//      between entities in the same root.
8993//
8994//   * TooManyRequestsException
8995//   You have sent too many requests in too short a period of time. The quota
8996//   helps protect against denial-of-service attacks. Try again later.
8997//
8998//   For information about quotas that affect AWS Organizations, see Quotas for
8999//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
9000//   the AWS Organizations User Guide.
9001//
9002//   * ServiceException
9003//   AWS Organizations can't complete your request because of an internal service
9004//   error. Try again later.
9005//
9006//   * UnsupportedAPIEndpointException
9007//   This action isn't available in the current AWS Region.
9008//
9009// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListDelegatedAdministrators
9010func (c *Organizations) ListDelegatedAdministrators(input *ListDelegatedAdministratorsInput) (*ListDelegatedAdministratorsOutput, error) {
9011	req, out := c.ListDelegatedAdministratorsRequest(input)
9012	return out, req.Send()
9013}
9014
9015// ListDelegatedAdministratorsWithContext is the same as ListDelegatedAdministrators with the addition of
9016// the ability to pass a context and additional request options.
9017//
9018// See ListDelegatedAdministrators for details on how to use this API operation.
9019//
9020// The context must be non-nil and will be used for request cancellation. If
9021// the context is nil a panic will occur. In the future the SDK may create
9022// sub-contexts for http.Requests. See https://golang.org/pkg/context/
9023// for more information on using Contexts.
9024func (c *Organizations) ListDelegatedAdministratorsWithContext(ctx aws.Context, input *ListDelegatedAdministratorsInput, opts ...request.Option) (*ListDelegatedAdministratorsOutput, error) {
9025	req, out := c.ListDelegatedAdministratorsRequest(input)
9026	req.SetContext(ctx)
9027	req.ApplyOptions(opts...)
9028	return out, req.Send()
9029}
9030
9031// ListDelegatedAdministratorsPages iterates over the pages of a ListDelegatedAdministrators operation,
9032// calling the "fn" function with the response data for each page. To stop
9033// iterating, return false from the fn function.
9034//
9035// See ListDelegatedAdministrators method for more information on how to use this operation.
9036//
9037// Note: This operation can generate multiple requests to a service.
9038//
9039//    // Example iterating over at most 3 pages of a ListDelegatedAdministrators operation.
9040//    pageNum := 0
9041//    err := client.ListDelegatedAdministratorsPages(params,
9042//        func(page *organizations.ListDelegatedAdministratorsOutput, lastPage bool) bool {
9043//            pageNum++
9044//            fmt.Println(page)
9045//            return pageNum <= 3
9046//        })
9047//
9048func (c *Organizations) ListDelegatedAdministratorsPages(input *ListDelegatedAdministratorsInput, fn func(*ListDelegatedAdministratorsOutput, bool) bool) error {
9049	return c.ListDelegatedAdministratorsPagesWithContext(aws.BackgroundContext(), input, fn)
9050}
9051
9052// ListDelegatedAdministratorsPagesWithContext same as ListDelegatedAdministratorsPages except
9053// it takes a Context and allows setting request options on the pages.
9054//
9055// The context must be non-nil and will be used for request cancellation. If
9056// the context is nil a panic will occur. In the future the SDK may create
9057// sub-contexts for http.Requests. See https://golang.org/pkg/context/
9058// for more information on using Contexts.
9059func (c *Organizations) ListDelegatedAdministratorsPagesWithContext(ctx aws.Context, input *ListDelegatedAdministratorsInput, fn func(*ListDelegatedAdministratorsOutput, bool) bool, opts ...request.Option) error {
9060	p := request.Pagination{
9061		NewRequest: func() (*request.Request, error) {
9062			var inCpy *ListDelegatedAdministratorsInput
9063			if input != nil {
9064				tmp := *input
9065				inCpy = &tmp
9066			}
9067			req, _ := c.ListDelegatedAdministratorsRequest(inCpy)
9068			req.SetContext(ctx)
9069			req.ApplyOptions(opts...)
9070			return req, nil
9071		},
9072	}
9073
9074	for p.Next() {
9075		if !fn(p.Page().(*ListDelegatedAdministratorsOutput), !p.HasNextPage()) {
9076			break
9077		}
9078	}
9079
9080	return p.Err()
9081}
9082
9083const opListDelegatedServicesForAccount = "ListDelegatedServicesForAccount"
9084
9085// ListDelegatedServicesForAccountRequest generates a "aws/request.Request" representing the
9086// client's request for the ListDelegatedServicesForAccount operation. The "output" return
9087// value will be populated with the request's response once the request completes
9088// successfully.
9089//
9090// Use "Send" method on the returned Request to send the API call to the service.
9091// the "output" return value is not valid until after Send returns without error.
9092//
9093// See ListDelegatedServicesForAccount for more information on using the ListDelegatedServicesForAccount
9094// API call, and error handling.
9095//
9096// This method is useful when you want to inject custom logic or configuration
9097// into the SDK's request lifecycle. Such as custom headers, or retry logic.
9098//
9099//
9100//    // Example sending a request using the ListDelegatedServicesForAccountRequest method.
9101//    req, resp := client.ListDelegatedServicesForAccountRequest(params)
9102//
9103//    err := req.Send()
9104//    if err == nil { // resp is now filled
9105//        fmt.Println(resp)
9106//    }
9107//
9108// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListDelegatedServicesForAccount
9109func (c *Organizations) ListDelegatedServicesForAccountRequest(input *ListDelegatedServicesForAccountInput) (req *request.Request, output *ListDelegatedServicesForAccountOutput) {
9110	op := &request.Operation{
9111		Name:       opListDelegatedServicesForAccount,
9112		HTTPMethod: "POST",
9113		HTTPPath:   "/",
9114		Paginator: &request.Paginator{
9115			InputTokens:     []string{"NextToken"},
9116			OutputTokens:    []string{"NextToken"},
9117			LimitToken:      "MaxResults",
9118			TruncationToken: "",
9119		},
9120	}
9121
9122	if input == nil {
9123		input = &ListDelegatedServicesForAccountInput{}
9124	}
9125
9126	output = &ListDelegatedServicesForAccountOutput{}
9127	req = c.newRequest(op, input, output)
9128	return
9129}
9130
9131// ListDelegatedServicesForAccount API operation for AWS Organizations.
9132//
9133// List the AWS services for which the specified account is a delegated administrator.
9134//
9135// This operation can be called only from the organization's master account
9136// or by a member account that is a delegated administrator for an AWS service.
9137//
9138// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
9139// with awserr.Error's Code and Message methods to get detailed information about
9140// the error.
9141//
9142// See the AWS API reference guide for AWS Organizations's
9143// API operation ListDelegatedServicesForAccount for usage and error information.
9144//
9145// Returned Error Types:
9146//   * AccessDeniedException
9147//   You don't have permissions to perform the requested operation. The user or
9148//   role that is making the request must have at least one IAM permissions policy
9149//   attached that grants the required permissions. For more information, see
9150//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
9151//   in the IAM User Guide.
9152//
9153//   * AccountNotFoundException
9154//   We can't find an AWS account with the AccountId that you specified, or the
9155//   account whose credentials you used to make this request isn't a member of
9156//   an organization.
9157//
9158//   * AccountNotRegisteredException
9159//   The specified account is not a delegated administrator for this AWS service.
9160//
9161//   * AWSOrganizationsNotInUseException
9162//   Your account isn't a member of an organization. To make this request, you
9163//   must use the credentials of an account that belongs to an organization.
9164//
9165//   * ConstraintViolationException
9166//   Performing this operation violates a minimum or maximum value limit. For
9167//   example, attempting to remove the last service control policy (SCP) from
9168//   an OU or root, inviting or creating too many accounts to the organization,
9169//   or attaching too many policies to an account, OU, or root. This exception
9170//   includes a reason that contains additional information about the violated
9171//   limit:
9172//
9173//   Some of the reasons in the following list might not be applicable to this
9174//   specific API or operation.
9175//
9176//      * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master
9177//      account from the organization. You can't remove the master account. Instead,
9178//      after you remove all member accounts, delete the organization itself.
9179//
9180//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
9181//      from the organization that doesn't yet have enough information to exist
9182//      as a standalone account. This account requires you to first agree to the
9183//      AWS Customer Agreement. Follow the steps at Removing a member account
9184//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
9185//      the AWS Organizations User Guide.
9186//
9187//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
9188//      an account from the organization that doesn't yet have enough information
9189//      to exist as a standalone account. This account requires you to first complete
9190//      phone verification. Follow the steps at Removing a member account from
9191//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
9192//      in the AWS Organizations User Guide.
9193//
9194//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
9195//      of accounts that you can create in one day.
9196//
9197//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
9198//      the number of accounts in an organization. If you need more accounts,
9199//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
9200//      request an increase in your limit. Or the number of invitations that you
9201//      tried to send would cause you to exceed the limit of accounts in your
9202//      organization. Send fewer invitations or contact AWS Support to request
9203//      an increase in the number of accounts. Deleted and closed accounts still
9204//      count toward your limit. If you get this exception when running a command
9205//      immediately after creating the organization, wait one hour and try again.
9206//      After an hour, if the command continues to fail with this error, contact
9207//      AWS Support (https://console.aws.amazon.com/support/home#/).
9208//
9209//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
9210//      register the master account of the organization as a delegated administrator
9211//      for an AWS service integrated with Organizations. You can designate only
9212//      a member account as a delegated administrator.
9213//
9214//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
9215//      an account that is registered as a delegated administrator for a service
9216//      integrated with your organization. To complete this operation, you must
9217//      first deregister this account as a delegated administrator.
9218//
9219//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
9220//      organization in the specified region, you must enable all features mode.
9221//
9222//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
9223//      an AWS account as a delegated administrator for an AWS service that already
9224//      has a delegated administrator. To complete this operation, you must first
9225//      deregister any existing delegated administrators for this service.
9226//
9227//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
9228//      valid for a limited period of time. You must resubmit the request and
9229//      generate a new verfication code.
9230//
9231//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
9232//      handshakes that you can send in one day.
9233//
9234//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
9235//      in this organization, you first must migrate the organization's master
9236//      account to the marketplace that corresponds to the master account's address.
9237//      For example, accounts with India addresses must be associated with the
9238//      AISPL marketplace. All accounts in an organization must be associated
9239//      with the same marketplace.
9240//
9241//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
9242//      in China. To create an organization, the master must have an valid business
9243//      license. For more information, contact customer support.
9244//
9245//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
9246//      must first provide a valid contact address and phone number for the master
9247//      account. Then try the operation again.
9248//
9249//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
9250//      master account must have an associated account in the AWS GovCloud (US-West)
9251//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
9252//      in the AWS GovCloud User Guide.
9253//
9254//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
9255//      with this master account, you first must associate a valid payment instrument,
9256//      such as a credit card, with the account. Follow the steps at To leave
9257//      an organization when all required account information has not yet been
9258//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
9259//      in the AWS Organizations User Guide.
9260//
9261//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
9262//      to register more delegated administrators than allowed for the service
9263//      principal.
9264//
9265//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
9266//      number of policies of a certain type that can be attached to an entity
9267//      at one time.
9268//
9269//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
9270//      on this resource.
9271//
9272//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
9273//      with this member account, you first must associate a valid payment instrument,
9274//      such as a credit card, with the account. Follow the steps at To leave
9275//      an organization when all required account information has not yet been
9276//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
9277//      in the AWS Organizations User Guide.
9278//
9279//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
9280//      policy from an entity that would cause the entity to have fewer than the
9281//      minimum number of policies of a certain type required.
9282//
9283//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
9284//      that requires the organization to be configured to support all features.
9285//      An organization that supports only consolidated billing features can't
9286//      perform this operation.
9287//
9288//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
9289//      too many levels deep.
9290//
9291//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
9292//      that you can have in an organization.
9293//
9294//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
9295//      is larger than the maximum size.
9296//
9297//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
9298//      policies that you can have in an organization.
9299//
9300//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
9301//      tags that are not compliant with the tag policy requirements for this
9302//      account.
9303//
9304//   * InvalidInputException
9305//   The requested operation failed because you provided invalid values for one
9306//   or more of the request parameters. This exception includes a reason that
9307//   contains additional information about the violated limit:
9308//
9309//   Some of the reasons in the following list might not be applicable to this
9310//   specific API or operation.
9311//
9312//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
9313//      can't be modified.
9314//
9315//      * INPUT_REQUIRED: You must include a value for all required parameters.
9316//
9317//      * INVALID_ENUM: You specified an invalid value.
9318//
9319//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
9320//      characters.
9321//
9322//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
9323//      at least one invalid value.
9324//
9325//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
9326//      from the response to a previous call of the operation.
9327//
9328//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
9329//      organization, or email) as a party.
9330//
9331//      * INVALID_PATTERN: You provided a value that doesn't match the required
9332//      pattern.
9333//
9334//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
9335//      match the required pattern.
9336//
9337//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
9338//      name can't begin with the reserved prefix AWSServiceRoleFor.
9339//
9340//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
9341//      Name (ARN) for the organization.
9342//
9343//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
9344//
9345//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
9346//      tag. You can’t add, edit, or delete system tag keys because they're
9347//      reserved for AWS use. System tags don’t count against your tags per
9348//      resource limit.
9349//
9350//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
9351//      for the operation.
9352//
9353//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
9354//      than allowed.
9355//
9356//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
9357//      value than allowed.
9358//
9359//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
9360//      than allowed.
9361//
9362//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
9363//      value than allowed.
9364//
9365//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
9366//      between entities in the same root.
9367//
9368//   * TooManyRequestsException
9369//   You have sent too many requests in too short a period of time. The quota
9370//   helps protect against denial-of-service attacks. Try again later.
9371//
9372//   For information about quotas that affect AWS Organizations, see Quotas for
9373//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
9374//   the AWS Organizations User Guide.
9375//
9376//   * ServiceException
9377//   AWS Organizations can't complete your request because of an internal service
9378//   error. Try again later.
9379//
9380//   * UnsupportedAPIEndpointException
9381//   This action isn't available in the current AWS Region.
9382//
9383// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListDelegatedServicesForAccount
9384func (c *Organizations) ListDelegatedServicesForAccount(input *ListDelegatedServicesForAccountInput) (*ListDelegatedServicesForAccountOutput, error) {
9385	req, out := c.ListDelegatedServicesForAccountRequest(input)
9386	return out, req.Send()
9387}
9388
9389// ListDelegatedServicesForAccountWithContext is the same as ListDelegatedServicesForAccount with the addition of
9390// the ability to pass a context and additional request options.
9391//
9392// See ListDelegatedServicesForAccount for details on how to use this API operation.
9393//
9394// The context must be non-nil and will be used for request cancellation. If
9395// the context is nil a panic will occur. In the future the SDK may create
9396// sub-contexts for http.Requests. See https://golang.org/pkg/context/
9397// for more information on using Contexts.
9398func (c *Organizations) ListDelegatedServicesForAccountWithContext(ctx aws.Context, input *ListDelegatedServicesForAccountInput, opts ...request.Option) (*ListDelegatedServicesForAccountOutput, error) {
9399	req, out := c.ListDelegatedServicesForAccountRequest(input)
9400	req.SetContext(ctx)
9401	req.ApplyOptions(opts...)
9402	return out, req.Send()
9403}
9404
9405// ListDelegatedServicesForAccountPages iterates over the pages of a ListDelegatedServicesForAccount operation,
9406// calling the "fn" function with the response data for each page. To stop
9407// iterating, return false from the fn function.
9408//
9409// See ListDelegatedServicesForAccount method for more information on how to use this operation.
9410//
9411// Note: This operation can generate multiple requests to a service.
9412//
9413//    // Example iterating over at most 3 pages of a ListDelegatedServicesForAccount operation.
9414//    pageNum := 0
9415//    err := client.ListDelegatedServicesForAccountPages(params,
9416//        func(page *organizations.ListDelegatedServicesForAccountOutput, lastPage bool) bool {
9417//            pageNum++
9418//            fmt.Println(page)
9419//            return pageNum <= 3
9420//        })
9421//
9422func (c *Organizations) ListDelegatedServicesForAccountPages(input *ListDelegatedServicesForAccountInput, fn func(*ListDelegatedServicesForAccountOutput, bool) bool) error {
9423	return c.ListDelegatedServicesForAccountPagesWithContext(aws.BackgroundContext(), input, fn)
9424}
9425
9426// ListDelegatedServicesForAccountPagesWithContext same as ListDelegatedServicesForAccountPages except
9427// it takes a Context and allows setting request options on the pages.
9428//
9429// The context must be non-nil and will be used for request cancellation. If
9430// the context is nil a panic will occur. In the future the SDK may create
9431// sub-contexts for http.Requests. See https://golang.org/pkg/context/
9432// for more information on using Contexts.
9433func (c *Organizations) ListDelegatedServicesForAccountPagesWithContext(ctx aws.Context, input *ListDelegatedServicesForAccountInput, fn func(*ListDelegatedServicesForAccountOutput, bool) bool, opts ...request.Option) error {
9434	p := request.Pagination{
9435		NewRequest: func() (*request.Request, error) {
9436			var inCpy *ListDelegatedServicesForAccountInput
9437			if input != nil {
9438				tmp := *input
9439				inCpy = &tmp
9440			}
9441			req, _ := c.ListDelegatedServicesForAccountRequest(inCpy)
9442			req.SetContext(ctx)
9443			req.ApplyOptions(opts...)
9444			return req, nil
9445		},
9446	}
9447
9448	for p.Next() {
9449		if !fn(p.Page().(*ListDelegatedServicesForAccountOutput), !p.HasNextPage()) {
9450			break
9451		}
9452	}
9453
9454	return p.Err()
9455}
9456
9457const opListHandshakesForAccount = "ListHandshakesForAccount"
9458
9459// ListHandshakesForAccountRequest generates a "aws/request.Request" representing the
9460// client's request for the ListHandshakesForAccount operation. The "output" return
9461// value will be populated with the request's response once the request completes
9462// successfully.
9463//
9464// Use "Send" method on the returned Request to send the API call to the service.
9465// the "output" return value is not valid until after Send returns without error.
9466//
9467// See ListHandshakesForAccount for more information on using the ListHandshakesForAccount
9468// API call, and error handling.
9469//
9470// This method is useful when you want to inject custom logic or configuration
9471// into the SDK's request lifecycle. Such as custom headers, or retry logic.
9472//
9473//
9474//    // Example sending a request using the ListHandshakesForAccountRequest method.
9475//    req, resp := client.ListHandshakesForAccountRequest(params)
9476//
9477//    err := req.Send()
9478//    if err == nil { // resp is now filled
9479//        fmt.Println(resp)
9480//    }
9481//
9482// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForAccount
9483func (c *Organizations) ListHandshakesForAccountRequest(input *ListHandshakesForAccountInput) (req *request.Request, output *ListHandshakesForAccountOutput) {
9484	op := &request.Operation{
9485		Name:       opListHandshakesForAccount,
9486		HTTPMethod: "POST",
9487		HTTPPath:   "/",
9488		Paginator: &request.Paginator{
9489			InputTokens:     []string{"NextToken"},
9490			OutputTokens:    []string{"NextToken"},
9491			LimitToken:      "MaxResults",
9492			TruncationToken: "",
9493		},
9494	}
9495
9496	if input == nil {
9497		input = &ListHandshakesForAccountInput{}
9498	}
9499
9500	output = &ListHandshakesForAccountOutput{}
9501	req = c.newRequest(op, input, output)
9502	return
9503}
9504
9505// ListHandshakesForAccount API operation for AWS Organizations.
9506//
9507// Lists the current handshakes that are associated with the account of the
9508// requesting user.
9509//
9510// Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the results
9511// of this API for only 30 days after changing to that state. After that, they're
9512// deleted and no longer accessible.
9513//
9514// Always check the NextToken response parameter for a null value when calling
9515// a List* operation. These operations can occasionally return an empty set
9516// of results even when there are more results available. The NextToken response
9517// parameter value is null only when there are no more results to display.
9518//
9519// This operation can be called only from the organization's master account
9520// or by a member account that is a delegated administrator for an AWS service.
9521//
9522// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
9523// with awserr.Error's Code and Message methods to get detailed information about
9524// the error.
9525//
9526// See the AWS API reference guide for AWS Organizations's
9527// API operation ListHandshakesForAccount for usage and error information.
9528//
9529// Returned Error Types:
9530//   * AccessDeniedException
9531//   You don't have permissions to perform the requested operation. The user or
9532//   role that is making the request must have at least one IAM permissions policy
9533//   attached that grants the required permissions. For more information, see
9534//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
9535//   in the IAM User Guide.
9536//
9537//   * ConcurrentModificationException
9538//   The target of the operation is currently being modified by a different request.
9539//   Try again later.
9540//
9541//   * InvalidInputException
9542//   The requested operation failed because you provided invalid values for one
9543//   or more of the request parameters. This exception includes a reason that
9544//   contains additional information about the violated limit:
9545//
9546//   Some of the reasons in the following list might not be applicable to this
9547//   specific API or operation.
9548//
9549//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
9550//      can't be modified.
9551//
9552//      * INPUT_REQUIRED: You must include a value for all required parameters.
9553//
9554//      * INVALID_ENUM: You specified an invalid value.
9555//
9556//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
9557//      characters.
9558//
9559//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
9560//      at least one invalid value.
9561//
9562//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
9563//      from the response to a previous call of the operation.
9564//
9565//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
9566//      organization, or email) as a party.
9567//
9568//      * INVALID_PATTERN: You provided a value that doesn't match the required
9569//      pattern.
9570//
9571//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
9572//      match the required pattern.
9573//
9574//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
9575//      name can't begin with the reserved prefix AWSServiceRoleFor.
9576//
9577//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
9578//      Name (ARN) for the organization.
9579//
9580//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
9581//
9582//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
9583//      tag. You can’t add, edit, or delete system tag keys because they're
9584//      reserved for AWS use. System tags don’t count against your tags per
9585//      resource limit.
9586//
9587//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
9588//      for the operation.
9589//
9590//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
9591//      than allowed.
9592//
9593//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
9594//      value than allowed.
9595//
9596//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
9597//      than allowed.
9598//
9599//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
9600//      value than allowed.
9601//
9602//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
9603//      between entities in the same root.
9604//
9605//   * ServiceException
9606//   AWS Organizations can't complete your request because of an internal service
9607//   error. Try again later.
9608//
9609//   * TooManyRequestsException
9610//   You have sent too many requests in too short a period of time. The quota
9611//   helps protect against denial-of-service attacks. Try again later.
9612//
9613//   For information about quotas that affect AWS Organizations, see Quotas for
9614//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
9615//   the AWS Organizations User Guide.
9616//
9617// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForAccount
9618func (c *Organizations) ListHandshakesForAccount(input *ListHandshakesForAccountInput) (*ListHandshakesForAccountOutput, error) {
9619	req, out := c.ListHandshakesForAccountRequest(input)
9620	return out, req.Send()
9621}
9622
9623// ListHandshakesForAccountWithContext is the same as ListHandshakesForAccount with the addition of
9624// the ability to pass a context and additional request options.
9625//
9626// See ListHandshakesForAccount for details on how to use this API operation.
9627//
9628// The context must be non-nil and will be used for request cancellation. If
9629// the context is nil a panic will occur. In the future the SDK may create
9630// sub-contexts for http.Requests. See https://golang.org/pkg/context/
9631// for more information on using Contexts.
9632func (c *Organizations) ListHandshakesForAccountWithContext(ctx aws.Context, input *ListHandshakesForAccountInput, opts ...request.Option) (*ListHandshakesForAccountOutput, error) {
9633	req, out := c.ListHandshakesForAccountRequest(input)
9634	req.SetContext(ctx)
9635	req.ApplyOptions(opts...)
9636	return out, req.Send()
9637}
9638
9639// ListHandshakesForAccountPages iterates over the pages of a ListHandshakesForAccount operation,
9640// calling the "fn" function with the response data for each page. To stop
9641// iterating, return false from the fn function.
9642//
9643// See ListHandshakesForAccount method for more information on how to use this operation.
9644//
9645// Note: This operation can generate multiple requests to a service.
9646//
9647//    // Example iterating over at most 3 pages of a ListHandshakesForAccount operation.
9648//    pageNum := 0
9649//    err := client.ListHandshakesForAccountPages(params,
9650//        func(page *organizations.ListHandshakesForAccountOutput, lastPage bool) bool {
9651//            pageNum++
9652//            fmt.Println(page)
9653//            return pageNum <= 3
9654//        })
9655//
9656func (c *Organizations) ListHandshakesForAccountPages(input *ListHandshakesForAccountInput, fn func(*ListHandshakesForAccountOutput, bool) bool) error {
9657	return c.ListHandshakesForAccountPagesWithContext(aws.BackgroundContext(), input, fn)
9658}
9659
9660// ListHandshakesForAccountPagesWithContext same as ListHandshakesForAccountPages except
9661// it takes a Context and allows setting request options on the pages.
9662//
9663// The context must be non-nil and will be used for request cancellation. If
9664// the context is nil a panic will occur. In the future the SDK may create
9665// sub-contexts for http.Requests. See https://golang.org/pkg/context/
9666// for more information on using Contexts.
9667func (c *Organizations) ListHandshakesForAccountPagesWithContext(ctx aws.Context, input *ListHandshakesForAccountInput, fn func(*ListHandshakesForAccountOutput, bool) bool, opts ...request.Option) error {
9668	p := request.Pagination{
9669		NewRequest: func() (*request.Request, error) {
9670			var inCpy *ListHandshakesForAccountInput
9671			if input != nil {
9672				tmp := *input
9673				inCpy = &tmp
9674			}
9675			req, _ := c.ListHandshakesForAccountRequest(inCpy)
9676			req.SetContext(ctx)
9677			req.ApplyOptions(opts...)
9678			return req, nil
9679		},
9680	}
9681
9682	for p.Next() {
9683		if !fn(p.Page().(*ListHandshakesForAccountOutput), !p.HasNextPage()) {
9684			break
9685		}
9686	}
9687
9688	return p.Err()
9689}
9690
9691const opListHandshakesForOrganization = "ListHandshakesForOrganization"
9692
9693// ListHandshakesForOrganizationRequest generates a "aws/request.Request" representing the
9694// client's request for the ListHandshakesForOrganization operation. The "output" return
9695// value will be populated with the request's response once the request completes
9696// successfully.
9697//
9698// Use "Send" method on the returned Request to send the API call to the service.
9699// the "output" return value is not valid until after Send returns without error.
9700//
9701// See ListHandshakesForOrganization for more information on using the ListHandshakesForOrganization
9702// API call, and error handling.
9703//
9704// This method is useful when you want to inject custom logic or configuration
9705// into the SDK's request lifecycle. Such as custom headers, or retry logic.
9706//
9707//
9708//    // Example sending a request using the ListHandshakesForOrganizationRequest method.
9709//    req, resp := client.ListHandshakesForOrganizationRequest(params)
9710//
9711//    err := req.Send()
9712//    if err == nil { // resp is now filled
9713//        fmt.Println(resp)
9714//    }
9715//
9716// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForOrganization
9717func (c *Organizations) ListHandshakesForOrganizationRequest(input *ListHandshakesForOrganizationInput) (req *request.Request, output *ListHandshakesForOrganizationOutput) {
9718	op := &request.Operation{
9719		Name:       opListHandshakesForOrganization,
9720		HTTPMethod: "POST",
9721		HTTPPath:   "/",
9722		Paginator: &request.Paginator{
9723			InputTokens:     []string{"NextToken"},
9724			OutputTokens:    []string{"NextToken"},
9725			LimitToken:      "MaxResults",
9726			TruncationToken: "",
9727		},
9728	}
9729
9730	if input == nil {
9731		input = &ListHandshakesForOrganizationInput{}
9732	}
9733
9734	output = &ListHandshakesForOrganizationOutput{}
9735	req = c.newRequest(op, input, output)
9736	return
9737}
9738
9739// ListHandshakesForOrganization API operation for AWS Organizations.
9740//
9741// Lists the handshakes that are associated with the organization that the requesting
9742// user is part of. The ListHandshakesForOrganization operation returns a list
9743// of handshake structures. Each structure contains details and status about
9744// a handshake.
9745//
9746// Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the results
9747// of this API for only 30 days after changing to that state. After that, they're
9748// deleted and no longer accessible.
9749//
9750// Always check the NextToken response parameter for a null value when calling
9751// a List* operation. These operations can occasionally return an empty set
9752// of results even when there are more results available. The NextToken response
9753// parameter value is null only when there are no more results to display.
9754//
9755// This operation can be called only from the organization's master account
9756// or by a member account that is a delegated administrator for an AWS service.
9757//
9758// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
9759// with awserr.Error's Code and Message methods to get detailed information about
9760// the error.
9761//
9762// See the AWS API reference guide for AWS Organizations's
9763// API operation ListHandshakesForOrganization for usage and error information.
9764//
9765// Returned Error Types:
9766//   * AccessDeniedException
9767//   You don't have permissions to perform the requested operation. The user or
9768//   role that is making the request must have at least one IAM permissions policy
9769//   attached that grants the required permissions. For more information, see
9770//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
9771//   in the IAM User Guide.
9772//
9773//   * AWSOrganizationsNotInUseException
9774//   Your account isn't a member of an organization. To make this request, you
9775//   must use the credentials of an account that belongs to an organization.
9776//
9777//   * ConcurrentModificationException
9778//   The target of the operation is currently being modified by a different request.
9779//   Try again later.
9780//
9781//   * InvalidInputException
9782//   The requested operation failed because you provided invalid values for one
9783//   or more of the request parameters. This exception includes a reason that
9784//   contains additional information about the violated limit:
9785//
9786//   Some of the reasons in the following list might not be applicable to this
9787//   specific API or operation.
9788//
9789//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
9790//      can't be modified.
9791//
9792//      * INPUT_REQUIRED: You must include a value for all required parameters.
9793//
9794//      * INVALID_ENUM: You specified an invalid value.
9795//
9796//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
9797//      characters.
9798//
9799//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
9800//      at least one invalid value.
9801//
9802//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
9803//      from the response to a previous call of the operation.
9804//
9805//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
9806//      organization, or email) as a party.
9807//
9808//      * INVALID_PATTERN: You provided a value that doesn't match the required
9809//      pattern.
9810//
9811//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
9812//      match the required pattern.
9813//
9814//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
9815//      name can't begin with the reserved prefix AWSServiceRoleFor.
9816//
9817//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
9818//      Name (ARN) for the organization.
9819//
9820//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
9821//
9822//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
9823//      tag. You can’t add, edit, or delete system tag keys because they're
9824//      reserved for AWS use. System tags don’t count against your tags per
9825//      resource limit.
9826//
9827//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
9828//      for the operation.
9829//
9830//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
9831//      than allowed.
9832//
9833//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
9834//      value than allowed.
9835//
9836//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
9837//      than allowed.
9838//
9839//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
9840//      value than allowed.
9841//
9842//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
9843//      between entities in the same root.
9844//
9845//   * ServiceException
9846//   AWS Organizations can't complete your request because of an internal service
9847//   error. Try again later.
9848//
9849//   * TooManyRequestsException
9850//   You have sent too many requests in too short a period of time. The quota
9851//   helps protect against denial-of-service attacks. Try again later.
9852//
9853//   For information about quotas that affect AWS Organizations, see Quotas for
9854//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
9855//   the AWS Organizations User Guide.
9856//
9857// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForOrganization
9858func (c *Organizations) ListHandshakesForOrganization(input *ListHandshakesForOrganizationInput) (*ListHandshakesForOrganizationOutput, error) {
9859	req, out := c.ListHandshakesForOrganizationRequest(input)
9860	return out, req.Send()
9861}
9862
9863// ListHandshakesForOrganizationWithContext is the same as ListHandshakesForOrganization with the addition of
9864// the ability to pass a context and additional request options.
9865//
9866// See ListHandshakesForOrganization for details on how to use this API operation.
9867//
9868// The context must be non-nil and will be used for request cancellation. If
9869// the context is nil a panic will occur. In the future the SDK may create
9870// sub-contexts for http.Requests. See https://golang.org/pkg/context/
9871// for more information on using Contexts.
9872func (c *Organizations) ListHandshakesForOrganizationWithContext(ctx aws.Context, input *ListHandshakesForOrganizationInput, opts ...request.Option) (*ListHandshakesForOrganizationOutput, error) {
9873	req, out := c.ListHandshakesForOrganizationRequest(input)
9874	req.SetContext(ctx)
9875	req.ApplyOptions(opts...)
9876	return out, req.Send()
9877}
9878
9879// ListHandshakesForOrganizationPages iterates over the pages of a ListHandshakesForOrganization operation,
9880// calling the "fn" function with the response data for each page. To stop
9881// iterating, return false from the fn function.
9882//
9883// See ListHandshakesForOrganization method for more information on how to use this operation.
9884//
9885// Note: This operation can generate multiple requests to a service.
9886//
9887//    // Example iterating over at most 3 pages of a ListHandshakesForOrganization operation.
9888//    pageNum := 0
9889//    err := client.ListHandshakesForOrganizationPages(params,
9890//        func(page *organizations.ListHandshakesForOrganizationOutput, lastPage bool) bool {
9891//            pageNum++
9892//            fmt.Println(page)
9893//            return pageNum <= 3
9894//        })
9895//
9896func (c *Organizations) ListHandshakesForOrganizationPages(input *ListHandshakesForOrganizationInput, fn func(*ListHandshakesForOrganizationOutput, bool) bool) error {
9897	return c.ListHandshakesForOrganizationPagesWithContext(aws.BackgroundContext(), input, fn)
9898}
9899
9900// ListHandshakesForOrganizationPagesWithContext same as ListHandshakesForOrganizationPages except
9901// it takes a Context and allows setting request options on the pages.
9902//
9903// The context must be non-nil and will be used for request cancellation. If
9904// the context is nil a panic will occur. In the future the SDK may create
9905// sub-contexts for http.Requests. See https://golang.org/pkg/context/
9906// for more information on using Contexts.
9907func (c *Organizations) ListHandshakesForOrganizationPagesWithContext(ctx aws.Context, input *ListHandshakesForOrganizationInput, fn func(*ListHandshakesForOrganizationOutput, bool) bool, opts ...request.Option) error {
9908	p := request.Pagination{
9909		NewRequest: func() (*request.Request, error) {
9910			var inCpy *ListHandshakesForOrganizationInput
9911			if input != nil {
9912				tmp := *input
9913				inCpy = &tmp
9914			}
9915			req, _ := c.ListHandshakesForOrganizationRequest(inCpy)
9916			req.SetContext(ctx)
9917			req.ApplyOptions(opts...)
9918			return req, nil
9919		},
9920	}
9921
9922	for p.Next() {
9923		if !fn(p.Page().(*ListHandshakesForOrganizationOutput), !p.HasNextPage()) {
9924			break
9925		}
9926	}
9927
9928	return p.Err()
9929}
9930
9931const opListOrganizationalUnitsForParent = "ListOrganizationalUnitsForParent"
9932
9933// ListOrganizationalUnitsForParentRequest generates a "aws/request.Request" representing the
9934// client's request for the ListOrganizationalUnitsForParent operation. The "output" return
9935// value will be populated with the request's response once the request completes
9936// successfully.
9937//
9938// Use "Send" method on the returned Request to send the API call to the service.
9939// the "output" return value is not valid until after Send returns without error.
9940//
9941// See ListOrganizationalUnitsForParent for more information on using the ListOrganizationalUnitsForParent
9942// API call, and error handling.
9943//
9944// This method is useful when you want to inject custom logic or configuration
9945// into the SDK's request lifecycle. Such as custom headers, or retry logic.
9946//
9947//
9948//    // Example sending a request using the ListOrganizationalUnitsForParentRequest method.
9949//    req, resp := client.ListOrganizationalUnitsForParentRequest(params)
9950//
9951//    err := req.Send()
9952//    if err == nil { // resp is now filled
9953//        fmt.Println(resp)
9954//    }
9955//
9956// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListOrganizationalUnitsForParent
9957func (c *Organizations) ListOrganizationalUnitsForParentRequest(input *ListOrganizationalUnitsForParentInput) (req *request.Request, output *ListOrganizationalUnitsForParentOutput) {
9958	op := &request.Operation{
9959		Name:       opListOrganizationalUnitsForParent,
9960		HTTPMethod: "POST",
9961		HTTPPath:   "/",
9962		Paginator: &request.Paginator{
9963			InputTokens:     []string{"NextToken"},
9964			OutputTokens:    []string{"NextToken"},
9965			LimitToken:      "MaxResults",
9966			TruncationToken: "",
9967		},
9968	}
9969
9970	if input == nil {
9971		input = &ListOrganizationalUnitsForParentInput{}
9972	}
9973
9974	output = &ListOrganizationalUnitsForParentOutput{}
9975	req = c.newRequest(op, input, output)
9976	return
9977}
9978
9979// ListOrganizationalUnitsForParent API operation for AWS Organizations.
9980//
9981// Lists the organizational units (OUs) in a parent organizational unit or root.
9982//
9983// Always check the NextToken response parameter for a null value when calling
9984// a List* operation. These operations can occasionally return an empty set
9985// of results even when there are more results available. The NextToken response
9986// parameter value is null only when there are no more results to display.
9987//
9988// This operation can be called only from the organization's master account
9989// or by a member account that is a delegated administrator for an AWS service.
9990//
9991// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
9992// with awserr.Error's Code and Message methods to get detailed information about
9993// the error.
9994//
9995// See the AWS API reference guide for AWS Organizations's
9996// API operation ListOrganizationalUnitsForParent for usage and error information.
9997//
9998// Returned Error Types:
9999//   * AccessDeniedException
10000//   You don't have permissions to perform the requested operation. The user or
10001//   role that is making the request must have at least one IAM permissions policy
10002//   attached that grants the required permissions. For more information, see
10003//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
10004//   in the IAM User Guide.
10005//
10006//   * AWSOrganizationsNotInUseException
10007//   Your account isn't a member of an organization. To make this request, you
10008//   must use the credentials of an account that belongs to an organization.
10009//
10010//   * InvalidInputException
10011//   The requested operation failed because you provided invalid values for one
10012//   or more of the request parameters. This exception includes a reason that
10013//   contains additional information about the violated limit:
10014//
10015//   Some of the reasons in the following list might not be applicable to this
10016//   specific API or operation.
10017//
10018//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
10019//      can't be modified.
10020//
10021//      * INPUT_REQUIRED: You must include a value for all required parameters.
10022//
10023//      * INVALID_ENUM: You specified an invalid value.
10024//
10025//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
10026//      characters.
10027//
10028//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
10029//      at least one invalid value.
10030//
10031//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
10032//      from the response to a previous call of the operation.
10033//
10034//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
10035//      organization, or email) as a party.
10036//
10037//      * INVALID_PATTERN: You provided a value that doesn't match the required
10038//      pattern.
10039//
10040//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
10041//      match the required pattern.
10042//
10043//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
10044//      name can't begin with the reserved prefix AWSServiceRoleFor.
10045//
10046//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
10047//      Name (ARN) for the organization.
10048//
10049//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
10050//
10051//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
10052//      tag. You can’t add, edit, or delete system tag keys because they're
10053//      reserved for AWS use. System tags don’t count against your tags per
10054//      resource limit.
10055//
10056//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
10057//      for the operation.
10058//
10059//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
10060//      than allowed.
10061//
10062//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
10063//      value than allowed.
10064//
10065//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
10066//      than allowed.
10067//
10068//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
10069//      value than allowed.
10070//
10071//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
10072//      between entities in the same root.
10073//
10074//   * ParentNotFoundException
10075//   We can't find a root or OU with the ParentId that you specified.
10076//
10077//   * ServiceException
10078//   AWS Organizations can't complete your request because of an internal service
10079//   error. Try again later.
10080//
10081//   * TooManyRequestsException
10082//   You have sent too many requests in too short a period of time. The quota
10083//   helps protect against denial-of-service attacks. Try again later.
10084//
10085//   For information about quotas that affect AWS Organizations, see Quotas for
10086//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
10087//   the AWS Organizations User Guide.
10088//
10089// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListOrganizationalUnitsForParent
10090func (c *Organizations) ListOrganizationalUnitsForParent(input *ListOrganizationalUnitsForParentInput) (*ListOrganizationalUnitsForParentOutput, error) {
10091	req, out := c.ListOrganizationalUnitsForParentRequest(input)
10092	return out, req.Send()
10093}
10094
10095// ListOrganizationalUnitsForParentWithContext is the same as ListOrganizationalUnitsForParent with the addition of
10096// the ability to pass a context and additional request options.
10097//
10098// See ListOrganizationalUnitsForParent for details on how to use this API operation.
10099//
10100// The context must be non-nil and will be used for request cancellation. If
10101// the context is nil a panic will occur. In the future the SDK may create
10102// sub-contexts for http.Requests. See https://golang.org/pkg/context/
10103// for more information on using Contexts.
10104func (c *Organizations) ListOrganizationalUnitsForParentWithContext(ctx aws.Context, input *ListOrganizationalUnitsForParentInput, opts ...request.Option) (*ListOrganizationalUnitsForParentOutput, error) {
10105	req, out := c.ListOrganizationalUnitsForParentRequest(input)
10106	req.SetContext(ctx)
10107	req.ApplyOptions(opts...)
10108	return out, req.Send()
10109}
10110
10111// ListOrganizationalUnitsForParentPages iterates over the pages of a ListOrganizationalUnitsForParent operation,
10112// calling the "fn" function with the response data for each page. To stop
10113// iterating, return false from the fn function.
10114//
10115// See ListOrganizationalUnitsForParent method for more information on how to use this operation.
10116//
10117// Note: This operation can generate multiple requests to a service.
10118//
10119//    // Example iterating over at most 3 pages of a ListOrganizationalUnitsForParent operation.
10120//    pageNum := 0
10121//    err := client.ListOrganizationalUnitsForParentPages(params,
10122//        func(page *organizations.ListOrganizationalUnitsForParentOutput, lastPage bool) bool {
10123//            pageNum++
10124//            fmt.Println(page)
10125//            return pageNum <= 3
10126//        })
10127//
10128func (c *Organizations) ListOrganizationalUnitsForParentPages(input *ListOrganizationalUnitsForParentInput, fn func(*ListOrganizationalUnitsForParentOutput, bool) bool) error {
10129	return c.ListOrganizationalUnitsForParentPagesWithContext(aws.BackgroundContext(), input, fn)
10130}
10131
10132// ListOrganizationalUnitsForParentPagesWithContext same as ListOrganizationalUnitsForParentPages except
10133// it takes a Context and allows setting request options on the pages.
10134//
10135// The context must be non-nil and will be used for request cancellation. If
10136// the context is nil a panic will occur. In the future the SDK may create
10137// sub-contexts for http.Requests. See https://golang.org/pkg/context/
10138// for more information on using Contexts.
10139func (c *Organizations) ListOrganizationalUnitsForParentPagesWithContext(ctx aws.Context, input *ListOrganizationalUnitsForParentInput, fn func(*ListOrganizationalUnitsForParentOutput, bool) bool, opts ...request.Option) error {
10140	p := request.Pagination{
10141		NewRequest: func() (*request.Request, error) {
10142			var inCpy *ListOrganizationalUnitsForParentInput
10143			if input != nil {
10144				tmp := *input
10145				inCpy = &tmp
10146			}
10147			req, _ := c.ListOrganizationalUnitsForParentRequest(inCpy)
10148			req.SetContext(ctx)
10149			req.ApplyOptions(opts...)
10150			return req, nil
10151		},
10152	}
10153
10154	for p.Next() {
10155		if !fn(p.Page().(*ListOrganizationalUnitsForParentOutput), !p.HasNextPage()) {
10156			break
10157		}
10158	}
10159
10160	return p.Err()
10161}
10162
10163const opListParents = "ListParents"
10164
10165// ListParentsRequest generates a "aws/request.Request" representing the
10166// client's request for the ListParents operation. The "output" return
10167// value will be populated with the request's response once the request completes
10168// successfully.
10169//
10170// Use "Send" method on the returned Request to send the API call to the service.
10171// the "output" return value is not valid until after Send returns without error.
10172//
10173// See ListParents for more information on using the ListParents
10174// API call, and error handling.
10175//
10176// This method is useful when you want to inject custom logic or configuration
10177// into the SDK's request lifecycle. Such as custom headers, or retry logic.
10178//
10179//
10180//    // Example sending a request using the ListParentsRequest method.
10181//    req, resp := client.ListParentsRequest(params)
10182//
10183//    err := req.Send()
10184//    if err == nil { // resp is now filled
10185//        fmt.Println(resp)
10186//    }
10187//
10188// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListParents
10189func (c *Organizations) ListParentsRequest(input *ListParentsInput) (req *request.Request, output *ListParentsOutput) {
10190	op := &request.Operation{
10191		Name:       opListParents,
10192		HTTPMethod: "POST",
10193		HTTPPath:   "/",
10194		Paginator: &request.Paginator{
10195			InputTokens:     []string{"NextToken"},
10196			OutputTokens:    []string{"NextToken"},
10197			LimitToken:      "MaxResults",
10198			TruncationToken: "",
10199		},
10200	}
10201
10202	if input == nil {
10203		input = &ListParentsInput{}
10204	}
10205
10206	output = &ListParentsOutput{}
10207	req = c.newRequest(op, input, output)
10208	return
10209}
10210
10211// ListParents API operation for AWS Organizations.
10212//
10213// Lists the root or organizational units (OUs) that serve as the immediate
10214// parent of the specified child OU or account. This operation, along with ListChildren
10215// enables you to traverse the tree structure that makes up this root.
10216//
10217// Always check the NextToken response parameter for a null value when calling
10218// a List* operation. These operations can occasionally return an empty set
10219// of results even when there are more results available. The NextToken response
10220// parameter value is null only when there are no more results to display.
10221//
10222// This operation can be called only from the organization's master account
10223// or by a member account that is a delegated administrator for an AWS service.
10224//
10225// In the current release, a child can have only a single parent.
10226//
10227// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
10228// with awserr.Error's Code and Message methods to get detailed information about
10229// the error.
10230//
10231// See the AWS API reference guide for AWS Organizations's
10232// API operation ListParents for usage and error information.
10233//
10234// Returned Error Types:
10235//   * AccessDeniedException
10236//   You don't have permissions to perform the requested operation. The user or
10237//   role that is making the request must have at least one IAM permissions policy
10238//   attached that grants the required permissions. For more information, see
10239//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
10240//   in the IAM User Guide.
10241//
10242//   * AWSOrganizationsNotInUseException
10243//   Your account isn't a member of an organization. To make this request, you
10244//   must use the credentials of an account that belongs to an organization.
10245//
10246//   * ChildNotFoundException
10247//   We can't find an organizational unit (OU) or AWS account with the ChildId
10248//   that you specified.
10249//
10250//   * InvalidInputException
10251//   The requested operation failed because you provided invalid values for one
10252//   or more of the request parameters. This exception includes a reason that
10253//   contains additional information about the violated limit:
10254//
10255//   Some of the reasons in the following list might not be applicable to this
10256//   specific API or operation.
10257//
10258//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
10259//      can't be modified.
10260//
10261//      * INPUT_REQUIRED: You must include a value for all required parameters.
10262//
10263//      * INVALID_ENUM: You specified an invalid value.
10264//
10265//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
10266//      characters.
10267//
10268//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
10269//      at least one invalid value.
10270//
10271//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
10272//      from the response to a previous call of the operation.
10273//
10274//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
10275//      organization, or email) as a party.
10276//
10277//      * INVALID_PATTERN: You provided a value that doesn't match the required
10278//      pattern.
10279//
10280//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
10281//      match the required pattern.
10282//
10283//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
10284//      name can't begin with the reserved prefix AWSServiceRoleFor.
10285//
10286//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
10287//      Name (ARN) for the organization.
10288//
10289//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
10290//
10291//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
10292//      tag. You can’t add, edit, or delete system tag keys because they're
10293//      reserved for AWS use. System tags don’t count against your tags per
10294//      resource limit.
10295//
10296//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
10297//      for the operation.
10298//
10299//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
10300//      than allowed.
10301//
10302//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
10303//      value than allowed.
10304//
10305//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
10306//      than allowed.
10307//
10308//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
10309//      value than allowed.
10310//
10311//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
10312//      between entities in the same root.
10313//
10314//   * ServiceException
10315//   AWS Organizations can't complete your request because of an internal service
10316//   error. Try again later.
10317//
10318//   * TooManyRequestsException
10319//   You have sent too many requests in too short a period of time. The quota
10320//   helps protect against denial-of-service attacks. Try again later.
10321//
10322//   For information about quotas that affect AWS Organizations, see Quotas for
10323//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
10324//   the AWS Organizations User Guide.
10325//
10326// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListParents
10327func (c *Organizations) ListParents(input *ListParentsInput) (*ListParentsOutput, error) {
10328	req, out := c.ListParentsRequest(input)
10329	return out, req.Send()
10330}
10331
10332// ListParentsWithContext is the same as ListParents with the addition of
10333// the ability to pass a context and additional request options.
10334//
10335// See ListParents for details on how to use this API operation.
10336//
10337// The context must be non-nil and will be used for request cancellation. If
10338// the context is nil a panic will occur. In the future the SDK may create
10339// sub-contexts for http.Requests. See https://golang.org/pkg/context/
10340// for more information on using Contexts.
10341func (c *Organizations) ListParentsWithContext(ctx aws.Context, input *ListParentsInput, opts ...request.Option) (*ListParentsOutput, error) {
10342	req, out := c.ListParentsRequest(input)
10343	req.SetContext(ctx)
10344	req.ApplyOptions(opts...)
10345	return out, req.Send()
10346}
10347
10348// ListParentsPages iterates over the pages of a ListParents operation,
10349// calling the "fn" function with the response data for each page. To stop
10350// iterating, return false from the fn function.
10351//
10352// See ListParents method for more information on how to use this operation.
10353//
10354// Note: This operation can generate multiple requests to a service.
10355//
10356//    // Example iterating over at most 3 pages of a ListParents operation.
10357//    pageNum := 0
10358//    err := client.ListParentsPages(params,
10359//        func(page *organizations.ListParentsOutput, lastPage bool) bool {
10360//            pageNum++
10361//            fmt.Println(page)
10362//            return pageNum <= 3
10363//        })
10364//
10365func (c *Organizations) ListParentsPages(input *ListParentsInput, fn func(*ListParentsOutput, bool) bool) error {
10366	return c.ListParentsPagesWithContext(aws.BackgroundContext(), input, fn)
10367}
10368
10369// ListParentsPagesWithContext same as ListParentsPages except
10370// it takes a Context and allows setting request options on the pages.
10371//
10372// The context must be non-nil and will be used for request cancellation. If
10373// the context is nil a panic will occur. In the future the SDK may create
10374// sub-contexts for http.Requests. See https://golang.org/pkg/context/
10375// for more information on using Contexts.
10376func (c *Organizations) ListParentsPagesWithContext(ctx aws.Context, input *ListParentsInput, fn func(*ListParentsOutput, bool) bool, opts ...request.Option) error {
10377	p := request.Pagination{
10378		NewRequest: func() (*request.Request, error) {
10379			var inCpy *ListParentsInput
10380			if input != nil {
10381				tmp := *input
10382				inCpy = &tmp
10383			}
10384			req, _ := c.ListParentsRequest(inCpy)
10385			req.SetContext(ctx)
10386			req.ApplyOptions(opts...)
10387			return req, nil
10388		},
10389	}
10390
10391	for p.Next() {
10392		if !fn(p.Page().(*ListParentsOutput), !p.HasNextPage()) {
10393			break
10394		}
10395	}
10396
10397	return p.Err()
10398}
10399
10400const opListPolicies = "ListPolicies"
10401
10402// ListPoliciesRequest generates a "aws/request.Request" representing the
10403// client's request for the ListPolicies operation. The "output" return
10404// value will be populated with the request's response once the request completes
10405// successfully.
10406//
10407// Use "Send" method on the returned Request to send the API call to the service.
10408// the "output" return value is not valid until after Send returns without error.
10409//
10410// See ListPolicies for more information on using the ListPolicies
10411// API call, and error handling.
10412//
10413// This method is useful when you want to inject custom logic or configuration
10414// into the SDK's request lifecycle. Such as custom headers, or retry logic.
10415//
10416//
10417//    // Example sending a request using the ListPoliciesRequest method.
10418//    req, resp := client.ListPoliciesRequest(params)
10419//
10420//    err := req.Send()
10421//    if err == nil { // resp is now filled
10422//        fmt.Println(resp)
10423//    }
10424//
10425// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPolicies
10426func (c *Organizations) ListPoliciesRequest(input *ListPoliciesInput) (req *request.Request, output *ListPoliciesOutput) {
10427	op := &request.Operation{
10428		Name:       opListPolicies,
10429		HTTPMethod: "POST",
10430		HTTPPath:   "/",
10431		Paginator: &request.Paginator{
10432			InputTokens:     []string{"NextToken"},
10433			OutputTokens:    []string{"NextToken"},
10434			LimitToken:      "MaxResults",
10435			TruncationToken: "",
10436		},
10437	}
10438
10439	if input == nil {
10440		input = &ListPoliciesInput{}
10441	}
10442
10443	output = &ListPoliciesOutput{}
10444	req = c.newRequest(op, input, output)
10445	return
10446}
10447
10448// ListPolicies API operation for AWS Organizations.
10449//
10450// Retrieves the list of all policies in an organization of a specified type.
10451//
10452// Always check the NextToken response parameter for a null value when calling
10453// a List* operation. These operations can occasionally return an empty set
10454// of results even when there are more results available. The NextToken response
10455// parameter value is null only when there are no more results to display.
10456//
10457// This operation can be called only from the organization's master account
10458// or by a member account that is a delegated administrator for an AWS service.
10459//
10460// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
10461// with awserr.Error's Code and Message methods to get detailed information about
10462// the error.
10463//
10464// See the AWS API reference guide for AWS Organizations's
10465// API operation ListPolicies for usage and error information.
10466//
10467// Returned Error Types:
10468//   * AccessDeniedException
10469//   You don't have permissions to perform the requested operation. The user or
10470//   role that is making the request must have at least one IAM permissions policy
10471//   attached that grants the required permissions. For more information, see
10472//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
10473//   in the IAM User Guide.
10474//
10475//   * AWSOrganizationsNotInUseException
10476//   Your account isn't a member of an organization. To make this request, you
10477//   must use the credentials of an account that belongs to an organization.
10478//
10479//   * InvalidInputException
10480//   The requested operation failed because you provided invalid values for one
10481//   or more of the request parameters. This exception includes a reason that
10482//   contains additional information about the violated limit:
10483//
10484//   Some of the reasons in the following list might not be applicable to this
10485//   specific API or operation.
10486//
10487//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
10488//      can't be modified.
10489//
10490//      * INPUT_REQUIRED: You must include a value for all required parameters.
10491//
10492//      * INVALID_ENUM: You specified an invalid value.
10493//
10494//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
10495//      characters.
10496//
10497//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
10498//      at least one invalid value.
10499//
10500//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
10501//      from the response to a previous call of the operation.
10502//
10503//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
10504//      organization, or email) as a party.
10505//
10506//      * INVALID_PATTERN: You provided a value that doesn't match the required
10507//      pattern.
10508//
10509//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
10510//      match the required pattern.
10511//
10512//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
10513//      name can't begin with the reserved prefix AWSServiceRoleFor.
10514//
10515//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
10516//      Name (ARN) for the organization.
10517//
10518//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
10519//
10520//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
10521//      tag. You can’t add, edit, or delete system tag keys because they're
10522//      reserved for AWS use. System tags don’t count against your tags per
10523//      resource limit.
10524//
10525//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
10526//      for the operation.
10527//
10528//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
10529//      than allowed.
10530//
10531//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
10532//      value than allowed.
10533//
10534//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
10535//      than allowed.
10536//
10537//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
10538//      value than allowed.
10539//
10540//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
10541//      between entities in the same root.
10542//
10543//   * ServiceException
10544//   AWS Organizations can't complete your request because of an internal service
10545//   error. Try again later.
10546//
10547//   * TooManyRequestsException
10548//   You have sent too many requests in too short a period of time. The quota
10549//   helps protect against denial-of-service attacks. Try again later.
10550//
10551//   For information about quotas that affect AWS Organizations, see Quotas for
10552//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
10553//   the AWS Organizations User Guide.
10554//
10555//   * UnsupportedAPIEndpointException
10556//   This action isn't available in the current AWS Region.
10557//
10558// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPolicies
10559func (c *Organizations) ListPolicies(input *ListPoliciesInput) (*ListPoliciesOutput, error) {
10560	req, out := c.ListPoliciesRequest(input)
10561	return out, req.Send()
10562}
10563
10564// ListPoliciesWithContext is the same as ListPolicies with the addition of
10565// the ability to pass a context and additional request options.
10566//
10567// See ListPolicies for details on how to use this API operation.
10568//
10569// The context must be non-nil and will be used for request cancellation. If
10570// the context is nil a panic will occur. In the future the SDK may create
10571// sub-contexts for http.Requests. See https://golang.org/pkg/context/
10572// for more information on using Contexts.
10573func (c *Organizations) ListPoliciesWithContext(ctx aws.Context, input *ListPoliciesInput, opts ...request.Option) (*ListPoliciesOutput, error) {
10574	req, out := c.ListPoliciesRequest(input)
10575	req.SetContext(ctx)
10576	req.ApplyOptions(opts...)
10577	return out, req.Send()
10578}
10579
10580// ListPoliciesPages iterates over the pages of a ListPolicies operation,
10581// calling the "fn" function with the response data for each page. To stop
10582// iterating, return false from the fn function.
10583//
10584// See ListPolicies method for more information on how to use this operation.
10585//
10586// Note: This operation can generate multiple requests to a service.
10587//
10588//    // Example iterating over at most 3 pages of a ListPolicies operation.
10589//    pageNum := 0
10590//    err := client.ListPoliciesPages(params,
10591//        func(page *organizations.ListPoliciesOutput, lastPage bool) bool {
10592//            pageNum++
10593//            fmt.Println(page)
10594//            return pageNum <= 3
10595//        })
10596//
10597func (c *Organizations) ListPoliciesPages(input *ListPoliciesInput, fn func(*ListPoliciesOutput, bool) bool) error {
10598	return c.ListPoliciesPagesWithContext(aws.BackgroundContext(), input, fn)
10599}
10600
10601// ListPoliciesPagesWithContext same as ListPoliciesPages except
10602// it takes a Context and allows setting request options on the pages.
10603//
10604// The context must be non-nil and will be used for request cancellation. If
10605// the context is nil a panic will occur. In the future the SDK may create
10606// sub-contexts for http.Requests. See https://golang.org/pkg/context/
10607// for more information on using Contexts.
10608func (c *Organizations) ListPoliciesPagesWithContext(ctx aws.Context, input *ListPoliciesInput, fn func(*ListPoliciesOutput, bool) bool, opts ...request.Option) error {
10609	p := request.Pagination{
10610		NewRequest: func() (*request.Request, error) {
10611			var inCpy *ListPoliciesInput
10612			if input != nil {
10613				tmp := *input
10614				inCpy = &tmp
10615			}
10616			req, _ := c.ListPoliciesRequest(inCpy)
10617			req.SetContext(ctx)
10618			req.ApplyOptions(opts...)
10619			return req, nil
10620		},
10621	}
10622
10623	for p.Next() {
10624		if !fn(p.Page().(*ListPoliciesOutput), !p.HasNextPage()) {
10625			break
10626		}
10627	}
10628
10629	return p.Err()
10630}
10631
10632const opListPoliciesForTarget = "ListPoliciesForTarget"
10633
10634// ListPoliciesForTargetRequest generates a "aws/request.Request" representing the
10635// client's request for the ListPoliciesForTarget operation. The "output" return
10636// value will be populated with the request's response once the request completes
10637// successfully.
10638//
10639// Use "Send" method on the returned Request to send the API call to the service.
10640// the "output" return value is not valid until after Send returns without error.
10641//
10642// See ListPoliciesForTarget for more information on using the ListPoliciesForTarget
10643// API call, and error handling.
10644//
10645// This method is useful when you want to inject custom logic or configuration
10646// into the SDK's request lifecycle. Such as custom headers, or retry logic.
10647//
10648//
10649//    // Example sending a request using the ListPoliciesForTargetRequest method.
10650//    req, resp := client.ListPoliciesForTargetRequest(params)
10651//
10652//    err := req.Send()
10653//    if err == nil { // resp is now filled
10654//        fmt.Println(resp)
10655//    }
10656//
10657// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPoliciesForTarget
10658func (c *Organizations) ListPoliciesForTargetRequest(input *ListPoliciesForTargetInput) (req *request.Request, output *ListPoliciesForTargetOutput) {
10659	op := &request.Operation{
10660		Name:       opListPoliciesForTarget,
10661		HTTPMethod: "POST",
10662		HTTPPath:   "/",
10663		Paginator: &request.Paginator{
10664			InputTokens:     []string{"NextToken"},
10665			OutputTokens:    []string{"NextToken"},
10666			LimitToken:      "MaxResults",
10667			TruncationToken: "",
10668		},
10669	}
10670
10671	if input == nil {
10672		input = &ListPoliciesForTargetInput{}
10673	}
10674
10675	output = &ListPoliciesForTargetOutput{}
10676	req = c.newRequest(op, input, output)
10677	return
10678}
10679
10680// ListPoliciesForTarget API operation for AWS Organizations.
10681//
10682// Lists the policies that are directly attached to the specified target root,
10683// organizational unit (OU), or account. You must specify the policy type that
10684// you want included in the returned list.
10685//
10686// Always check the NextToken response parameter for a null value when calling
10687// a List* operation. These operations can occasionally return an empty set
10688// of results even when there are more results available. The NextToken response
10689// parameter value is null only when there are no more results to display.
10690//
10691// This operation can be called only from the organization's master account
10692// or by a member account that is a delegated administrator for an AWS service.
10693//
10694// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
10695// with awserr.Error's Code and Message methods to get detailed information about
10696// the error.
10697//
10698// See the AWS API reference guide for AWS Organizations's
10699// API operation ListPoliciesForTarget for usage and error information.
10700//
10701// Returned Error Types:
10702//   * AccessDeniedException
10703//   You don't have permissions to perform the requested operation. The user or
10704//   role that is making the request must have at least one IAM permissions policy
10705//   attached that grants the required permissions. For more information, see
10706//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
10707//   in the IAM User Guide.
10708//
10709//   * AWSOrganizationsNotInUseException
10710//   Your account isn't a member of an organization. To make this request, you
10711//   must use the credentials of an account that belongs to an organization.
10712//
10713//   * InvalidInputException
10714//   The requested operation failed because you provided invalid values for one
10715//   or more of the request parameters. This exception includes a reason that
10716//   contains additional information about the violated limit:
10717//
10718//   Some of the reasons in the following list might not be applicable to this
10719//   specific API or operation.
10720//
10721//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
10722//      can't be modified.
10723//
10724//      * INPUT_REQUIRED: You must include a value for all required parameters.
10725//
10726//      * INVALID_ENUM: You specified an invalid value.
10727//
10728//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
10729//      characters.
10730//
10731//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
10732//      at least one invalid value.
10733//
10734//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
10735//      from the response to a previous call of the operation.
10736//
10737//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
10738//      organization, or email) as a party.
10739//
10740//      * INVALID_PATTERN: You provided a value that doesn't match the required
10741//      pattern.
10742//
10743//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
10744//      match the required pattern.
10745//
10746//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
10747//      name can't begin with the reserved prefix AWSServiceRoleFor.
10748//
10749//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
10750//      Name (ARN) for the organization.
10751//
10752//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
10753//
10754//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
10755//      tag. You can’t add, edit, or delete system tag keys because they're
10756//      reserved for AWS use. System tags don’t count against your tags per
10757//      resource limit.
10758//
10759//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
10760//      for the operation.
10761//
10762//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
10763//      than allowed.
10764//
10765//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
10766//      value than allowed.
10767//
10768//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
10769//      than allowed.
10770//
10771//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
10772//      value than allowed.
10773//
10774//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
10775//      between entities in the same root.
10776//
10777//   * ServiceException
10778//   AWS Organizations can't complete your request because of an internal service
10779//   error. Try again later.
10780//
10781//   * TargetNotFoundException
10782//   We can't find a root, OU, or account with the TargetId that you specified.
10783//
10784//   * TooManyRequestsException
10785//   You have sent too many requests in too short a period of time. The quota
10786//   helps protect against denial-of-service attacks. Try again later.
10787//
10788//   For information about quotas that affect AWS Organizations, see Quotas for
10789//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
10790//   the AWS Organizations User Guide.
10791//
10792//   * UnsupportedAPIEndpointException
10793//   This action isn't available in the current AWS Region.
10794//
10795// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPoliciesForTarget
10796func (c *Organizations) ListPoliciesForTarget(input *ListPoliciesForTargetInput) (*ListPoliciesForTargetOutput, error) {
10797	req, out := c.ListPoliciesForTargetRequest(input)
10798	return out, req.Send()
10799}
10800
10801// ListPoliciesForTargetWithContext is the same as ListPoliciesForTarget with the addition of
10802// the ability to pass a context and additional request options.
10803//
10804// See ListPoliciesForTarget for details on how to use this API operation.
10805//
10806// The context must be non-nil and will be used for request cancellation. If
10807// the context is nil a panic will occur. In the future the SDK may create
10808// sub-contexts for http.Requests. See https://golang.org/pkg/context/
10809// for more information on using Contexts.
10810func (c *Organizations) ListPoliciesForTargetWithContext(ctx aws.Context, input *ListPoliciesForTargetInput, opts ...request.Option) (*ListPoliciesForTargetOutput, error) {
10811	req, out := c.ListPoliciesForTargetRequest(input)
10812	req.SetContext(ctx)
10813	req.ApplyOptions(opts...)
10814	return out, req.Send()
10815}
10816
10817// ListPoliciesForTargetPages iterates over the pages of a ListPoliciesForTarget operation,
10818// calling the "fn" function with the response data for each page. To stop
10819// iterating, return false from the fn function.
10820//
10821// See ListPoliciesForTarget method for more information on how to use this operation.
10822//
10823// Note: This operation can generate multiple requests to a service.
10824//
10825//    // Example iterating over at most 3 pages of a ListPoliciesForTarget operation.
10826//    pageNum := 0
10827//    err := client.ListPoliciesForTargetPages(params,
10828//        func(page *organizations.ListPoliciesForTargetOutput, lastPage bool) bool {
10829//            pageNum++
10830//            fmt.Println(page)
10831//            return pageNum <= 3
10832//        })
10833//
10834func (c *Organizations) ListPoliciesForTargetPages(input *ListPoliciesForTargetInput, fn func(*ListPoliciesForTargetOutput, bool) bool) error {
10835	return c.ListPoliciesForTargetPagesWithContext(aws.BackgroundContext(), input, fn)
10836}
10837
10838// ListPoliciesForTargetPagesWithContext same as ListPoliciesForTargetPages except
10839// it takes a Context and allows setting request options on the pages.
10840//
10841// The context must be non-nil and will be used for request cancellation. If
10842// the context is nil a panic will occur. In the future the SDK may create
10843// sub-contexts for http.Requests. See https://golang.org/pkg/context/
10844// for more information on using Contexts.
10845func (c *Organizations) ListPoliciesForTargetPagesWithContext(ctx aws.Context, input *ListPoliciesForTargetInput, fn func(*ListPoliciesForTargetOutput, bool) bool, opts ...request.Option) error {
10846	p := request.Pagination{
10847		NewRequest: func() (*request.Request, error) {
10848			var inCpy *ListPoliciesForTargetInput
10849			if input != nil {
10850				tmp := *input
10851				inCpy = &tmp
10852			}
10853			req, _ := c.ListPoliciesForTargetRequest(inCpy)
10854			req.SetContext(ctx)
10855			req.ApplyOptions(opts...)
10856			return req, nil
10857		},
10858	}
10859
10860	for p.Next() {
10861		if !fn(p.Page().(*ListPoliciesForTargetOutput), !p.HasNextPage()) {
10862			break
10863		}
10864	}
10865
10866	return p.Err()
10867}
10868
10869const opListRoots = "ListRoots"
10870
10871// ListRootsRequest generates a "aws/request.Request" representing the
10872// client's request for the ListRoots operation. The "output" return
10873// value will be populated with the request's response once the request completes
10874// successfully.
10875//
10876// Use "Send" method on the returned Request to send the API call to the service.
10877// the "output" return value is not valid until after Send returns without error.
10878//
10879// See ListRoots for more information on using the ListRoots
10880// API call, and error handling.
10881//
10882// This method is useful when you want to inject custom logic or configuration
10883// into the SDK's request lifecycle. Such as custom headers, or retry logic.
10884//
10885//
10886//    // Example sending a request using the ListRootsRequest method.
10887//    req, resp := client.ListRootsRequest(params)
10888//
10889//    err := req.Send()
10890//    if err == nil { // resp is now filled
10891//        fmt.Println(resp)
10892//    }
10893//
10894// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListRoots
10895func (c *Organizations) ListRootsRequest(input *ListRootsInput) (req *request.Request, output *ListRootsOutput) {
10896	op := &request.Operation{
10897		Name:       opListRoots,
10898		HTTPMethod: "POST",
10899		HTTPPath:   "/",
10900		Paginator: &request.Paginator{
10901			InputTokens:     []string{"NextToken"},
10902			OutputTokens:    []string{"NextToken"},
10903			LimitToken:      "MaxResults",
10904			TruncationToken: "",
10905		},
10906	}
10907
10908	if input == nil {
10909		input = &ListRootsInput{}
10910	}
10911
10912	output = &ListRootsOutput{}
10913	req = c.newRequest(op, input, output)
10914	return
10915}
10916
10917// ListRoots API operation for AWS Organizations.
10918//
10919// Lists the roots that are defined in the current organization.
10920//
10921// Always check the NextToken response parameter for a null value when calling
10922// a List* operation. These operations can occasionally return an empty set
10923// of results even when there are more results available. The NextToken response
10924// parameter value is null only when there are no more results to display.
10925//
10926// This operation can be called only from the organization's master account
10927// or by a member account that is a delegated administrator for an AWS service.
10928//
10929// Policy types can be enabled and disabled in roots. This is distinct from
10930// whether they're available in the organization. When you enable all features,
10931// you make policy types available for use in that organization. Individual
10932// policy types can then be enabled and disabled in a root. To see the availability
10933// of a policy type in an organization, use DescribeOrganization.
10934//
10935// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
10936// with awserr.Error's Code and Message methods to get detailed information about
10937// the error.
10938//
10939// See the AWS API reference guide for AWS Organizations's
10940// API operation ListRoots for usage and error information.
10941//
10942// Returned Error Types:
10943//   * AccessDeniedException
10944//   You don't have permissions to perform the requested operation. The user or
10945//   role that is making the request must have at least one IAM permissions policy
10946//   attached that grants the required permissions. For more information, see
10947//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
10948//   in the IAM User Guide.
10949//
10950//   * AWSOrganizationsNotInUseException
10951//   Your account isn't a member of an organization. To make this request, you
10952//   must use the credentials of an account that belongs to an organization.
10953//
10954//   * InvalidInputException
10955//   The requested operation failed because you provided invalid values for one
10956//   or more of the request parameters. This exception includes a reason that
10957//   contains additional information about the violated limit:
10958//
10959//   Some of the reasons in the following list might not be applicable to this
10960//   specific API or operation.
10961//
10962//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
10963//      can't be modified.
10964//
10965//      * INPUT_REQUIRED: You must include a value for all required parameters.
10966//
10967//      * INVALID_ENUM: You specified an invalid value.
10968//
10969//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
10970//      characters.
10971//
10972//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
10973//      at least one invalid value.
10974//
10975//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
10976//      from the response to a previous call of the operation.
10977//
10978//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
10979//      organization, or email) as a party.
10980//
10981//      * INVALID_PATTERN: You provided a value that doesn't match the required
10982//      pattern.
10983//
10984//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
10985//      match the required pattern.
10986//
10987//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
10988//      name can't begin with the reserved prefix AWSServiceRoleFor.
10989//
10990//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
10991//      Name (ARN) for the organization.
10992//
10993//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
10994//
10995//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
10996//      tag. You can’t add, edit, or delete system tag keys because they're
10997//      reserved for AWS use. System tags don’t count against your tags per
10998//      resource limit.
10999//
11000//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
11001//      for the operation.
11002//
11003//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
11004//      than allowed.
11005//
11006//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
11007//      value than allowed.
11008//
11009//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
11010//      than allowed.
11011//
11012//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
11013//      value than allowed.
11014//
11015//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
11016//      between entities in the same root.
11017//
11018//   * ServiceException
11019//   AWS Organizations can't complete your request because of an internal service
11020//   error. Try again later.
11021//
11022//   * TooManyRequestsException
11023//   You have sent too many requests in too short a period of time. The quota
11024//   helps protect against denial-of-service attacks. Try again later.
11025//
11026//   For information about quotas that affect AWS Organizations, see Quotas for
11027//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
11028//   the AWS Organizations User Guide.
11029//
11030// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListRoots
11031func (c *Organizations) ListRoots(input *ListRootsInput) (*ListRootsOutput, error) {
11032	req, out := c.ListRootsRequest(input)
11033	return out, req.Send()
11034}
11035
11036// ListRootsWithContext is the same as ListRoots with the addition of
11037// the ability to pass a context and additional request options.
11038//
11039// See ListRoots for details on how to use this API operation.
11040//
11041// The context must be non-nil and will be used for request cancellation. If
11042// the context is nil a panic will occur. In the future the SDK may create
11043// sub-contexts for http.Requests. See https://golang.org/pkg/context/
11044// for more information on using Contexts.
11045func (c *Organizations) ListRootsWithContext(ctx aws.Context, input *ListRootsInput, opts ...request.Option) (*ListRootsOutput, error) {
11046	req, out := c.ListRootsRequest(input)
11047	req.SetContext(ctx)
11048	req.ApplyOptions(opts...)
11049	return out, req.Send()
11050}
11051
11052// ListRootsPages iterates over the pages of a ListRoots operation,
11053// calling the "fn" function with the response data for each page. To stop
11054// iterating, return false from the fn function.
11055//
11056// See ListRoots method for more information on how to use this operation.
11057//
11058// Note: This operation can generate multiple requests to a service.
11059//
11060//    // Example iterating over at most 3 pages of a ListRoots operation.
11061//    pageNum := 0
11062//    err := client.ListRootsPages(params,
11063//        func(page *organizations.ListRootsOutput, lastPage bool) bool {
11064//            pageNum++
11065//            fmt.Println(page)
11066//            return pageNum <= 3
11067//        })
11068//
11069func (c *Organizations) ListRootsPages(input *ListRootsInput, fn func(*ListRootsOutput, bool) bool) error {
11070	return c.ListRootsPagesWithContext(aws.BackgroundContext(), input, fn)
11071}
11072
11073// ListRootsPagesWithContext same as ListRootsPages except
11074// it takes a Context and allows setting request options on the pages.
11075//
11076// The context must be non-nil and will be used for request cancellation. If
11077// the context is nil a panic will occur. In the future the SDK may create
11078// sub-contexts for http.Requests. See https://golang.org/pkg/context/
11079// for more information on using Contexts.
11080func (c *Organizations) ListRootsPagesWithContext(ctx aws.Context, input *ListRootsInput, fn func(*ListRootsOutput, bool) bool, opts ...request.Option) error {
11081	p := request.Pagination{
11082		NewRequest: func() (*request.Request, error) {
11083			var inCpy *ListRootsInput
11084			if input != nil {
11085				tmp := *input
11086				inCpy = &tmp
11087			}
11088			req, _ := c.ListRootsRequest(inCpy)
11089			req.SetContext(ctx)
11090			req.ApplyOptions(opts...)
11091			return req, nil
11092		},
11093	}
11094
11095	for p.Next() {
11096		if !fn(p.Page().(*ListRootsOutput), !p.HasNextPage()) {
11097			break
11098		}
11099	}
11100
11101	return p.Err()
11102}
11103
11104const opListTagsForResource = "ListTagsForResource"
11105
11106// ListTagsForResourceRequest generates a "aws/request.Request" representing the
11107// client's request for the ListTagsForResource operation. The "output" return
11108// value will be populated with the request's response once the request completes
11109// successfully.
11110//
11111// Use "Send" method on the returned Request to send the API call to the service.
11112// the "output" return value is not valid until after Send returns without error.
11113//
11114// See ListTagsForResource for more information on using the ListTagsForResource
11115// API call, and error handling.
11116//
11117// This method is useful when you want to inject custom logic or configuration
11118// into the SDK's request lifecycle. Such as custom headers, or retry logic.
11119//
11120//
11121//    // Example sending a request using the ListTagsForResourceRequest method.
11122//    req, resp := client.ListTagsForResourceRequest(params)
11123//
11124//    err := req.Send()
11125//    if err == nil { // resp is now filled
11126//        fmt.Println(resp)
11127//    }
11128//
11129// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTagsForResource
11130func (c *Organizations) ListTagsForResourceRequest(input *ListTagsForResourceInput) (req *request.Request, output *ListTagsForResourceOutput) {
11131	op := &request.Operation{
11132		Name:       opListTagsForResource,
11133		HTTPMethod: "POST",
11134		HTTPPath:   "/",
11135		Paginator: &request.Paginator{
11136			InputTokens:     []string{"NextToken"},
11137			OutputTokens:    []string{"NextToken"},
11138			LimitToken:      "",
11139			TruncationToken: "",
11140		},
11141	}
11142
11143	if input == nil {
11144		input = &ListTagsForResourceInput{}
11145	}
11146
11147	output = &ListTagsForResourceOutput{}
11148	req = c.newRequest(op, input, output)
11149	return
11150}
11151
11152// ListTagsForResource API operation for AWS Organizations.
11153//
11154// Lists tags for the specified resource.
11155//
11156// Currently, you can list tags on an account in AWS Organizations.
11157//
11158// This operation can be called only from the organization's master account
11159// or by a member account that is a delegated administrator for an AWS service.
11160//
11161// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
11162// with awserr.Error's Code and Message methods to get detailed information about
11163// the error.
11164//
11165// See the AWS API reference guide for AWS Organizations's
11166// API operation ListTagsForResource for usage and error information.
11167//
11168// Returned Error Types:
11169//   * AccessDeniedException
11170//   You don't have permissions to perform the requested operation. The user or
11171//   role that is making the request must have at least one IAM permissions policy
11172//   attached that grants the required permissions. For more information, see
11173//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
11174//   in the IAM User Guide.
11175//
11176//   * AWSOrganizationsNotInUseException
11177//   Your account isn't a member of an organization. To make this request, you
11178//   must use the credentials of an account that belongs to an organization.
11179//
11180//   * TargetNotFoundException
11181//   We can't find a root, OU, or account with the TargetId that you specified.
11182//
11183//   * InvalidInputException
11184//   The requested operation failed because you provided invalid values for one
11185//   or more of the request parameters. This exception includes a reason that
11186//   contains additional information about the violated limit:
11187//
11188//   Some of the reasons in the following list might not be applicable to this
11189//   specific API or operation.
11190//
11191//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
11192//      can't be modified.
11193//
11194//      * INPUT_REQUIRED: You must include a value for all required parameters.
11195//
11196//      * INVALID_ENUM: You specified an invalid value.
11197//
11198//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
11199//      characters.
11200//
11201//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
11202//      at least one invalid value.
11203//
11204//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
11205//      from the response to a previous call of the operation.
11206//
11207//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
11208//      organization, or email) as a party.
11209//
11210//      * INVALID_PATTERN: You provided a value that doesn't match the required
11211//      pattern.
11212//
11213//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
11214//      match the required pattern.
11215//
11216//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
11217//      name can't begin with the reserved prefix AWSServiceRoleFor.
11218//
11219//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
11220//      Name (ARN) for the organization.
11221//
11222//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
11223//
11224//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
11225//      tag. You can’t add, edit, or delete system tag keys because they're
11226//      reserved for AWS use. System tags don’t count against your tags per
11227//      resource limit.
11228//
11229//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
11230//      for the operation.
11231//
11232//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
11233//      than allowed.
11234//
11235//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
11236//      value than allowed.
11237//
11238//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
11239//      than allowed.
11240//
11241//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
11242//      value than allowed.
11243//
11244//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
11245//      between entities in the same root.
11246//
11247//   * ServiceException
11248//   AWS Organizations can't complete your request because of an internal service
11249//   error. Try again later.
11250//
11251//   * TooManyRequestsException
11252//   You have sent too many requests in too short a period of time. The quota
11253//   helps protect against denial-of-service attacks. Try again later.
11254//
11255//   For information about quotas that affect AWS Organizations, see Quotas for
11256//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
11257//   the AWS Organizations User Guide.
11258//
11259// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTagsForResource
11260func (c *Organizations) ListTagsForResource(input *ListTagsForResourceInput) (*ListTagsForResourceOutput, error) {
11261	req, out := c.ListTagsForResourceRequest(input)
11262	return out, req.Send()
11263}
11264
11265// ListTagsForResourceWithContext is the same as ListTagsForResource with the addition of
11266// the ability to pass a context and additional request options.
11267//
11268// See ListTagsForResource for details on how to use this API operation.
11269//
11270// The context must be non-nil and will be used for request cancellation. If
11271// the context is nil a panic will occur. In the future the SDK may create
11272// sub-contexts for http.Requests. See https://golang.org/pkg/context/
11273// for more information on using Contexts.
11274func (c *Organizations) ListTagsForResourceWithContext(ctx aws.Context, input *ListTagsForResourceInput, opts ...request.Option) (*ListTagsForResourceOutput, error) {
11275	req, out := c.ListTagsForResourceRequest(input)
11276	req.SetContext(ctx)
11277	req.ApplyOptions(opts...)
11278	return out, req.Send()
11279}
11280
11281// ListTagsForResourcePages iterates over the pages of a ListTagsForResource operation,
11282// calling the "fn" function with the response data for each page. To stop
11283// iterating, return false from the fn function.
11284//
11285// See ListTagsForResource method for more information on how to use this operation.
11286//
11287// Note: This operation can generate multiple requests to a service.
11288//
11289//    // Example iterating over at most 3 pages of a ListTagsForResource operation.
11290//    pageNum := 0
11291//    err := client.ListTagsForResourcePages(params,
11292//        func(page *organizations.ListTagsForResourceOutput, lastPage bool) bool {
11293//            pageNum++
11294//            fmt.Println(page)
11295//            return pageNum <= 3
11296//        })
11297//
11298func (c *Organizations) ListTagsForResourcePages(input *ListTagsForResourceInput, fn func(*ListTagsForResourceOutput, bool) bool) error {
11299	return c.ListTagsForResourcePagesWithContext(aws.BackgroundContext(), input, fn)
11300}
11301
11302// ListTagsForResourcePagesWithContext same as ListTagsForResourcePages except
11303// it takes a Context and allows setting request options on the pages.
11304//
11305// The context must be non-nil and will be used for request cancellation. If
11306// the context is nil a panic will occur. In the future the SDK may create
11307// sub-contexts for http.Requests. See https://golang.org/pkg/context/
11308// for more information on using Contexts.
11309func (c *Organizations) ListTagsForResourcePagesWithContext(ctx aws.Context, input *ListTagsForResourceInput, fn func(*ListTagsForResourceOutput, bool) bool, opts ...request.Option) error {
11310	p := request.Pagination{
11311		NewRequest: func() (*request.Request, error) {
11312			var inCpy *ListTagsForResourceInput
11313			if input != nil {
11314				tmp := *input
11315				inCpy = &tmp
11316			}
11317			req, _ := c.ListTagsForResourceRequest(inCpy)
11318			req.SetContext(ctx)
11319			req.ApplyOptions(opts...)
11320			return req, nil
11321		},
11322	}
11323
11324	for p.Next() {
11325		if !fn(p.Page().(*ListTagsForResourceOutput), !p.HasNextPage()) {
11326			break
11327		}
11328	}
11329
11330	return p.Err()
11331}
11332
11333const opListTargetsForPolicy = "ListTargetsForPolicy"
11334
11335// ListTargetsForPolicyRequest generates a "aws/request.Request" representing the
11336// client's request for the ListTargetsForPolicy operation. The "output" return
11337// value will be populated with the request's response once the request completes
11338// successfully.
11339//
11340// Use "Send" method on the returned Request to send the API call to the service.
11341// the "output" return value is not valid until after Send returns without error.
11342//
11343// See ListTargetsForPolicy for more information on using the ListTargetsForPolicy
11344// API call, and error handling.
11345//
11346// This method is useful when you want to inject custom logic or configuration
11347// into the SDK's request lifecycle. Such as custom headers, or retry logic.
11348//
11349//
11350//    // Example sending a request using the ListTargetsForPolicyRequest method.
11351//    req, resp := client.ListTargetsForPolicyRequest(params)
11352//
11353//    err := req.Send()
11354//    if err == nil { // resp is now filled
11355//        fmt.Println(resp)
11356//    }
11357//
11358// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTargetsForPolicy
11359func (c *Organizations) ListTargetsForPolicyRequest(input *ListTargetsForPolicyInput) (req *request.Request, output *ListTargetsForPolicyOutput) {
11360	op := &request.Operation{
11361		Name:       opListTargetsForPolicy,
11362		HTTPMethod: "POST",
11363		HTTPPath:   "/",
11364		Paginator: &request.Paginator{
11365			InputTokens:     []string{"NextToken"},
11366			OutputTokens:    []string{"NextToken"},
11367			LimitToken:      "MaxResults",
11368			TruncationToken: "",
11369		},
11370	}
11371
11372	if input == nil {
11373		input = &ListTargetsForPolicyInput{}
11374	}
11375
11376	output = &ListTargetsForPolicyOutput{}
11377	req = c.newRequest(op, input, output)
11378	return
11379}
11380
11381// ListTargetsForPolicy API operation for AWS Organizations.
11382//
11383// Lists all the roots, organizational units (OUs), and accounts that the specified
11384// policy is attached to.
11385//
11386// Always check the NextToken response parameter for a null value when calling
11387// a List* operation. These operations can occasionally return an empty set
11388// of results even when there are more results available. The NextToken response
11389// parameter value is null only when there are no more results to display.
11390//
11391// This operation can be called only from the organization's master account
11392// or by a member account that is a delegated administrator for an AWS service.
11393//
11394// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
11395// with awserr.Error's Code and Message methods to get detailed information about
11396// the error.
11397//
11398// See the AWS API reference guide for AWS Organizations's
11399// API operation ListTargetsForPolicy for usage and error information.
11400//
11401// Returned Error Types:
11402//   * AccessDeniedException
11403//   You don't have permissions to perform the requested operation. The user or
11404//   role that is making the request must have at least one IAM permissions policy
11405//   attached that grants the required permissions. For more information, see
11406//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
11407//   in the IAM User Guide.
11408//
11409//   * AWSOrganizationsNotInUseException
11410//   Your account isn't a member of an organization. To make this request, you
11411//   must use the credentials of an account that belongs to an organization.
11412//
11413//   * InvalidInputException
11414//   The requested operation failed because you provided invalid values for one
11415//   or more of the request parameters. This exception includes a reason that
11416//   contains additional information about the violated limit:
11417//
11418//   Some of the reasons in the following list might not be applicable to this
11419//   specific API or operation.
11420//
11421//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
11422//      can't be modified.
11423//
11424//      * INPUT_REQUIRED: You must include a value for all required parameters.
11425//
11426//      * INVALID_ENUM: You specified an invalid value.
11427//
11428//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
11429//      characters.
11430//
11431//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
11432//      at least one invalid value.
11433//
11434//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
11435//      from the response to a previous call of the operation.
11436//
11437//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
11438//      organization, or email) as a party.
11439//
11440//      * INVALID_PATTERN: You provided a value that doesn't match the required
11441//      pattern.
11442//
11443//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
11444//      match the required pattern.
11445//
11446//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
11447//      name can't begin with the reserved prefix AWSServiceRoleFor.
11448//
11449//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
11450//      Name (ARN) for the organization.
11451//
11452//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
11453//
11454//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
11455//      tag. You can’t add, edit, or delete system tag keys because they're
11456//      reserved for AWS use. System tags don’t count against your tags per
11457//      resource limit.
11458//
11459//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
11460//      for the operation.
11461//
11462//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
11463//      than allowed.
11464//
11465//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
11466//      value than allowed.
11467//
11468//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
11469//      than allowed.
11470//
11471//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
11472//      value than allowed.
11473//
11474//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
11475//      between entities in the same root.
11476//
11477//   * PolicyNotFoundException
11478//   We can't find a policy with the PolicyId that you specified.
11479//
11480//   * ServiceException
11481//   AWS Organizations can't complete your request because of an internal service
11482//   error. Try again later.
11483//
11484//   * TooManyRequestsException
11485//   You have sent too many requests in too short a period of time. The quota
11486//   helps protect against denial-of-service attacks. Try again later.
11487//
11488//   For information about quotas that affect AWS Organizations, see Quotas for
11489//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
11490//   the AWS Organizations User Guide.
11491//
11492//   * UnsupportedAPIEndpointException
11493//   This action isn't available in the current AWS Region.
11494//
11495// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTargetsForPolicy
11496func (c *Organizations) ListTargetsForPolicy(input *ListTargetsForPolicyInput) (*ListTargetsForPolicyOutput, error) {
11497	req, out := c.ListTargetsForPolicyRequest(input)
11498	return out, req.Send()
11499}
11500
11501// ListTargetsForPolicyWithContext is the same as ListTargetsForPolicy with the addition of
11502// the ability to pass a context and additional request options.
11503//
11504// See ListTargetsForPolicy for details on how to use this API operation.
11505//
11506// The context must be non-nil and will be used for request cancellation. If
11507// the context is nil a panic will occur. In the future the SDK may create
11508// sub-contexts for http.Requests. See https://golang.org/pkg/context/
11509// for more information on using Contexts.
11510func (c *Organizations) ListTargetsForPolicyWithContext(ctx aws.Context, input *ListTargetsForPolicyInput, opts ...request.Option) (*ListTargetsForPolicyOutput, error) {
11511	req, out := c.ListTargetsForPolicyRequest(input)
11512	req.SetContext(ctx)
11513	req.ApplyOptions(opts...)
11514	return out, req.Send()
11515}
11516
11517// ListTargetsForPolicyPages iterates over the pages of a ListTargetsForPolicy operation,
11518// calling the "fn" function with the response data for each page. To stop
11519// iterating, return false from the fn function.
11520//
11521// See ListTargetsForPolicy method for more information on how to use this operation.
11522//
11523// Note: This operation can generate multiple requests to a service.
11524//
11525//    // Example iterating over at most 3 pages of a ListTargetsForPolicy operation.
11526//    pageNum := 0
11527//    err := client.ListTargetsForPolicyPages(params,
11528//        func(page *organizations.ListTargetsForPolicyOutput, lastPage bool) bool {
11529//            pageNum++
11530//            fmt.Println(page)
11531//            return pageNum <= 3
11532//        })
11533//
11534func (c *Organizations) ListTargetsForPolicyPages(input *ListTargetsForPolicyInput, fn func(*ListTargetsForPolicyOutput, bool) bool) error {
11535	return c.ListTargetsForPolicyPagesWithContext(aws.BackgroundContext(), input, fn)
11536}
11537
11538// ListTargetsForPolicyPagesWithContext same as ListTargetsForPolicyPages except
11539// it takes a Context and allows setting request options on the pages.
11540//
11541// The context must be non-nil and will be used for request cancellation. If
11542// the context is nil a panic will occur. In the future the SDK may create
11543// sub-contexts for http.Requests. See https://golang.org/pkg/context/
11544// for more information on using Contexts.
11545func (c *Organizations) ListTargetsForPolicyPagesWithContext(ctx aws.Context, input *ListTargetsForPolicyInput, fn func(*ListTargetsForPolicyOutput, bool) bool, opts ...request.Option) error {
11546	p := request.Pagination{
11547		NewRequest: func() (*request.Request, error) {
11548			var inCpy *ListTargetsForPolicyInput
11549			if input != nil {
11550				tmp := *input
11551				inCpy = &tmp
11552			}
11553			req, _ := c.ListTargetsForPolicyRequest(inCpy)
11554			req.SetContext(ctx)
11555			req.ApplyOptions(opts...)
11556			return req, nil
11557		},
11558	}
11559
11560	for p.Next() {
11561		if !fn(p.Page().(*ListTargetsForPolicyOutput), !p.HasNextPage()) {
11562			break
11563		}
11564	}
11565
11566	return p.Err()
11567}
11568
11569const opMoveAccount = "MoveAccount"
11570
11571// MoveAccountRequest generates a "aws/request.Request" representing the
11572// client's request for the MoveAccount operation. The "output" return
11573// value will be populated with the request's response once the request completes
11574// successfully.
11575//
11576// Use "Send" method on the returned Request to send the API call to the service.
11577// the "output" return value is not valid until after Send returns without error.
11578//
11579// See MoveAccount for more information on using the MoveAccount
11580// API call, and error handling.
11581//
11582// This method is useful when you want to inject custom logic or configuration
11583// into the SDK's request lifecycle. Such as custom headers, or retry logic.
11584//
11585//
11586//    // Example sending a request using the MoveAccountRequest method.
11587//    req, resp := client.MoveAccountRequest(params)
11588//
11589//    err := req.Send()
11590//    if err == nil { // resp is now filled
11591//        fmt.Println(resp)
11592//    }
11593//
11594// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/MoveAccount
11595func (c *Organizations) MoveAccountRequest(input *MoveAccountInput) (req *request.Request, output *MoveAccountOutput) {
11596	op := &request.Operation{
11597		Name:       opMoveAccount,
11598		HTTPMethod: "POST",
11599		HTTPPath:   "/",
11600	}
11601
11602	if input == nil {
11603		input = &MoveAccountInput{}
11604	}
11605
11606	output = &MoveAccountOutput{}
11607	req = c.newRequest(op, input, output)
11608	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
11609	return
11610}
11611
11612// MoveAccount API operation for AWS Organizations.
11613//
11614// Moves an account from its current source parent root or organizational unit
11615// (OU) to the specified destination parent root or OU.
11616//
11617// This operation can be called only from the organization's master account.
11618//
11619// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
11620// with awserr.Error's Code and Message methods to get detailed information about
11621// the error.
11622//
11623// See the AWS API reference guide for AWS Organizations's
11624// API operation MoveAccount for usage and error information.
11625//
11626// Returned Error Types:
11627//   * AccessDeniedException
11628//   You don't have permissions to perform the requested operation. The user or
11629//   role that is making the request must have at least one IAM permissions policy
11630//   attached that grants the required permissions. For more information, see
11631//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
11632//   in the IAM User Guide.
11633//
11634//   * InvalidInputException
11635//   The requested operation failed because you provided invalid values for one
11636//   or more of the request parameters. This exception includes a reason that
11637//   contains additional information about the violated limit:
11638//
11639//   Some of the reasons in the following list might not be applicable to this
11640//   specific API or operation.
11641//
11642//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
11643//      can't be modified.
11644//
11645//      * INPUT_REQUIRED: You must include a value for all required parameters.
11646//
11647//      * INVALID_ENUM: You specified an invalid value.
11648//
11649//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
11650//      characters.
11651//
11652//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
11653//      at least one invalid value.
11654//
11655//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
11656//      from the response to a previous call of the operation.
11657//
11658//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
11659//      organization, or email) as a party.
11660//
11661//      * INVALID_PATTERN: You provided a value that doesn't match the required
11662//      pattern.
11663//
11664//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
11665//      match the required pattern.
11666//
11667//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
11668//      name can't begin with the reserved prefix AWSServiceRoleFor.
11669//
11670//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
11671//      Name (ARN) for the organization.
11672//
11673//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
11674//
11675//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
11676//      tag. You can’t add, edit, or delete system tag keys because they're
11677//      reserved for AWS use. System tags don’t count against your tags per
11678//      resource limit.
11679//
11680//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
11681//      for the operation.
11682//
11683//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
11684//      than allowed.
11685//
11686//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
11687//      value than allowed.
11688//
11689//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
11690//      than allowed.
11691//
11692//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
11693//      value than allowed.
11694//
11695//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
11696//      between entities in the same root.
11697//
11698//   * SourceParentNotFoundException
11699//   We can't find a source root or OU with the ParentId that you specified.
11700//
11701//   * DestinationParentNotFoundException
11702//   We can't find the destination container (a root or OU) with the ParentId
11703//   that you specified.
11704//
11705//   * DuplicateAccountException
11706//   That account is already present in the specified destination.
11707//
11708//   * AccountNotFoundException
11709//   We can't find an AWS account with the AccountId that you specified, or the
11710//   account whose credentials you used to make this request isn't a member of
11711//   an organization.
11712//
11713//   * TooManyRequestsException
11714//   You have sent too many requests in too short a period of time. The quota
11715//   helps protect against denial-of-service attacks. Try again later.
11716//
11717//   For information about quotas that affect AWS Organizations, see Quotas for
11718//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
11719//   the AWS Organizations User Guide.
11720//
11721//   * ConcurrentModificationException
11722//   The target of the operation is currently being modified by a different request.
11723//   Try again later.
11724//
11725//   * AWSOrganizationsNotInUseException
11726//   Your account isn't a member of an organization. To make this request, you
11727//   must use the credentials of an account that belongs to an organization.
11728//
11729//   * ServiceException
11730//   AWS Organizations can't complete your request because of an internal service
11731//   error. Try again later.
11732//
11733// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/MoveAccount
11734func (c *Organizations) MoveAccount(input *MoveAccountInput) (*MoveAccountOutput, error) {
11735	req, out := c.MoveAccountRequest(input)
11736	return out, req.Send()
11737}
11738
11739// MoveAccountWithContext is the same as MoveAccount with the addition of
11740// the ability to pass a context and additional request options.
11741//
11742// See MoveAccount for details on how to use this API operation.
11743//
11744// The context must be non-nil and will be used for request cancellation. If
11745// the context is nil a panic will occur. In the future the SDK may create
11746// sub-contexts for http.Requests. See https://golang.org/pkg/context/
11747// for more information on using Contexts.
11748func (c *Organizations) MoveAccountWithContext(ctx aws.Context, input *MoveAccountInput, opts ...request.Option) (*MoveAccountOutput, error) {
11749	req, out := c.MoveAccountRequest(input)
11750	req.SetContext(ctx)
11751	req.ApplyOptions(opts...)
11752	return out, req.Send()
11753}
11754
11755const opRegisterDelegatedAdministrator = "RegisterDelegatedAdministrator"
11756
11757// RegisterDelegatedAdministratorRequest generates a "aws/request.Request" representing the
11758// client's request for the RegisterDelegatedAdministrator operation. The "output" return
11759// value will be populated with the request's response once the request completes
11760// successfully.
11761//
11762// Use "Send" method on the returned Request to send the API call to the service.
11763// the "output" return value is not valid until after Send returns without error.
11764//
11765// See RegisterDelegatedAdministrator for more information on using the RegisterDelegatedAdministrator
11766// API call, and error handling.
11767//
11768// This method is useful when you want to inject custom logic or configuration
11769// into the SDK's request lifecycle. Such as custom headers, or retry logic.
11770//
11771//
11772//    // Example sending a request using the RegisterDelegatedAdministratorRequest method.
11773//    req, resp := client.RegisterDelegatedAdministratorRequest(params)
11774//
11775//    err := req.Send()
11776//    if err == nil { // resp is now filled
11777//        fmt.Println(resp)
11778//    }
11779//
11780// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RegisterDelegatedAdministrator
11781func (c *Organizations) RegisterDelegatedAdministratorRequest(input *RegisterDelegatedAdministratorInput) (req *request.Request, output *RegisterDelegatedAdministratorOutput) {
11782	op := &request.Operation{
11783		Name:       opRegisterDelegatedAdministrator,
11784		HTTPMethod: "POST",
11785		HTTPPath:   "/",
11786	}
11787
11788	if input == nil {
11789		input = &RegisterDelegatedAdministratorInput{}
11790	}
11791
11792	output = &RegisterDelegatedAdministratorOutput{}
11793	req = c.newRequest(op, input, output)
11794	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
11795	return
11796}
11797
11798// RegisterDelegatedAdministrator API operation for AWS Organizations.
11799//
11800// Enables the specified member account to administer the Organizations features
11801// of the specified AWS service. It grants read-only access to AWS Organizations
11802// service data. The account still requires IAM permissions to access and administer
11803// the AWS service.
11804//
11805// You can run this action only for AWS services that support this feature.
11806// For a current list of services that support it, see the column Supports Delegated
11807// Administrator in the table at AWS Services that you can use with AWS Organizations
11808// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrated-services-list.html)
11809// in the AWS Organizations User Guide.
11810//
11811// This operation can be called only from the organization's master account.
11812//
11813// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
11814// with awserr.Error's Code and Message methods to get detailed information about
11815// the error.
11816//
11817// See the AWS API reference guide for AWS Organizations's
11818// API operation RegisterDelegatedAdministrator for usage and error information.
11819//
11820// Returned Error Types:
11821//   * AccessDeniedException
11822//   You don't have permissions to perform the requested operation. The user or
11823//   role that is making the request must have at least one IAM permissions policy
11824//   attached that grants the required permissions. For more information, see
11825//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
11826//   in the IAM User Guide.
11827//
11828//   * AccountAlreadyRegisteredException
11829//   The specified account is already a delegated administrator for this AWS service.
11830//
11831//   * AccountNotFoundException
11832//   We can't find an AWS account with the AccountId that you specified, or the
11833//   account whose credentials you used to make this request isn't a member of
11834//   an organization.
11835//
11836//   * AWSOrganizationsNotInUseException
11837//   Your account isn't a member of an organization. To make this request, you
11838//   must use the credentials of an account that belongs to an organization.
11839//
11840//   * ConcurrentModificationException
11841//   The target of the operation is currently being modified by a different request.
11842//   Try again later.
11843//
11844//   * ConstraintViolationException
11845//   Performing this operation violates a minimum or maximum value limit. For
11846//   example, attempting to remove the last service control policy (SCP) from
11847//   an OU or root, inviting or creating too many accounts to the organization,
11848//   or attaching too many policies to an account, OU, or root. This exception
11849//   includes a reason that contains additional information about the violated
11850//   limit:
11851//
11852//   Some of the reasons in the following list might not be applicable to this
11853//   specific API or operation.
11854//
11855//      * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master
11856//      account from the organization. You can't remove the master account. Instead,
11857//      after you remove all member accounts, delete the organization itself.
11858//
11859//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
11860//      from the organization that doesn't yet have enough information to exist
11861//      as a standalone account. This account requires you to first agree to the
11862//      AWS Customer Agreement. Follow the steps at Removing a member account
11863//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
11864//      the AWS Organizations User Guide.
11865//
11866//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
11867//      an account from the organization that doesn't yet have enough information
11868//      to exist as a standalone account. This account requires you to first complete
11869//      phone verification. Follow the steps at Removing a member account from
11870//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
11871//      in the AWS Organizations User Guide.
11872//
11873//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
11874//      of accounts that you can create in one day.
11875//
11876//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
11877//      the number of accounts in an organization. If you need more accounts,
11878//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
11879//      request an increase in your limit. Or the number of invitations that you
11880//      tried to send would cause you to exceed the limit of accounts in your
11881//      organization. Send fewer invitations or contact AWS Support to request
11882//      an increase in the number of accounts. Deleted and closed accounts still
11883//      count toward your limit. If you get this exception when running a command
11884//      immediately after creating the organization, wait one hour and try again.
11885//      After an hour, if the command continues to fail with this error, contact
11886//      AWS Support (https://console.aws.amazon.com/support/home#/).
11887//
11888//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
11889//      register the master account of the organization as a delegated administrator
11890//      for an AWS service integrated with Organizations. You can designate only
11891//      a member account as a delegated administrator.
11892//
11893//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
11894//      an account that is registered as a delegated administrator for a service
11895//      integrated with your organization. To complete this operation, you must
11896//      first deregister this account as a delegated administrator.
11897//
11898//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
11899//      organization in the specified region, you must enable all features mode.
11900//
11901//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
11902//      an AWS account as a delegated administrator for an AWS service that already
11903//      has a delegated administrator. To complete this operation, you must first
11904//      deregister any existing delegated administrators for this service.
11905//
11906//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
11907//      valid for a limited period of time. You must resubmit the request and
11908//      generate a new verfication code.
11909//
11910//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
11911//      handshakes that you can send in one day.
11912//
11913//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
11914//      in this organization, you first must migrate the organization's master
11915//      account to the marketplace that corresponds to the master account's address.
11916//      For example, accounts with India addresses must be associated with the
11917//      AISPL marketplace. All accounts in an organization must be associated
11918//      with the same marketplace.
11919//
11920//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
11921//      in China. To create an organization, the master must have an valid business
11922//      license. For more information, contact customer support.
11923//
11924//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
11925//      must first provide a valid contact address and phone number for the master
11926//      account. Then try the operation again.
11927//
11928//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
11929//      master account must have an associated account in the AWS GovCloud (US-West)
11930//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
11931//      in the AWS GovCloud User Guide.
11932//
11933//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
11934//      with this master account, you first must associate a valid payment instrument,
11935//      such as a credit card, with the account. Follow the steps at To leave
11936//      an organization when all required account information has not yet been
11937//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
11938//      in the AWS Organizations User Guide.
11939//
11940//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
11941//      to register more delegated administrators than allowed for the service
11942//      principal.
11943//
11944//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
11945//      number of policies of a certain type that can be attached to an entity
11946//      at one time.
11947//
11948//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
11949//      on this resource.
11950//
11951//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
11952//      with this member account, you first must associate a valid payment instrument,
11953//      such as a credit card, with the account. Follow the steps at To leave
11954//      an organization when all required account information has not yet been
11955//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
11956//      in the AWS Organizations User Guide.
11957//
11958//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
11959//      policy from an entity that would cause the entity to have fewer than the
11960//      minimum number of policies of a certain type required.
11961//
11962//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
11963//      that requires the organization to be configured to support all features.
11964//      An organization that supports only consolidated billing features can't
11965//      perform this operation.
11966//
11967//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
11968//      too many levels deep.
11969//
11970//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
11971//      that you can have in an organization.
11972//
11973//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
11974//      is larger than the maximum size.
11975//
11976//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
11977//      policies that you can have in an organization.
11978//
11979//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
11980//      tags that are not compliant with the tag policy requirements for this
11981//      account.
11982//
11983//   * InvalidInputException
11984//   The requested operation failed because you provided invalid values for one
11985//   or more of the request parameters. This exception includes a reason that
11986//   contains additional information about the violated limit:
11987//
11988//   Some of the reasons in the following list might not be applicable to this
11989//   specific API or operation.
11990//
11991//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
11992//      can't be modified.
11993//
11994//      * INPUT_REQUIRED: You must include a value for all required parameters.
11995//
11996//      * INVALID_ENUM: You specified an invalid value.
11997//
11998//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
11999//      characters.
12000//
12001//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
12002//      at least one invalid value.
12003//
12004//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
12005//      from the response to a previous call of the operation.
12006//
12007//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
12008//      organization, or email) as a party.
12009//
12010//      * INVALID_PATTERN: You provided a value that doesn't match the required
12011//      pattern.
12012//
12013//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
12014//      match the required pattern.
12015//
12016//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
12017//      name can't begin with the reserved prefix AWSServiceRoleFor.
12018//
12019//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
12020//      Name (ARN) for the organization.
12021//
12022//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
12023//
12024//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
12025//      tag. You can’t add, edit, or delete system tag keys because they're
12026//      reserved for AWS use. System tags don’t count against your tags per
12027//      resource limit.
12028//
12029//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
12030//      for the operation.
12031//
12032//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
12033//      than allowed.
12034//
12035//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
12036//      value than allowed.
12037//
12038//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
12039//      than allowed.
12040//
12041//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
12042//      value than allowed.
12043//
12044//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
12045//      between entities in the same root.
12046//
12047//   * TooManyRequestsException
12048//   You have sent too many requests in too short a period of time. The quota
12049//   helps protect against denial-of-service attacks. Try again later.
12050//
12051//   For information about quotas that affect AWS Organizations, see Quotas for
12052//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
12053//   the AWS Organizations User Guide.
12054//
12055//   * ServiceException
12056//   AWS Organizations can't complete your request because of an internal service
12057//   error. Try again later.
12058//
12059//   * UnsupportedAPIEndpointException
12060//   This action isn't available in the current AWS Region.
12061//
12062// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RegisterDelegatedAdministrator
12063func (c *Organizations) RegisterDelegatedAdministrator(input *RegisterDelegatedAdministratorInput) (*RegisterDelegatedAdministratorOutput, error) {
12064	req, out := c.RegisterDelegatedAdministratorRequest(input)
12065	return out, req.Send()
12066}
12067
12068// RegisterDelegatedAdministratorWithContext is the same as RegisterDelegatedAdministrator with the addition of
12069// the ability to pass a context and additional request options.
12070//
12071// See RegisterDelegatedAdministrator for details on how to use this API operation.
12072//
12073// The context must be non-nil and will be used for request cancellation. If
12074// the context is nil a panic will occur. In the future the SDK may create
12075// sub-contexts for http.Requests. See https://golang.org/pkg/context/
12076// for more information on using Contexts.
12077func (c *Organizations) RegisterDelegatedAdministratorWithContext(ctx aws.Context, input *RegisterDelegatedAdministratorInput, opts ...request.Option) (*RegisterDelegatedAdministratorOutput, error) {
12078	req, out := c.RegisterDelegatedAdministratorRequest(input)
12079	req.SetContext(ctx)
12080	req.ApplyOptions(opts...)
12081	return out, req.Send()
12082}
12083
12084const opRemoveAccountFromOrganization = "RemoveAccountFromOrganization"
12085
12086// RemoveAccountFromOrganizationRequest generates a "aws/request.Request" representing the
12087// client's request for the RemoveAccountFromOrganization operation. The "output" return
12088// value will be populated with the request's response once the request completes
12089// successfully.
12090//
12091// Use "Send" method on the returned Request to send the API call to the service.
12092// the "output" return value is not valid until after Send returns without error.
12093//
12094// See RemoveAccountFromOrganization for more information on using the RemoveAccountFromOrganization
12095// API call, and error handling.
12096//
12097// This method is useful when you want to inject custom logic or configuration
12098// into the SDK's request lifecycle. Such as custom headers, or retry logic.
12099//
12100//
12101//    // Example sending a request using the RemoveAccountFromOrganizationRequest method.
12102//    req, resp := client.RemoveAccountFromOrganizationRequest(params)
12103//
12104//    err := req.Send()
12105//    if err == nil { // resp is now filled
12106//        fmt.Println(resp)
12107//    }
12108//
12109// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RemoveAccountFromOrganization
12110func (c *Organizations) RemoveAccountFromOrganizationRequest(input *RemoveAccountFromOrganizationInput) (req *request.Request, output *RemoveAccountFromOrganizationOutput) {
12111	op := &request.Operation{
12112		Name:       opRemoveAccountFromOrganization,
12113		HTTPMethod: "POST",
12114		HTTPPath:   "/",
12115	}
12116
12117	if input == nil {
12118		input = &RemoveAccountFromOrganizationInput{}
12119	}
12120
12121	output = &RemoveAccountFromOrganizationOutput{}
12122	req = c.newRequest(op, input, output)
12123	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
12124	return
12125}
12126
12127// RemoveAccountFromOrganization API operation for AWS Organizations.
12128//
12129// Removes the specified account from the organization.
12130//
12131// The removed account becomes a standalone account that isn't a member of any
12132// organization. It's no longer subject to any policies and is responsible for
12133// its own bill payments. The organization's master account is no longer charged
12134// for any expenses accrued by the member account after it's removed from the
12135// organization.
12136//
12137// This operation can be called only from the organization's master account.
12138// Member accounts can remove themselves with LeaveOrganization instead.
12139//
12140// You can remove an account from your organization only if the account is configured
12141// with the information required to operate as a standalone account. When you
12142// create an account in an organization using the AWS Organizations console,
12143// API, or CLI commands, the information required of standalone accounts is
12144// not automatically collected. For an account that you want to make standalone,
12145// you must accept the end user license agreement (EULA), choose a support plan,
12146// provide and verify the required contact information, and provide a current
12147// payment method. AWS uses the payment method to charge for any billable (not
12148// free tier) AWS activity that occurs while the account isn't attached to an
12149// organization. To remove an account that doesn't yet have this information,
12150// you must sign in as the member account and follow the steps at To leave an
12151// organization when all required account information has not yet been provided
12152// (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
12153// in the AWS Organizations User Guide.
12154//
12155// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
12156// with awserr.Error's Code and Message methods to get detailed information about
12157// the error.
12158//
12159// See the AWS API reference guide for AWS Organizations's
12160// API operation RemoveAccountFromOrganization for usage and error information.
12161//
12162// Returned Error Types:
12163//   * AccessDeniedException
12164//   You don't have permissions to perform the requested operation. The user or
12165//   role that is making the request must have at least one IAM permissions policy
12166//   attached that grants the required permissions. For more information, see
12167//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
12168//   in the IAM User Guide.
12169//
12170//   * AccountNotFoundException
12171//   We can't find an AWS account with the AccountId that you specified, or the
12172//   account whose credentials you used to make this request isn't a member of
12173//   an organization.
12174//
12175//   * AWSOrganizationsNotInUseException
12176//   Your account isn't a member of an organization. To make this request, you
12177//   must use the credentials of an account that belongs to an organization.
12178//
12179//   * ConcurrentModificationException
12180//   The target of the operation is currently being modified by a different request.
12181//   Try again later.
12182//
12183//   * ConstraintViolationException
12184//   Performing this operation violates a minimum or maximum value limit. For
12185//   example, attempting to remove the last service control policy (SCP) from
12186//   an OU or root, inviting or creating too many accounts to the organization,
12187//   or attaching too many policies to an account, OU, or root. This exception
12188//   includes a reason that contains additional information about the violated
12189//   limit:
12190//
12191//   Some of the reasons in the following list might not be applicable to this
12192//   specific API or operation.
12193//
12194//      * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master
12195//      account from the organization. You can't remove the master account. Instead,
12196//      after you remove all member accounts, delete the organization itself.
12197//
12198//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
12199//      from the organization that doesn't yet have enough information to exist
12200//      as a standalone account. This account requires you to first agree to the
12201//      AWS Customer Agreement. Follow the steps at Removing a member account
12202//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
12203//      the AWS Organizations User Guide.
12204//
12205//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
12206//      an account from the organization that doesn't yet have enough information
12207//      to exist as a standalone account. This account requires you to first complete
12208//      phone verification. Follow the steps at Removing a member account from
12209//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
12210//      in the AWS Organizations User Guide.
12211//
12212//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
12213//      of accounts that you can create in one day.
12214//
12215//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
12216//      the number of accounts in an organization. If you need more accounts,
12217//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
12218//      request an increase in your limit. Or the number of invitations that you
12219//      tried to send would cause you to exceed the limit of accounts in your
12220//      organization. Send fewer invitations or contact AWS Support to request
12221//      an increase in the number of accounts. Deleted and closed accounts still
12222//      count toward your limit. If you get this exception when running a command
12223//      immediately after creating the organization, wait one hour and try again.
12224//      After an hour, if the command continues to fail with this error, contact
12225//      AWS Support (https://console.aws.amazon.com/support/home#/).
12226//
12227//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
12228//      register the master account of the organization as a delegated administrator
12229//      for an AWS service integrated with Organizations. You can designate only
12230//      a member account as a delegated administrator.
12231//
12232//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
12233//      an account that is registered as a delegated administrator for a service
12234//      integrated with your organization. To complete this operation, you must
12235//      first deregister this account as a delegated administrator.
12236//
12237//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
12238//      organization in the specified region, you must enable all features mode.
12239//
12240//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
12241//      an AWS account as a delegated administrator for an AWS service that already
12242//      has a delegated administrator. To complete this operation, you must first
12243//      deregister any existing delegated administrators for this service.
12244//
12245//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
12246//      valid for a limited period of time. You must resubmit the request and
12247//      generate a new verfication code.
12248//
12249//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
12250//      handshakes that you can send in one day.
12251//
12252//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
12253//      in this organization, you first must migrate the organization's master
12254//      account to the marketplace that corresponds to the master account's address.
12255//      For example, accounts with India addresses must be associated with the
12256//      AISPL marketplace. All accounts in an organization must be associated
12257//      with the same marketplace.
12258//
12259//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
12260//      in China. To create an organization, the master must have an valid business
12261//      license. For more information, contact customer support.
12262//
12263//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
12264//      must first provide a valid contact address and phone number for the master
12265//      account. Then try the operation again.
12266//
12267//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
12268//      master account must have an associated account in the AWS GovCloud (US-West)
12269//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
12270//      in the AWS GovCloud User Guide.
12271//
12272//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
12273//      with this master account, you first must associate a valid payment instrument,
12274//      such as a credit card, with the account. Follow the steps at To leave
12275//      an organization when all required account information has not yet been
12276//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
12277//      in the AWS Organizations User Guide.
12278//
12279//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
12280//      to register more delegated administrators than allowed for the service
12281//      principal.
12282//
12283//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
12284//      number of policies of a certain type that can be attached to an entity
12285//      at one time.
12286//
12287//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
12288//      on this resource.
12289//
12290//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
12291//      with this member account, you first must associate a valid payment instrument,
12292//      such as a credit card, with the account. Follow the steps at To leave
12293//      an organization when all required account information has not yet been
12294//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
12295//      in the AWS Organizations User Guide.
12296//
12297//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
12298//      policy from an entity that would cause the entity to have fewer than the
12299//      minimum number of policies of a certain type required.
12300//
12301//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
12302//      that requires the organization to be configured to support all features.
12303//      An organization that supports only consolidated billing features can't
12304//      perform this operation.
12305//
12306//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
12307//      too many levels deep.
12308//
12309//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
12310//      that you can have in an organization.
12311//
12312//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
12313//      is larger than the maximum size.
12314//
12315//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
12316//      policies that you can have in an organization.
12317//
12318//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
12319//      tags that are not compliant with the tag policy requirements for this
12320//      account.
12321//
12322//   * InvalidInputException
12323//   The requested operation failed because you provided invalid values for one
12324//   or more of the request parameters. This exception includes a reason that
12325//   contains additional information about the violated limit:
12326//
12327//   Some of the reasons in the following list might not be applicable to this
12328//   specific API or operation.
12329//
12330//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
12331//      can't be modified.
12332//
12333//      * INPUT_REQUIRED: You must include a value for all required parameters.
12334//
12335//      * INVALID_ENUM: You specified an invalid value.
12336//
12337//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
12338//      characters.
12339//
12340//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
12341//      at least one invalid value.
12342//
12343//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
12344//      from the response to a previous call of the operation.
12345//
12346//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
12347//      organization, or email) as a party.
12348//
12349//      * INVALID_PATTERN: You provided a value that doesn't match the required
12350//      pattern.
12351//
12352//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
12353//      match the required pattern.
12354//
12355//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
12356//      name can't begin with the reserved prefix AWSServiceRoleFor.
12357//
12358//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
12359//      Name (ARN) for the organization.
12360//
12361//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
12362//
12363//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
12364//      tag. You can’t add, edit, or delete system tag keys because they're
12365//      reserved for AWS use. System tags don’t count against your tags per
12366//      resource limit.
12367//
12368//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
12369//      for the operation.
12370//
12371//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
12372//      than allowed.
12373//
12374//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
12375//      value than allowed.
12376//
12377//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
12378//      than allowed.
12379//
12380//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
12381//      value than allowed.
12382//
12383//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
12384//      between entities in the same root.
12385//
12386//   * MasterCannotLeaveOrganizationException
12387//   You can't remove a master account from an organization. If you want the master
12388//   account to become a member account in another organization, you must first
12389//   delete the current organization of the master account.
12390//
12391//   * ServiceException
12392//   AWS Organizations can't complete your request because of an internal service
12393//   error. Try again later.
12394//
12395//   * TooManyRequestsException
12396//   You have sent too many requests in too short a period of time. The quota
12397//   helps protect against denial-of-service attacks. Try again later.
12398//
12399//   For information about quotas that affect AWS Organizations, see Quotas for
12400//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
12401//   the AWS Organizations User Guide.
12402//
12403// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RemoveAccountFromOrganization
12404func (c *Organizations) RemoveAccountFromOrganization(input *RemoveAccountFromOrganizationInput) (*RemoveAccountFromOrganizationOutput, error) {
12405	req, out := c.RemoveAccountFromOrganizationRequest(input)
12406	return out, req.Send()
12407}
12408
12409// RemoveAccountFromOrganizationWithContext is the same as RemoveAccountFromOrganization with the addition of
12410// the ability to pass a context and additional request options.
12411//
12412// See RemoveAccountFromOrganization for details on how to use this API operation.
12413//
12414// The context must be non-nil and will be used for request cancellation. If
12415// the context is nil a panic will occur. In the future the SDK may create
12416// sub-contexts for http.Requests. See https://golang.org/pkg/context/
12417// for more information on using Contexts.
12418func (c *Organizations) RemoveAccountFromOrganizationWithContext(ctx aws.Context, input *RemoveAccountFromOrganizationInput, opts ...request.Option) (*RemoveAccountFromOrganizationOutput, error) {
12419	req, out := c.RemoveAccountFromOrganizationRequest(input)
12420	req.SetContext(ctx)
12421	req.ApplyOptions(opts...)
12422	return out, req.Send()
12423}
12424
12425const opTagResource = "TagResource"
12426
12427// TagResourceRequest generates a "aws/request.Request" representing the
12428// client's request for the TagResource operation. The "output" return
12429// value will be populated with the request's response once the request completes
12430// successfully.
12431//
12432// Use "Send" method on the returned Request to send the API call to the service.
12433// the "output" return value is not valid until after Send returns without error.
12434//
12435// See TagResource for more information on using the TagResource
12436// API call, and error handling.
12437//
12438// This method is useful when you want to inject custom logic or configuration
12439// into the SDK's request lifecycle. Such as custom headers, or retry logic.
12440//
12441//
12442//    // Example sending a request using the TagResourceRequest method.
12443//    req, resp := client.TagResourceRequest(params)
12444//
12445//    err := req.Send()
12446//    if err == nil { // resp is now filled
12447//        fmt.Println(resp)
12448//    }
12449//
12450// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/TagResource
12451func (c *Organizations) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) {
12452	op := &request.Operation{
12453		Name:       opTagResource,
12454		HTTPMethod: "POST",
12455		HTTPPath:   "/",
12456	}
12457
12458	if input == nil {
12459		input = &TagResourceInput{}
12460	}
12461
12462	output = &TagResourceOutput{}
12463	req = c.newRequest(op, input, output)
12464	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
12465	return
12466}
12467
12468// TagResource API operation for AWS Organizations.
12469//
12470// Adds one or more tags to the specified resource.
12471//
12472// Currently, you can tag and untag accounts in AWS Organizations.
12473//
12474// This operation can be called only from the organization's master account.
12475//
12476// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
12477// with awserr.Error's Code and Message methods to get detailed information about
12478// the error.
12479//
12480// See the AWS API reference guide for AWS Organizations's
12481// API operation TagResource for usage and error information.
12482//
12483// Returned Error Types:
12484//   * AccessDeniedException
12485//   You don't have permissions to perform the requested operation. The user or
12486//   role that is making the request must have at least one IAM permissions policy
12487//   attached that grants the required permissions. For more information, see
12488//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
12489//   in the IAM User Guide.
12490//
12491//   * ConcurrentModificationException
12492//   The target of the operation is currently being modified by a different request.
12493//   Try again later.
12494//
12495//   * AWSOrganizationsNotInUseException
12496//   Your account isn't a member of an organization. To make this request, you
12497//   must use the credentials of an account that belongs to an organization.
12498//
12499//   * TargetNotFoundException
12500//   We can't find a root, OU, or account with the TargetId that you specified.
12501//
12502//   * ConstraintViolationException
12503//   Performing this operation violates a minimum or maximum value limit. For
12504//   example, attempting to remove the last service control policy (SCP) from
12505//   an OU or root, inviting or creating too many accounts to the organization,
12506//   or attaching too many policies to an account, OU, or root. This exception
12507//   includes a reason that contains additional information about the violated
12508//   limit:
12509//
12510//   Some of the reasons in the following list might not be applicable to this
12511//   specific API or operation.
12512//
12513//      * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master
12514//      account from the organization. You can't remove the master account. Instead,
12515//      after you remove all member accounts, delete the organization itself.
12516//
12517//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
12518//      from the organization that doesn't yet have enough information to exist
12519//      as a standalone account. This account requires you to first agree to the
12520//      AWS Customer Agreement. Follow the steps at Removing a member account
12521//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
12522//      the AWS Organizations User Guide.
12523//
12524//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
12525//      an account from the organization that doesn't yet have enough information
12526//      to exist as a standalone account. This account requires you to first complete
12527//      phone verification. Follow the steps at Removing a member account from
12528//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
12529//      in the AWS Organizations User Guide.
12530//
12531//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
12532//      of accounts that you can create in one day.
12533//
12534//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
12535//      the number of accounts in an organization. If you need more accounts,
12536//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
12537//      request an increase in your limit. Or the number of invitations that you
12538//      tried to send would cause you to exceed the limit of accounts in your
12539//      organization. Send fewer invitations or contact AWS Support to request
12540//      an increase in the number of accounts. Deleted and closed accounts still
12541//      count toward your limit. If you get this exception when running a command
12542//      immediately after creating the organization, wait one hour and try again.
12543//      After an hour, if the command continues to fail with this error, contact
12544//      AWS Support (https://console.aws.amazon.com/support/home#/).
12545//
12546//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
12547//      register the master account of the organization as a delegated administrator
12548//      for an AWS service integrated with Organizations. You can designate only
12549//      a member account as a delegated administrator.
12550//
12551//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
12552//      an account that is registered as a delegated administrator for a service
12553//      integrated with your organization. To complete this operation, you must
12554//      first deregister this account as a delegated administrator.
12555//
12556//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
12557//      organization in the specified region, you must enable all features mode.
12558//
12559//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
12560//      an AWS account as a delegated administrator for an AWS service that already
12561//      has a delegated administrator. To complete this operation, you must first
12562//      deregister any existing delegated administrators for this service.
12563//
12564//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
12565//      valid for a limited period of time. You must resubmit the request and
12566//      generate a new verfication code.
12567//
12568//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
12569//      handshakes that you can send in one day.
12570//
12571//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
12572//      in this organization, you first must migrate the organization's master
12573//      account to the marketplace that corresponds to the master account's address.
12574//      For example, accounts with India addresses must be associated with the
12575//      AISPL marketplace. All accounts in an organization must be associated
12576//      with the same marketplace.
12577//
12578//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
12579//      in China. To create an organization, the master must have an valid business
12580//      license. For more information, contact customer support.
12581//
12582//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
12583//      must first provide a valid contact address and phone number for the master
12584//      account. Then try the operation again.
12585//
12586//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
12587//      master account must have an associated account in the AWS GovCloud (US-West)
12588//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
12589//      in the AWS GovCloud User Guide.
12590//
12591//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
12592//      with this master account, you first must associate a valid payment instrument,
12593//      such as a credit card, with the account. Follow the steps at To leave
12594//      an organization when all required account information has not yet been
12595//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
12596//      in the AWS Organizations User Guide.
12597//
12598//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
12599//      to register more delegated administrators than allowed for the service
12600//      principal.
12601//
12602//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
12603//      number of policies of a certain type that can be attached to an entity
12604//      at one time.
12605//
12606//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
12607//      on this resource.
12608//
12609//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
12610//      with this member account, you first must associate a valid payment instrument,
12611//      such as a credit card, with the account. Follow the steps at To leave
12612//      an organization when all required account information has not yet been
12613//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
12614//      in the AWS Organizations User Guide.
12615//
12616//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
12617//      policy from an entity that would cause the entity to have fewer than the
12618//      minimum number of policies of a certain type required.
12619//
12620//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
12621//      that requires the organization to be configured to support all features.
12622//      An organization that supports only consolidated billing features can't
12623//      perform this operation.
12624//
12625//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
12626//      too many levels deep.
12627//
12628//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
12629//      that you can have in an organization.
12630//
12631//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
12632//      is larger than the maximum size.
12633//
12634//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
12635//      policies that you can have in an organization.
12636//
12637//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
12638//      tags that are not compliant with the tag policy requirements for this
12639//      account.
12640//
12641//   * InvalidInputException
12642//   The requested operation failed because you provided invalid values for one
12643//   or more of the request parameters. This exception includes a reason that
12644//   contains additional information about the violated limit:
12645//
12646//   Some of the reasons in the following list might not be applicable to this
12647//   specific API or operation.
12648//
12649//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
12650//      can't be modified.
12651//
12652//      * INPUT_REQUIRED: You must include a value for all required parameters.
12653//
12654//      * INVALID_ENUM: You specified an invalid value.
12655//
12656//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
12657//      characters.
12658//
12659//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
12660//      at least one invalid value.
12661//
12662//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
12663//      from the response to a previous call of the operation.
12664//
12665//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
12666//      organization, or email) as a party.
12667//
12668//      * INVALID_PATTERN: You provided a value that doesn't match the required
12669//      pattern.
12670//
12671//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
12672//      match the required pattern.
12673//
12674//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
12675//      name can't begin with the reserved prefix AWSServiceRoleFor.
12676//
12677//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
12678//      Name (ARN) for the organization.
12679//
12680//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
12681//
12682//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
12683//      tag. You can’t add, edit, or delete system tag keys because they're
12684//      reserved for AWS use. System tags don’t count against your tags per
12685//      resource limit.
12686//
12687//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
12688//      for the operation.
12689//
12690//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
12691//      than allowed.
12692//
12693//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
12694//      value than allowed.
12695//
12696//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
12697//      than allowed.
12698//
12699//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
12700//      value than allowed.
12701//
12702//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
12703//      between entities in the same root.
12704//
12705//   * ServiceException
12706//   AWS Organizations can't complete your request because of an internal service
12707//   error. Try again later.
12708//
12709//   * TooManyRequestsException
12710//   You have sent too many requests in too short a period of time. The quota
12711//   helps protect against denial-of-service attacks. Try again later.
12712//
12713//   For information about quotas that affect AWS Organizations, see Quotas for
12714//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
12715//   the AWS Organizations User Guide.
12716//
12717// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/TagResource
12718func (c *Organizations) TagResource(input *TagResourceInput) (*TagResourceOutput, error) {
12719	req, out := c.TagResourceRequest(input)
12720	return out, req.Send()
12721}
12722
12723// TagResourceWithContext is the same as TagResource with the addition of
12724// the ability to pass a context and additional request options.
12725//
12726// See TagResource for details on how to use this API operation.
12727//
12728// The context must be non-nil and will be used for request cancellation. If
12729// the context is nil a panic will occur. In the future the SDK may create
12730// sub-contexts for http.Requests. See https://golang.org/pkg/context/
12731// for more information on using Contexts.
12732func (c *Organizations) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) {
12733	req, out := c.TagResourceRequest(input)
12734	req.SetContext(ctx)
12735	req.ApplyOptions(opts...)
12736	return out, req.Send()
12737}
12738
12739const opUntagResource = "UntagResource"
12740
12741// UntagResourceRequest generates a "aws/request.Request" representing the
12742// client's request for the UntagResource operation. The "output" return
12743// value will be populated with the request's response once the request completes
12744// successfully.
12745//
12746// Use "Send" method on the returned Request to send the API call to the service.
12747// the "output" return value is not valid until after Send returns without error.
12748//
12749// See UntagResource for more information on using the UntagResource
12750// API call, and error handling.
12751//
12752// This method is useful when you want to inject custom logic or configuration
12753// into the SDK's request lifecycle. Such as custom headers, or retry logic.
12754//
12755//
12756//    // Example sending a request using the UntagResourceRequest method.
12757//    req, resp := client.UntagResourceRequest(params)
12758//
12759//    err := req.Send()
12760//    if err == nil { // resp is now filled
12761//        fmt.Println(resp)
12762//    }
12763//
12764// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UntagResource
12765func (c *Organizations) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) {
12766	op := &request.Operation{
12767		Name:       opUntagResource,
12768		HTTPMethod: "POST",
12769		HTTPPath:   "/",
12770	}
12771
12772	if input == nil {
12773		input = &UntagResourceInput{}
12774	}
12775
12776	output = &UntagResourceOutput{}
12777	req = c.newRequest(op, input, output)
12778	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
12779	return
12780}
12781
12782// UntagResource API operation for AWS Organizations.
12783//
12784// Removes a tag from the specified resource.
12785//
12786// Currently, you can tag and untag accounts in AWS Organizations.
12787//
12788// This operation can be called only from the organization's master account.
12789//
12790// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
12791// with awserr.Error's Code and Message methods to get detailed information about
12792// the error.
12793//
12794// See the AWS API reference guide for AWS Organizations's
12795// API operation UntagResource for usage and error information.
12796//
12797// Returned Error Types:
12798//   * AccessDeniedException
12799//   You don't have permissions to perform the requested operation. The user or
12800//   role that is making the request must have at least one IAM permissions policy
12801//   attached that grants the required permissions. For more information, see
12802//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
12803//   in the IAM User Guide.
12804//
12805//   * ConcurrentModificationException
12806//   The target of the operation is currently being modified by a different request.
12807//   Try again later.
12808//
12809//   * AWSOrganizationsNotInUseException
12810//   Your account isn't a member of an organization. To make this request, you
12811//   must use the credentials of an account that belongs to an organization.
12812//
12813//   * TargetNotFoundException
12814//   We can't find a root, OU, or account with the TargetId that you specified.
12815//
12816//   * ConstraintViolationException
12817//   Performing this operation violates a minimum or maximum value limit. For
12818//   example, attempting to remove the last service control policy (SCP) from
12819//   an OU or root, inviting or creating too many accounts to the organization,
12820//   or attaching too many policies to an account, OU, or root. This exception
12821//   includes a reason that contains additional information about the violated
12822//   limit:
12823//
12824//   Some of the reasons in the following list might not be applicable to this
12825//   specific API or operation.
12826//
12827//      * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master
12828//      account from the organization. You can't remove the master account. Instead,
12829//      after you remove all member accounts, delete the organization itself.
12830//
12831//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
12832//      from the organization that doesn't yet have enough information to exist
12833//      as a standalone account. This account requires you to first agree to the
12834//      AWS Customer Agreement. Follow the steps at Removing a member account
12835//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
12836//      the AWS Organizations User Guide.
12837//
12838//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
12839//      an account from the organization that doesn't yet have enough information
12840//      to exist as a standalone account. This account requires you to first complete
12841//      phone verification. Follow the steps at Removing a member account from
12842//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
12843//      in the AWS Organizations User Guide.
12844//
12845//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
12846//      of accounts that you can create in one day.
12847//
12848//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
12849//      the number of accounts in an organization. If you need more accounts,
12850//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
12851//      request an increase in your limit. Or the number of invitations that you
12852//      tried to send would cause you to exceed the limit of accounts in your
12853//      organization. Send fewer invitations or contact AWS Support to request
12854//      an increase in the number of accounts. Deleted and closed accounts still
12855//      count toward your limit. If you get this exception when running a command
12856//      immediately after creating the organization, wait one hour and try again.
12857//      After an hour, if the command continues to fail with this error, contact
12858//      AWS Support (https://console.aws.amazon.com/support/home#/).
12859//
12860//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
12861//      register the master account of the organization as a delegated administrator
12862//      for an AWS service integrated with Organizations. You can designate only
12863//      a member account as a delegated administrator.
12864//
12865//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
12866//      an account that is registered as a delegated administrator for a service
12867//      integrated with your organization. To complete this operation, you must
12868//      first deregister this account as a delegated administrator.
12869//
12870//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
12871//      organization in the specified region, you must enable all features mode.
12872//
12873//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
12874//      an AWS account as a delegated administrator for an AWS service that already
12875//      has a delegated administrator. To complete this operation, you must first
12876//      deregister any existing delegated administrators for this service.
12877//
12878//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
12879//      valid for a limited period of time. You must resubmit the request and
12880//      generate a new verfication code.
12881//
12882//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
12883//      handshakes that you can send in one day.
12884//
12885//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
12886//      in this organization, you first must migrate the organization's master
12887//      account to the marketplace that corresponds to the master account's address.
12888//      For example, accounts with India addresses must be associated with the
12889//      AISPL marketplace. All accounts in an organization must be associated
12890//      with the same marketplace.
12891//
12892//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
12893//      in China. To create an organization, the master must have an valid business
12894//      license. For more information, contact customer support.
12895//
12896//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
12897//      must first provide a valid contact address and phone number for the master
12898//      account. Then try the operation again.
12899//
12900//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
12901//      master account must have an associated account in the AWS GovCloud (US-West)
12902//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
12903//      in the AWS GovCloud User Guide.
12904//
12905//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
12906//      with this master account, you first must associate a valid payment instrument,
12907//      such as a credit card, with the account. Follow the steps at To leave
12908//      an organization when all required account information has not yet been
12909//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
12910//      in the AWS Organizations User Guide.
12911//
12912//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
12913//      to register more delegated administrators than allowed for the service
12914//      principal.
12915//
12916//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
12917//      number of policies of a certain type that can be attached to an entity
12918//      at one time.
12919//
12920//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
12921//      on this resource.
12922//
12923//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
12924//      with this member account, you first must associate a valid payment instrument,
12925//      such as a credit card, with the account. Follow the steps at To leave
12926//      an organization when all required account information has not yet been
12927//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
12928//      in the AWS Organizations User Guide.
12929//
12930//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
12931//      policy from an entity that would cause the entity to have fewer than the
12932//      minimum number of policies of a certain type required.
12933//
12934//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
12935//      that requires the organization to be configured to support all features.
12936//      An organization that supports only consolidated billing features can't
12937//      perform this operation.
12938//
12939//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
12940//      too many levels deep.
12941//
12942//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
12943//      that you can have in an organization.
12944//
12945//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
12946//      is larger than the maximum size.
12947//
12948//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
12949//      policies that you can have in an organization.
12950//
12951//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
12952//      tags that are not compliant with the tag policy requirements for this
12953//      account.
12954//
12955//   * InvalidInputException
12956//   The requested operation failed because you provided invalid values for one
12957//   or more of the request parameters. This exception includes a reason that
12958//   contains additional information about the violated limit:
12959//
12960//   Some of the reasons in the following list might not be applicable to this
12961//   specific API or operation.
12962//
12963//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
12964//      can't be modified.
12965//
12966//      * INPUT_REQUIRED: You must include a value for all required parameters.
12967//
12968//      * INVALID_ENUM: You specified an invalid value.
12969//
12970//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
12971//      characters.
12972//
12973//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
12974//      at least one invalid value.
12975//
12976//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
12977//      from the response to a previous call of the operation.
12978//
12979//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
12980//      organization, or email) as a party.
12981//
12982//      * INVALID_PATTERN: You provided a value that doesn't match the required
12983//      pattern.
12984//
12985//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
12986//      match the required pattern.
12987//
12988//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
12989//      name can't begin with the reserved prefix AWSServiceRoleFor.
12990//
12991//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
12992//      Name (ARN) for the organization.
12993//
12994//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
12995//
12996//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
12997//      tag. You can’t add, edit, or delete system tag keys because they're
12998//      reserved for AWS use. System tags don’t count against your tags per
12999//      resource limit.
13000//
13001//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
13002//      for the operation.
13003//
13004//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
13005//      than allowed.
13006//
13007//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
13008//      value than allowed.
13009//
13010//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
13011//      than allowed.
13012//
13013//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
13014//      value than allowed.
13015//
13016//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
13017//      between entities in the same root.
13018//
13019//   * ServiceException
13020//   AWS Organizations can't complete your request because of an internal service
13021//   error. Try again later.
13022//
13023//   * TooManyRequestsException
13024//   You have sent too many requests in too short a period of time. The quota
13025//   helps protect against denial-of-service attacks. Try again later.
13026//
13027//   For information about quotas that affect AWS Organizations, see Quotas for
13028//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
13029//   the AWS Organizations User Guide.
13030//
13031// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UntagResource
13032func (c *Organizations) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) {
13033	req, out := c.UntagResourceRequest(input)
13034	return out, req.Send()
13035}
13036
13037// UntagResourceWithContext is the same as UntagResource with the addition of
13038// the ability to pass a context and additional request options.
13039//
13040// See UntagResource for details on how to use this API operation.
13041//
13042// The context must be non-nil and will be used for request cancellation. If
13043// the context is nil a panic will occur. In the future the SDK may create
13044// sub-contexts for http.Requests. See https://golang.org/pkg/context/
13045// for more information on using Contexts.
13046func (c *Organizations) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) {
13047	req, out := c.UntagResourceRequest(input)
13048	req.SetContext(ctx)
13049	req.ApplyOptions(opts...)
13050	return out, req.Send()
13051}
13052
13053const opUpdateOrganizationalUnit = "UpdateOrganizationalUnit"
13054
13055// UpdateOrganizationalUnitRequest generates a "aws/request.Request" representing the
13056// client's request for the UpdateOrganizationalUnit operation. The "output" return
13057// value will be populated with the request's response once the request completes
13058// successfully.
13059//
13060// Use "Send" method on the returned Request to send the API call to the service.
13061// the "output" return value is not valid until after Send returns without error.
13062//
13063// See UpdateOrganizationalUnit for more information on using the UpdateOrganizationalUnit
13064// API call, and error handling.
13065//
13066// This method is useful when you want to inject custom logic or configuration
13067// into the SDK's request lifecycle. Such as custom headers, or retry logic.
13068//
13069//
13070//    // Example sending a request using the UpdateOrganizationalUnitRequest method.
13071//    req, resp := client.UpdateOrganizationalUnitRequest(params)
13072//
13073//    err := req.Send()
13074//    if err == nil { // resp is now filled
13075//        fmt.Println(resp)
13076//    }
13077//
13078// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdateOrganizationalUnit
13079func (c *Organizations) UpdateOrganizationalUnitRequest(input *UpdateOrganizationalUnitInput) (req *request.Request, output *UpdateOrganizationalUnitOutput) {
13080	op := &request.Operation{
13081		Name:       opUpdateOrganizationalUnit,
13082		HTTPMethod: "POST",
13083		HTTPPath:   "/",
13084	}
13085
13086	if input == nil {
13087		input = &UpdateOrganizationalUnitInput{}
13088	}
13089
13090	output = &UpdateOrganizationalUnitOutput{}
13091	req = c.newRequest(op, input, output)
13092	return
13093}
13094
13095// UpdateOrganizationalUnit API operation for AWS Organizations.
13096//
13097// Renames the specified organizational unit (OU). The ID and ARN don't change.
13098// The child OUs and accounts remain in place, and any attached policies of
13099// the OU remain attached.
13100//
13101// This operation can be called only from the organization's master account.
13102//
13103// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
13104// with awserr.Error's Code and Message methods to get detailed information about
13105// the error.
13106//
13107// See the AWS API reference guide for AWS Organizations's
13108// API operation UpdateOrganizationalUnit for usage and error information.
13109//
13110// Returned Error Types:
13111//   * AccessDeniedException
13112//   You don't have permissions to perform the requested operation. The user or
13113//   role that is making the request must have at least one IAM permissions policy
13114//   attached that grants the required permissions. For more information, see
13115//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
13116//   in the IAM User Guide.
13117//
13118//   * AWSOrganizationsNotInUseException
13119//   Your account isn't a member of an organization. To make this request, you
13120//   must use the credentials of an account that belongs to an organization.
13121//
13122//   * ConcurrentModificationException
13123//   The target of the operation is currently being modified by a different request.
13124//   Try again later.
13125//
13126//   * DuplicateOrganizationalUnitException
13127//   An OU with the same name already exists.
13128//
13129//   * InvalidInputException
13130//   The requested operation failed because you provided invalid values for one
13131//   or more of the request parameters. This exception includes a reason that
13132//   contains additional information about the violated limit:
13133//
13134//   Some of the reasons in the following list might not be applicable to this
13135//   specific API or operation.
13136//
13137//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
13138//      can't be modified.
13139//
13140//      * INPUT_REQUIRED: You must include a value for all required parameters.
13141//
13142//      * INVALID_ENUM: You specified an invalid value.
13143//
13144//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
13145//      characters.
13146//
13147//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
13148//      at least one invalid value.
13149//
13150//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
13151//      from the response to a previous call of the operation.
13152//
13153//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
13154//      organization, or email) as a party.
13155//
13156//      * INVALID_PATTERN: You provided a value that doesn't match the required
13157//      pattern.
13158//
13159//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
13160//      match the required pattern.
13161//
13162//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
13163//      name can't begin with the reserved prefix AWSServiceRoleFor.
13164//
13165//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
13166//      Name (ARN) for the organization.
13167//
13168//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
13169//
13170//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
13171//      tag. You can’t add, edit, or delete system tag keys because they're
13172//      reserved for AWS use. System tags don’t count against your tags per
13173//      resource limit.
13174//
13175//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
13176//      for the operation.
13177//
13178//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
13179//      than allowed.
13180//
13181//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
13182//      value than allowed.
13183//
13184//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
13185//      than allowed.
13186//
13187//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
13188//      value than allowed.
13189//
13190//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
13191//      between entities in the same root.
13192//
13193//   * OrganizationalUnitNotFoundException
13194//   We can't find an OU with the OrganizationalUnitId that you specified.
13195//
13196//   * ServiceException
13197//   AWS Organizations can't complete your request because of an internal service
13198//   error. Try again later.
13199//
13200//   * TooManyRequestsException
13201//   You have sent too many requests in too short a period of time. The quota
13202//   helps protect against denial-of-service attacks. Try again later.
13203//
13204//   For information about quotas that affect AWS Organizations, see Quotas for
13205//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
13206//   the AWS Organizations User Guide.
13207//
13208// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdateOrganizationalUnit
13209func (c *Organizations) UpdateOrganizationalUnit(input *UpdateOrganizationalUnitInput) (*UpdateOrganizationalUnitOutput, error) {
13210	req, out := c.UpdateOrganizationalUnitRequest(input)
13211	return out, req.Send()
13212}
13213
13214// UpdateOrganizationalUnitWithContext is the same as UpdateOrganizationalUnit with the addition of
13215// the ability to pass a context and additional request options.
13216//
13217// See UpdateOrganizationalUnit for details on how to use this API operation.
13218//
13219// The context must be non-nil and will be used for request cancellation. If
13220// the context is nil a panic will occur. In the future the SDK may create
13221// sub-contexts for http.Requests. See https://golang.org/pkg/context/
13222// for more information on using Contexts.
13223func (c *Organizations) UpdateOrganizationalUnitWithContext(ctx aws.Context, input *UpdateOrganizationalUnitInput, opts ...request.Option) (*UpdateOrganizationalUnitOutput, error) {
13224	req, out := c.UpdateOrganizationalUnitRequest(input)
13225	req.SetContext(ctx)
13226	req.ApplyOptions(opts...)
13227	return out, req.Send()
13228}
13229
13230const opUpdatePolicy = "UpdatePolicy"
13231
13232// UpdatePolicyRequest generates a "aws/request.Request" representing the
13233// client's request for the UpdatePolicy operation. The "output" return
13234// value will be populated with the request's response once the request completes
13235// successfully.
13236//
13237// Use "Send" method on the returned Request to send the API call to the service.
13238// the "output" return value is not valid until after Send returns without error.
13239//
13240// See UpdatePolicy for more information on using the UpdatePolicy
13241// API call, and error handling.
13242//
13243// This method is useful when you want to inject custom logic or configuration
13244// into the SDK's request lifecycle. Such as custom headers, or retry logic.
13245//
13246//
13247//    // Example sending a request using the UpdatePolicyRequest method.
13248//    req, resp := client.UpdatePolicyRequest(params)
13249//
13250//    err := req.Send()
13251//    if err == nil { // resp is now filled
13252//        fmt.Println(resp)
13253//    }
13254//
13255// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdatePolicy
13256func (c *Organizations) UpdatePolicyRequest(input *UpdatePolicyInput) (req *request.Request, output *UpdatePolicyOutput) {
13257	op := &request.Operation{
13258		Name:       opUpdatePolicy,
13259		HTTPMethod: "POST",
13260		HTTPPath:   "/",
13261	}
13262
13263	if input == nil {
13264		input = &UpdatePolicyInput{}
13265	}
13266
13267	output = &UpdatePolicyOutput{}
13268	req = c.newRequest(op, input, output)
13269	return
13270}
13271
13272// UpdatePolicy API operation for AWS Organizations.
13273//
13274// Updates an existing policy with a new name, description, or content. If you
13275// don't supply any parameter, that value remains unchanged. You can't change
13276// a policy's type.
13277//
13278// This operation can be called only from the organization's master account.
13279//
13280// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
13281// with awserr.Error's Code and Message methods to get detailed information about
13282// the error.
13283//
13284// See the AWS API reference guide for AWS Organizations's
13285// API operation UpdatePolicy for usage and error information.
13286//
13287// Returned Error Types:
13288//   * AccessDeniedException
13289//   You don't have permissions to perform the requested operation. The user or
13290//   role that is making the request must have at least one IAM permissions policy
13291//   attached that grants the required permissions. For more information, see
13292//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
13293//   in the IAM User Guide.
13294//
13295//   * AWSOrganizationsNotInUseException
13296//   Your account isn't a member of an organization. To make this request, you
13297//   must use the credentials of an account that belongs to an organization.
13298//
13299//   * ConcurrentModificationException
13300//   The target of the operation is currently being modified by a different request.
13301//   Try again later.
13302//
13303//   * ConstraintViolationException
13304//   Performing this operation violates a minimum or maximum value limit. For
13305//   example, attempting to remove the last service control policy (SCP) from
13306//   an OU or root, inviting or creating too many accounts to the organization,
13307//   or attaching too many policies to an account, OU, or root. This exception
13308//   includes a reason that contains additional information about the violated
13309//   limit:
13310//
13311//   Some of the reasons in the following list might not be applicable to this
13312//   specific API or operation.
13313//
13314//      * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master
13315//      account from the organization. You can't remove the master account. Instead,
13316//      after you remove all member accounts, delete the organization itself.
13317//
13318//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
13319//      from the organization that doesn't yet have enough information to exist
13320//      as a standalone account. This account requires you to first agree to the
13321//      AWS Customer Agreement. Follow the steps at Removing a member account
13322//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
13323//      the AWS Organizations User Guide.
13324//
13325//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
13326//      an account from the organization that doesn't yet have enough information
13327//      to exist as a standalone account. This account requires you to first complete
13328//      phone verification. Follow the steps at Removing a member account from
13329//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
13330//      in the AWS Organizations User Guide.
13331//
13332//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
13333//      of accounts that you can create in one day.
13334//
13335//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
13336//      the number of accounts in an organization. If you need more accounts,
13337//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
13338//      request an increase in your limit. Or the number of invitations that you
13339//      tried to send would cause you to exceed the limit of accounts in your
13340//      organization. Send fewer invitations or contact AWS Support to request
13341//      an increase in the number of accounts. Deleted and closed accounts still
13342//      count toward your limit. If you get this exception when running a command
13343//      immediately after creating the organization, wait one hour and try again.
13344//      After an hour, if the command continues to fail with this error, contact
13345//      AWS Support (https://console.aws.amazon.com/support/home#/).
13346//
13347//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
13348//      register the master account of the organization as a delegated administrator
13349//      for an AWS service integrated with Organizations. You can designate only
13350//      a member account as a delegated administrator.
13351//
13352//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
13353//      an account that is registered as a delegated administrator for a service
13354//      integrated with your organization. To complete this operation, you must
13355//      first deregister this account as a delegated administrator.
13356//
13357//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
13358//      organization in the specified region, you must enable all features mode.
13359//
13360//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
13361//      an AWS account as a delegated administrator for an AWS service that already
13362//      has a delegated administrator. To complete this operation, you must first
13363//      deregister any existing delegated administrators for this service.
13364//
13365//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
13366//      valid for a limited period of time. You must resubmit the request and
13367//      generate a new verfication code.
13368//
13369//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
13370//      handshakes that you can send in one day.
13371//
13372//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
13373//      in this organization, you first must migrate the organization's master
13374//      account to the marketplace that corresponds to the master account's address.
13375//      For example, accounts with India addresses must be associated with the
13376//      AISPL marketplace. All accounts in an organization must be associated
13377//      with the same marketplace.
13378//
13379//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
13380//      in China. To create an organization, the master must have an valid business
13381//      license. For more information, contact customer support.
13382//
13383//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
13384//      must first provide a valid contact address and phone number for the master
13385//      account. Then try the operation again.
13386//
13387//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
13388//      master account must have an associated account in the AWS GovCloud (US-West)
13389//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
13390//      in the AWS GovCloud User Guide.
13391//
13392//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
13393//      with this master account, you first must associate a valid payment instrument,
13394//      such as a credit card, with the account. Follow the steps at To leave
13395//      an organization when all required account information has not yet been
13396//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
13397//      in the AWS Organizations User Guide.
13398//
13399//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
13400//      to register more delegated administrators than allowed for the service
13401//      principal.
13402//
13403//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
13404//      number of policies of a certain type that can be attached to an entity
13405//      at one time.
13406//
13407//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
13408//      on this resource.
13409//
13410//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
13411//      with this member account, you first must associate a valid payment instrument,
13412//      such as a credit card, with the account. Follow the steps at To leave
13413//      an organization when all required account information has not yet been
13414//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
13415//      in the AWS Organizations User Guide.
13416//
13417//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
13418//      policy from an entity that would cause the entity to have fewer than the
13419//      minimum number of policies of a certain type required.
13420//
13421//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
13422//      that requires the organization to be configured to support all features.
13423//      An organization that supports only consolidated billing features can't
13424//      perform this operation.
13425//
13426//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
13427//      too many levels deep.
13428//
13429//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
13430//      that you can have in an organization.
13431//
13432//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
13433//      is larger than the maximum size.
13434//
13435//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
13436//      policies that you can have in an organization.
13437//
13438//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
13439//      tags that are not compliant with the tag policy requirements for this
13440//      account.
13441//
13442//   * DuplicatePolicyException
13443//   A policy with the same name already exists.
13444//
13445//   * InvalidInputException
13446//   The requested operation failed because you provided invalid values for one
13447//   or more of the request parameters. This exception includes a reason that
13448//   contains additional information about the violated limit:
13449//
13450//   Some of the reasons in the following list might not be applicable to this
13451//   specific API or operation.
13452//
13453//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
13454//      can't be modified.
13455//
13456//      * INPUT_REQUIRED: You must include a value for all required parameters.
13457//
13458//      * INVALID_ENUM: You specified an invalid value.
13459//
13460//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
13461//      characters.
13462//
13463//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
13464//      at least one invalid value.
13465//
13466//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
13467//      from the response to a previous call of the operation.
13468//
13469//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
13470//      organization, or email) as a party.
13471//
13472//      * INVALID_PATTERN: You provided a value that doesn't match the required
13473//      pattern.
13474//
13475//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
13476//      match the required pattern.
13477//
13478//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
13479//      name can't begin with the reserved prefix AWSServiceRoleFor.
13480//
13481//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
13482//      Name (ARN) for the organization.
13483//
13484//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
13485//
13486//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
13487//      tag. You can’t add, edit, or delete system tag keys because they're
13488//      reserved for AWS use. System tags don’t count against your tags per
13489//      resource limit.
13490//
13491//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
13492//      for the operation.
13493//
13494//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
13495//      than allowed.
13496//
13497//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
13498//      value than allowed.
13499//
13500//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
13501//      than allowed.
13502//
13503//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
13504//      value than allowed.
13505//
13506//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
13507//      between entities in the same root.
13508//
13509//   * MalformedPolicyDocumentException
13510//   The provided policy document doesn't meet the requirements of the specified
13511//   policy type. For example, the syntax might be incorrect. For details about
13512//   service control policy syntax, see Service Control Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html)
13513//   in the AWS Organizations User Guide.
13514//
13515//   * PolicyNotFoundException
13516//   We can't find a policy with the PolicyId that you specified.
13517//
13518//   * ServiceException
13519//   AWS Organizations can't complete your request because of an internal service
13520//   error. Try again later.
13521//
13522//   * TooManyRequestsException
13523//   You have sent too many requests in too short a period of time. The quota
13524//   helps protect against denial-of-service attacks. Try again later.
13525//
13526//   For information about quotas that affect AWS Organizations, see Quotas for
13527//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
13528//   the AWS Organizations User Guide.
13529//
13530//   * UnsupportedAPIEndpointException
13531//   This action isn't available in the current AWS Region.
13532//
13533//   * PolicyChangesInProgressException
13534//   Changes to the effective policy are in progress, and its contents can't be
13535//   returned. Try the operation again later.
13536//
13537// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdatePolicy
13538func (c *Organizations) UpdatePolicy(input *UpdatePolicyInput) (*UpdatePolicyOutput, error) {
13539	req, out := c.UpdatePolicyRequest(input)
13540	return out, req.Send()
13541}
13542
13543// UpdatePolicyWithContext is the same as UpdatePolicy with the addition of
13544// the ability to pass a context and additional request options.
13545//
13546// See UpdatePolicy for details on how to use this API operation.
13547//
13548// The context must be non-nil and will be used for request cancellation. If
13549// the context is nil a panic will occur. In the future the SDK may create
13550// sub-contexts for http.Requests. See https://golang.org/pkg/context/
13551// for more information on using Contexts.
13552func (c *Organizations) UpdatePolicyWithContext(ctx aws.Context, input *UpdatePolicyInput, opts ...request.Option) (*UpdatePolicyOutput, error) {
13553	req, out := c.UpdatePolicyRequest(input)
13554	req.SetContext(ctx)
13555	req.ApplyOptions(opts...)
13556	return out, req.Send()
13557}
13558
13559// Your account isn't a member of an organization. To make this request, you
13560// must use the credentials of an account that belongs to an organization.
13561type AWSOrganizationsNotInUseException struct {
13562	_            struct{}                  `type:"structure"`
13563	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
13564
13565	Message_ *string `locationName:"Message" type:"string"`
13566}
13567
13568// String returns the string representation
13569func (s AWSOrganizationsNotInUseException) String() string {
13570	return awsutil.Prettify(s)
13571}
13572
13573// GoString returns the string representation
13574func (s AWSOrganizationsNotInUseException) GoString() string {
13575	return s.String()
13576}
13577
13578func newErrorAWSOrganizationsNotInUseException(v protocol.ResponseMetadata) error {
13579	return &AWSOrganizationsNotInUseException{
13580		RespMetadata: v,
13581	}
13582}
13583
13584// Code returns the exception type name.
13585func (s *AWSOrganizationsNotInUseException) Code() string {
13586	return "AWSOrganizationsNotInUseException"
13587}
13588
13589// Message returns the exception's message.
13590func (s *AWSOrganizationsNotInUseException) Message() string {
13591	if s.Message_ != nil {
13592		return *s.Message_
13593	}
13594	return ""
13595}
13596
13597// OrigErr always returns nil, satisfies awserr.Error interface.
13598func (s *AWSOrganizationsNotInUseException) OrigErr() error {
13599	return nil
13600}
13601
13602func (s *AWSOrganizationsNotInUseException) Error() string {
13603	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
13604}
13605
13606// Status code returns the HTTP status code for the request's response error.
13607func (s *AWSOrganizationsNotInUseException) StatusCode() int {
13608	return s.RespMetadata.StatusCode
13609}
13610
13611// RequestID returns the service's response RequestID for request.
13612func (s *AWSOrganizationsNotInUseException) RequestID() string {
13613	return s.RespMetadata.RequestID
13614}
13615
13616type AcceptHandshakeInput struct {
13617	_ struct{} `type:"structure"`
13618
13619	// The unique identifier (ID) of the handshake that you want to accept.
13620	//
13621	// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
13622	// requires "h-" followed by from 8 to 32 lowercase letters or digits.
13623	//
13624	// HandshakeId is a required field
13625	HandshakeId *string `type:"string" required:"true"`
13626}
13627
13628// String returns the string representation
13629func (s AcceptHandshakeInput) String() string {
13630	return awsutil.Prettify(s)
13631}
13632
13633// GoString returns the string representation
13634func (s AcceptHandshakeInput) GoString() string {
13635	return s.String()
13636}
13637
13638// Validate inspects the fields of the type to determine if they are valid.
13639func (s *AcceptHandshakeInput) Validate() error {
13640	invalidParams := request.ErrInvalidParams{Context: "AcceptHandshakeInput"}
13641	if s.HandshakeId == nil {
13642		invalidParams.Add(request.NewErrParamRequired("HandshakeId"))
13643	}
13644
13645	if invalidParams.Len() > 0 {
13646		return invalidParams
13647	}
13648	return nil
13649}
13650
13651// SetHandshakeId sets the HandshakeId field's value.
13652func (s *AcceptHandshakeInput) SetHandshakeId(v string) *AcceptHandshakeInput {
13653	s.HandshakeId = &v
13654	return s
13655}
13656
13657type AcceptHandshakeOutput struct {
13658	_ struct{} `type:"structure"`
13659
13660	// A structure that contains details about the accepted handshake.
13661	Handshake *Handshake `type:"structure"`
13662}
13663
13664// String returns the string representation
13665func (s AcceptHandshakeOutput) String() string {
13666	return awsutil.Prettify(s)
13667}
13668
13669// GoString returns the string representation
13670func (s AcceptHandshakeOutput) GoString() string {
13671	return s.String()
13672}
13673
13674// SetHandshake sets the Handshake field's value.
13675func (s *AcceptHandshakeOutput) SetHandshake(v *Handshake) *AcceptHandshakeOutput {
13676	s.Handshake = v
13677	return s
13678}
13679
13680// You don't have permissions to perform the requested operation. The user or
13681// role that is making the request must have at least one IAM permissions policy
13682// attached that grants the required permissions. For more information, see
13683// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
13684// in the IAM User Guide.
13685type AccessDeniedException struct {
13686	_            struct{}                  `type:"structure"`
13687	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
13688
13689	Message_ *string `locationName:"Message" type:"string"`
13690}
13691
13692// String returns the string representation
13693func (s AccessDeniedException) String() string {
13694	return awsutil.Prettify(s)
13695}
13696
13697// GoString returns the string representation
13698func (s AccessDeniedException) GoString() string {
13699	return s.String()
13700}
13701
13702func newErrorAccessDeniedException(v protocol.ResponseMetadata) error {
13703	return &AccessDeniedException{
13704		RespMetadata: v,
13705	}
13706}
13707
13708// Code returns the exception type name.
13709func (s *AccessDeniedException) Code() string {
13710	return "AccessDeniedException"
13711}
13712
13713// Message returns the exception's message.
13714func (s *AccessDeniedException) Message() string {
13715	if s.Message_ != nil {
13716		return *s.Message_
13717	}
13718	return ""
13719}
13720
13721// OrigErr always returns nil, satisfies awserr.Error interface.
13722func (s *AccessDeniedException) OrigErr() error {
13723	return nil
13724}
13725
13726func (s *AccessDeniedException) Error() string {
13727	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
13728}
13729
13730// Status code returns the HTTP status code for the request's response error.
13731func (s *AccessDeniedException) StatusCode() int {
13732	return s.RespMetadata.StatusCode
13733}
13734
13735// RequestID returns the service's response RequestID for request.
13736func (s *AccessDeniedException) RequestID() string {
13737	return s.RespMetadata.RequestID
13738}
13739
13740// The operation that you attempted requires you to have the iam:CreateServiceLinkedRole
13741// for organizations.amazonaws.com permission so that AWS Organizations can
13742// create the required service-linked role. You don't have that permission.
13743type AccessDeniedForDependencyException struct {
13744	_            struct{}                  `type:"structure"`
13745	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
13746
13747	Message_ *string `locationName:"Message" type:"string"`
13748
13749	Reason *string `type:"string" enum:"AccessDeniedForDependencyExceptionReason"`
13750}
13751
13752// String returns the string representation
13753func (s AccessDeniedForDependencyException) String() string {
13754	return awsutil.Prettify(s)
13755}
13756
13757// GoString returns the string representation
13758func (s AccessDeniedForDependencyException) GoString() string {
13759	return s.String()
13760}
13761
13762func newErrorAccessDeniedForDependencyException(v protocol.ResponseMetadata) error {
13763	return &AccessDeniedForDependencyException{
13764		RespMetadata: v,
13765	}
13766}
13767
13768// Code returns the exception type name.
13769func (s *AccessDeniedForDependencyException) Code() string {
13770	return "AccessDeniedForDependencyException"
13771}
13772
13773// Message returns the exception's message.
13774func (s *AccessDeniedForDependencyException) Message() string {
13775	if s.Message_ != nil {
13776		return *s.Message_
13777	}
13778	return ""
13779}
13780
13781// OrigErr always returns nil, satisfies awserr.Error interface.
13782func (s *AccessDeniedForDependencyException) OrigErr() error {
13783	return nil
13784}
13785
13786func (s *AccessDeniedForDependencyException) Error() string {
13787	return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
13788}
13789
13790// Status code returns the HTTP status code for the request's response error.
13791func (s *AccessDeniedForDependencyException) StatusCode() int {
13792	return s.RespMetadata.StatusCode
13793}
13794
13795// RequestID returns the service's response RequestID for request.
13796func (s *AccessDeniedForDependencyException) RequestID() string {
13797	return s.RespMetadata.RequestID
13798}
13799
13800// Contains information about an AWS account that is a member of an organization.
13801type Account struct {
13802	_ struct{} `type:"structure"`
13803
13804	// The Amazon Resource Name (ARN) of the account.
13805	//
13806	// For more information about ARNs in Organizations, see ARN Formats Supported
13807	// by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns)
13808	// in the AWS Organizations User Guide.
13809	Arn *string `type:"string"`
13810
13811	// The email address associated with the AWS account.
13812	//
13813	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
13814	// a string of characters that represents a standard internet email address.
13815	Email *string `min:"6" type:"string" sensitive:"true"`
13816
13817	// The unique identifier (ID) of the account.
13818	//
13819	// The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string
13820	// requires exactly 12 digits.
13821	Id *string `type:"string"`
13822
13823	// The method by which the account joined the organization.
13824	JoinedMethod *string `type:"string" enum:"AccountJoinedMethod"`
13825
13826	// The date the account became a part of the organization.
13827	JoinedTimestamp *time.Time `type:"timestamp"`
13828
13829	// The friendly name of the account.
13830	//
13831	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
13832	// this parameter is a string of any of the characters in the ASCII character
13833	// range.
13834	Name *string `min:"1" type:"string" sensitive:"true"`
13835
13836	// The status of the account in the organization.
13837	Status *string `type:"string" enum:"AccountStatus"`
13838}
13839
13840// String returns the string representation
13841func (s Account) String() string {
13842	return awsutil.Prettify(s)
13843}
13844
13845// GoString returns the string representation
13846func (s Account) GoString() string {
13847	return s.String()
13848}
13849
13850// SetArn sets the Arn field's value.
13851func (s *Account) SetArn(v string) *Account {
13852	s.Arn = &v
13853	return s
13854}
13855
13856// SetEmail sets the Email field's value.
13857func (s *Account) SetEmail(v string) *Account {
13858	s.Email = &v
13859	return s
13860}
13861
13862// SetId sets the Id field's value.
13863func (s *Account) SetId(v string) *Account {
13864	s.Id = &v
13865	return s
13866}
13867
13868// SetJoinedMethod sets the JoinedMethod field's value.
13869func (s *Account) SetJoinedMethod(v string) *Account {
13870	s.JoinedMethod = &v
13871	return s
13872}
13873
13874// SetJoinedTimestamp sets the JoinedTimestamp field's value.
13875func (s *Account) SetJoinedTimestamp(v time.Time) *Account {
13876	s.JoinedTimestamp = &v
13877	return s
13878}
13879
13880// SetName sets the Name field's value.
13881func (s *Account) SetName(v string) *Account {
13882	s.Name = &v
13883	return s
13884}
13885
13886// SetStatus sets the Status field's value.
13887func (s *Account) SetStatus(v string) *Account {
13888	s.Status = &v
13889	return s
13890}
13891
13892// The specified account is already a delegated administrator for this AWS service.
13893type AccountAlreadyRegisteredException struct {
13894	_            struct{}                  `type:"structure"`
13895	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
13896
13897	Message_ *string `locationName:"Message" type:"string"`
13898}
13899
13900// String returns the string representation
13901func (s AccountAlreadyRegisteredException) String() string {
13902	return awsutil.Prettify(s)
13903}
13904
13905// GoString returns the string representation
13906func (s AccountAlreadyRegisteredException) GoString() string {
13907	return s.String()
13908}
13909
13910func newErrorAccountAlreadyRegisteredException(v protocol.ResponseMetadata) error {
13911	return &AccountAlreadyRegisteredException{
13912		RespMetadata: v,
13913	}
13914}
13915
13916// Code returns the exception type name.
13917func (s *AccountAlreadyRegisteredException) Code() string {
13918	return "AccountAlreadyRegisteredException"
13919}
13920
13921// Message returns the exception's message.
13922func (s *AccountAlreadyRegisteredException) Message() string {
13923	if s.Message_ != nil {
13924		return *s.Message_
13925	}
13926	return ""
13927}
13928
13929// OrigErr always returns nil, satisfies awserr.Error interface.
13930func (s *AccountAlreadyRegisteredException) OrigErr() error {
13931	return nil
13932}
13933
13934func (s *AccountAlreadyRegisteredException) Error() string {
13935	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
13936}
13937
13938// Status code returns the HTTP status code for the request's response error.
13939func (s *AccountAlreadyRegisteredException) StatusCode() int {
13940	return s.RespMetadata.StatusCode
13941}
13942
13943// RequestID returns the service's response RequestID for request.
13944func (s *AccountAlreadyRegisteredException) RequestID() string {
13945	return s.RespMetadata.RequestID
13946}
13947
13948// We can't find an AWS account with the AccountId that you specified, or the
13949// account whose credentials you used to make this request isn't a member of
13950// an organization.
13951type AccountNotFoundException struct {
13952	_            struct{}                  `type:"structure"`
13953	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
13954
13955	Message_ *string `locationName:"Message" type:"string"`
13956}
13957
13958// String returns the string representation
13959func (s AccountNotFoundException) String() string {
13960	return awsutil.Prettify(s)
13961}
13962
13963// GoString returns the string representation
13964func (s AccountNotFoundException) GoString() string {
13965	return s.String()
13966}
13967
13968func newErrorAccountNotFoundException(v protocol.ResponseMetadata) error {
13969	return &AccountNotFoundException{
13970		RespMetadata: v,
13971	}
13972}
13973
13974// Code returns the exception type name.
13975func (s *AccountNotFoundException) Code() string {
13976	return "AccountNotFoundException"
13977}
13978
13979// Message returns the exception's message.
13980func (s *AccountNotFoundException) Message() string {
13981	if s.Message_ != nil {
13982		return *s.Message_
13983	}
13984	return ""
13985}
13986
13987// OrigErr always returns nil, satisfies awserr.Error interface.
13988func (s *AccountNotFoundException) OrigErr() error {
13989	return nil
13990}
13991
13992func (s *AccountNotFoundException) Error() string {
13993	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
13994}
13995
13996// Status code returns the HTTP status code for the request's response error.
13997func (s *AccountNotFoundException) StatusCode() int {
13998	return s.RespMetadata.StatusCode
13999}
14000
14001// RequestID returns the service's response RequestID for request.
14002func (s *AccountNotFoundException) RequestID() string {
14003	return s.RespMetadata.RequestID
14004}
14005
14006// The specified account is not a delegated administrator for this AWS service.
14007type AccountNotRegisteredException struct {
14008	_            struct{}                  `type:"structure"`
14009	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
14010
14011	Message_ *string `locationName:"Message" type:"string"`
14012}
14013
14014// String returns the string representation
14015func (s AccountNotRegisteredException) String() string {
14016	return awsutil.Prettify(s)
14017}
14018
14019// GoString returns the string representation
14020func (s AccountNotRegisteredException) GoString() string {
14021	return s.String()
14022}
14023
14024func newErrorAccountNotRegisteredException(v protocol.ResponseMetadata) error {
14025	return &AccountNotRegisteredException{
14026		RespMetadata: v,
14027	}
14028}
14029
14030// Code returns the exception type name.
14031func (s *AccountNotRegisteredException) Code() string {
14032	return "AccountNotRegisteredException"
14033}
14034
14035// Message returns the exception's message.
14036func (s *AccountNotRegisteredException) Message() string {
14037	if s.Message_ != nil {
14038		return *s.Message_
14039	}
14040	return ""
14041}
14042
14043// OrigErr always returns nil, satisfies awserr.Error interface.
14044func (s *AccountNotRegisteredException) OrigErr() error {
14045	return nil
14046}
14047
14048func (s *AccountNotRegisteredException) Error() string {
14049	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
14050}
14051
14052// Status code returns the HTTP status code for the request's response error.
14053func (s *AccountNotRegisteredException) StatusCode() int {
14054	return s.RespMetadata.StatusCode
14055}
14056
14057// RequestID returns the service's response RequestID for request.
14058func (s *AccountNotRegisteredException) RequestID() string {
14059	return s.RespMetadata.RequestID
14060}
14061
14062// You can't invite an existing account to your organization until you verify
14063// that you own the email address associated with the master account. For more
14064// information, see Email Address Verification (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_create.html#about-email-verification)
14065// in the AWS Organizations User Guide.
14066type AccountOwnerNotVerifiedException struct {
14067	_            struct{}                  `type:"structure"`
14068	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
14069
14070	Message_ *string `locationName:"Message" type:"string"`
14071}
14072
14073// String returns the string representation
14074func (s AccountOwnerNotVerifiedException) String() string {
14075	return awsutil.Prettify(s)
14076}
14077
14078// GoString returns the string representation
14079func (s AccountOwnerNotVerifiedException) GoString() string {
14080	return s.String()
14081}
14082
14083func newErrorAccountOwnerNotVerifiedException(v protocol.ResponseMetadata) error {
14084	return &AccountOwnerNotVerifiedException{
14085		RespMetadata: v,
14086	}
14087}
14088
14089// Code returns the exception type name.
14090func (s *AccountOwnerNotVerifiedException) Code() string {
14091	return "AccountOwnerNotVerifiedException"
14092}
14093
14094// Message returns the exception's message.
14095func (s *AccountOwnerNotVerifiedException) Message() string {
14096	if s.Message_ != nil {
14097		return *s.Message_
14098	}
14099	return ""
14100}
14101
14102// OrigErr always returns nil, satisfies awserr.Error interface.
14103func (s *AccountOwnerNotVerifiedException) OrigErr() error {
14104	return nil
14105}
14106
14107func (s *AccountOwnerNotVerifiedException) Error() string {
14108	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
14109}
14110
14111// Status code returns the HTTP status code for the request's response error.
14112func (s *AccountOwnerNotVerifiedException) StatusCode() int {
14113	return s.RespMetadata.StatusCode
14114}
14115
14116// RequestID returns the service's response RequestID for request.
14117func (s *AccountOwnerNotVerifiedException) RequestID() string {
14118	return s.RespMetadata.RequestID
14119}
14120
14121// This account is already a member of an organization. An account can belong
14122// to only one organization at a time.
14123type AlreadyInOrganizationException struct {
14124	_            struct{}                  `type:"structure"`
14125	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
14126
14127	Message_ *string `locationName:"Message" type:"string"`
14128}
14129
14130// String returns the string representation
14131func (s AlreadyInOrganizationException) String() string {
14132	return awsutil.Prettify(s)
14133}
14134
14135// GoString returns the string representation
14136func (s AlreadyInOrganizationException) GoString() string {
14137	return s.String()
14138}
14139
14140func newErrorAlreadyInOrganizationException(v protocol.ResponseMetadata) error {
14141	return &AlreadyInOrganizationException{
14142		RespMetadata: v,
14143	}
14144}
14145
14146// Code returns the exception type name.
14147func (s *AlreadyInOrganizationException) Code() string {
14148	return "AlreadyInOrganizationException"
14149}
14150
14151// Message returns the exception's message.
14152func (s *AlreadyInOrganizationException) Message() string {
14153	if s.Message_ != nil {
14154		return *s.Message_
14155	}
14156	return ""
14157}
14158
14159// OrigErr always returns nil, satisfies awserr.Error interface.
14160func (s *AlreadyInOrganizationException) OrigErr() error {
14161	return nil
14162}
14163
14164func (s *AlreadyInOrganizationException) Error() string {
14165	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
14166}
14167
14168// Status code returns the HTTP status code for the request's response error.
14169func (s *AlreadyInOrganizationException) StatusCode() int {
14170	return s.RespMetadata.StatusCode
14171}
14172
14173// RequestID returns the service's response RequestID for request.
14174func (s *AlreadyInOrganizationException) RequestID() string {
14175	return s.RespMetadata.RequestID
14176}
14177
14178type AttachPolicyInput struct {
14179	_ struct{} `type:"structure"`
14180
14181	// The unique identifier (ID) of the policy that you want to attach to the target.
14182	// You can get the ID for the policy by calling the ListPolicies operation.
14183	//
14184	// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
14185	// requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits,
14186	// or the underscore character (_).
14187	//
14188	// PolicyId is a required field
14189	PolicyId *string `type:"string" required:"true"`
14190
14191	// The unique identifier (ID) of the root, OU, or account that you want to attach
14192	// the policy to. You can get the ID by calling the ListRoots, ListOrganizationalUnitsForParent,
14193	// or ListAccounts operations.
14194	//
14195	// The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string
14196	// requires one of the following:
14197	//
14198	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
14199	//    letters or digits.
14200	//
14201	//    * Account - A string that consists of exactly 12 digits.
14202	//
14203	//    * Organizational unit (OU) - A string that begins with "ou-" followed
14204	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
14205	//    OU is in). This string is followed by a second "-" dash and from 8 to
14206	//    32 additional lowercase letters or digits.
14207	//
14208	// TargetId is a required field
14209	TargetId *string `type:"string" required:"true"`
14210}
14211
14212// String returns the string representation
14213func (s AttachPolicyInput) String() string {
14214	return awsutil.Prettify(s)
14215}
14216
14217// GoString returns the string representation
14218func (s AttachPolicyInput) GoString() string {
14219	return s.String()
14220}
14221
14222// Validate inspects the fields of the type to determine if they are valid.
14223func (s *AttachPolicyInput) Validate() error {
14224	invalidParams := request.ErrInvalidParams{Context: "AttachPolicyInput"}
14225	if s.PolicyId == nil {
14226		invalidParams.Add(request.NewErrParamRequired("PolicyId"))
14227	}
14228	if s.TargetId == nil {
14229		invalidParams.Add(request.NewErrParamRequired("TargetId"))
14230	}
14231
14232	if invalidParams.Len() > 0 {
14233		return invalidParams
14234	}
14235	return nil
14236}
14237
14238// SetPolicyId sets the PolicyId field's value.
14239func (s *AttachPolicyInput) SetPolicyId(v string) *AttachPolicyInput {
14240	s.PolicyId = &v
14241	return s
14242}
14243
14244// SetTargetId sets the TargetId field's value.
14245func (s *AttachPolicyInput) SetTargetId(v string) *AttachPolicyInput {
14246	s.TargetId = &v
14247	return s
14248}
14249
14250type AttachPolicyOutput struct {
14251	_ struct{} `type:"structure"`
14252}
14253
14254// String returns the string representation
14255func (s AttachPolicyOutput) String() string {
14256	return awsutil.Prettify(s)
14257}
14258
14259// GoString returns the string representation
14260func (s AttachPolicyOutput) GoString() string {
14261	return s.String()
14262}
14263
14264type CancelHandshakeInput struct {
14265	_ struct{} `type:"structure"`
14266
14267	// The unique identifier (ID) of the handshake that you want to cancel. You
14268	// can get the ID from the ListHandshakesForOrganization operation.
14269	//
14270	// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
14271	// requires "h-" followed by from 8 to 32 lowercase letters or digits.
14272	//
14273	// HandshakeId is a required field
14274	HandshakeId *string `type:"string" required:"true"`
14275}
14276
14277// String returns the string representation
14278func (s CancelHandshakeInput) String() string {
14279	return awsutil.Prettify(s)
14280}
14281
14282// GoString returns the string representation
14283func (s CancelHandshakeInput) GoString() string {
14284	return s.String()
14285}
14286
14287// Validate inspects the fields of the type to determine if they are valid.
14288func (s *CancelHandshakeInput) Validate() error {
14289	invalidParams := request.ErrInvalidParams{Context: "CancelHandshakeInput"}
14290	if s.HandshakeId == nil {
14291		invalidParams.Add(request.NewErrParamRequired("HandshakeId"))
14292	}
14293
14294	if invalidParams.Len() > 0 {
14295		return invalidParams
14296	}
14297	return nil
14298}
14299
14300// SetHandshakeId sets the HandshakeId field's value.
14301func (s *CancelHandshakeInput) SetHandshakeId(v string) *CancelHandshakeInput {
14302	s.HandshakeId = &v
14303	return s
14304}
14305
14306type CancelHandshakeOutput struct {
14307	_ struct{} `type:"structure"`
14308
14309	// A structure that contains details about the handshake that you canceled.
14310	Handshake *Handshake `type:"structure"`
14311}
14312
14313// String returns the string representation
14314func (s CancelHandshakeOutput) String() string {
14315	return awsutil.Prettify(s)
14316}
14317
14318// GoString returns the string representation
14319func (s CancelHandshakeOutput) GoString() string {
14320	return s.String()
14321}
14322
14323// SetHandshake sets the Handshake field's value.
14324func (s *CancelHandshakeOutput) SetHandshake(v *Handshake) *CancelHandshakeOutput {
14325	s.Handshake = v
14326	return s
14327}
14328
14329// Contains a list of child entities, either OUs or accounts.
14330type Child struct {
14331	_ struct{} `type:"structure"`
14332
14333	// The unique identifier (ID) of this child entity.
14334	//
14335	// The regex pattern (http://wikipedia.org/wiki/regex) for a child ID string
14336	// requires one of the following:
14337	//
14338	//    * Account: A string that consists of exactly 12 digits.
14339	//
14340	//    * Organizational unit (OU): A string that begins with "ou-" followed by
14341	//    from 4 to 32 lower-case letters or digits (the ID of the root that contains
14342	//    the OU). This string is followed by a second "-" dash and from 8 to 32
14343	//    additional lower-case letters or digits.
14344	Id *string `type:"string"`
14345
14346	// The type of this child entity.
14347	Type *string `type:"string" enum:"ChildType"`
14348}
14349
14350// String returns the string representation
14351func (s Child) String() string {
14352	return awsutil.Prettify(s)
14353}
14354
14355// GoString returns the string representation
14356func (s Child) GoString() string {
14357	return s.String()
14358}
14359
14360// SetId sets the Id field's value.
14361func (s *Child) SetId(v string) *Child {
14362	s.Id = &v
14363	return s
14364}
14365
14366// SetType sets the Type field's value.
14367func (s *Child) SetType(v string) *Child {
14368	s.Type = &v
14369	return s
14370}
14371
14372// We can't find an organizational unit (OU) or AWS account with the ChildId
14373// that you specified.
14374type ChildNotFoundException struct {
14375	_            struct{}                  `type:"structure"`
14376	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
14377
14378	Message_ *string `locationName:"Message" type:"string"`
14379}
14380
14381// String returns the string representation
14382func (s ChildNotFoundException) String() string {
14383	return awsutil.Prettify(s)
14384}
14385
14386// GoString returns the string representation
14387func (s ChildNotFoundException) GoString() string {
14388	return s.String()
14389}
14390
14391func newErrorChildNotFoundException(v protocol.ResponseMetadata) error {
14392	return &ChildNotFoundException{
14393		RespMetadata: v,
14394	}
14395}
14396
14397// Code returns the exception type name.
14398func (s *ChildNotFoundException) Code() string {
14399	return "ChildNotFoundException"
14400}
14401
14402// Message returns the exception's message.
14403func (s *ChildNotFoundException) Message() string {
14404	if s.Message_ != nil {
14405		return *s.Message_
14406	}
14407	return ""
14408}
14409
14410// OrigErr always returns nil, satisfies awserr.Error interface.
14411func (s *ChildNotFoundException) OrigErr() error {
14412	return nil
14413}
14414
14415func (s *ChildNotFoundException) Error() string {
14416	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
14417}
14418
14419// Status code returns the HTTP status code for the request's response error.
14420func (s *ChildNotFoundException) StatusCode() int {
14421	return s.RespMetadata.StatusCode
14422}
14423
14424// RequestID returns the service's response RequestID for request.
14425func (s *ChildNotFoundException) RequestID() string {
14426	return s.RespMetadata.RequestID
14427}
14428
14429// The target of the operation is currently being modified by a different request.
14430// Try again later.
14431type ConcurrentModificationException struct {
14432	_            struct{}                  `type:"structure"`
14433	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
14434
14435	Message_ *string `locationName:"Message" type:"string"`
14436}
14437
14438// String returns the string representation
14439func (s ConcurrentModificationException) String() string {
14440	return awsutil.Prettify(s)
14441}
14442
14443// GoString returns the string representation
14444func (s ConcurrentModificationException) GoString() string {
14445	return s.String()
14446}
14447
14448func newErrorConcurrentModificationException(v protocol.ResponseMetadata) error {
14449	return &ConcurrentModificationException{
14450		RespMetadata: v,
14451	}
14452}
14453
14454// Code returns the exception type name.
14455func (s *ConcurrentModificationException) Code() string {
14456	return "ConcurrentModificationException"
14457}
14458
14459// Message returns the exception's message.
14460func (s *ConcurrentModificationException) Message() string {
14461	if s.Message_ != nil {
14462		return *s.Message_
14463	}
14464	return ""
14465}
14466
14467// OrigErr always returns nil, satisfies awserr.Error interface.
14468func (s *ConcurrentModificationException) OrigErr() error {
14469	return nil
14470}
14471
14472func (s *ConcurrentModificationException) Error() string {
14473	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
14474}
14475
14476// Status code returns the HTTP status code for the request's response error.
14477func (s *ConcurrentModificationException) StatusCode() int {
14478	return s.RespMetadata.StatusCode
14479}
14480
14481// RequestID returns the service's response RequestID for request.
14482func (s *ConcurrentModificationException) RequestID() string {
14483	return s.RespMetadata.RequestID
14484}
14485
14486// Performing this operation violates a minimum or maximum value limit. For
14487// example, attempting to remove the last service control policy (SCP) from
14488// an OU or root, inviting or creating too many accounts to the organization,
14489// or attaching too many policies to an account, OU, or root. This exception
14490// includes a reason that contains additional information about the violated
14491// limit:
14492//
14493// Some of the reasons in the following list might not be applicable to this
14494// specific API or operation.
14495//
14496//    * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master
14497//    account from the organization. You can't remove the master account. Instead,
14498//    after you remove all member accounts, delete the organization itself.
14499//
14500//    * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
14501//    from the organization that doesn't yet have enough information to exist
14502//    as a standalone account. This account requires you to first agree to the
14503//    AWS Customer Agreement. Follow the steps at Removing a member account
14504//    from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
14505//    the AWS Organizations User Guide.
14506//
14507//    * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
14508//    an account from the organization that doesn't yet have enough information
14509//    to exist as a standalone account. This account requires you to first complete
14510//    phone verification. Follow the steps at Removing a member account from
14511//    your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
14512//    in the AWS Organizations User Guide.
14513//
14514//    * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
14515//    of accounts that you can create in one day.
14516//
14517//    * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
14518//    the number of accounts in an organization. If you need more accounts,
14519//    contact AWS Support (https://console.aws.amazon.com/support/home#/) to
14520//    request an increase in your limit. Or the number of invitations that you
14521//    tried to send would cause you to exceed the limit of accounts in your
14522//    organization. Send fewer invitations or contact AWS Support to request
14523//    an increase in the number of accounts. Deleted and closed accounts still
14524//    count toward your limit. If you get this exception when running a command
14525//    immediately after creating the organization, wait one hour and try again.
14526//    After an hour, if the command continues to fail with this error, contact
14527//    AWS Support (https://console.aws.amazon.com/support/home#/).
14528//
14529//    * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
14530//    register the master account of the organization as a delegated administrator
14531//    for an AWS service integrated with Organizations. You can designate only
14532//    a member account as a delegated administrator.
14533//
14534//    * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
14535//    an account that is registered as a delegated administrator for a service
14536//    integrated with your organization. To complete this operation, you must
14537//    first deregister this account as a delegated administrator.
14538//
14539//    * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
14540//    organization in the specified region, you must enable all features mode.
14541//
14542//    * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
14543//    an AWS account as a delegated administrator for an AWS service that already
14544//    has a delegated administrator. To complete this operation, you must first
14545//    deregister any existing delegated administrators for this service.
14546//
14547//    * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
14548//    valid for a limited period of time. You must resubmit the request and
14549//    generate a new verfication code.
14550//
14551//    * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
14552//    handshakes that you can send in one day.
14553//
14554//    * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
14555//    in this organization, you first must migrate the organization's master
14556//    account to the marketplace that corresponds to the master account's address.
14557//    For example, accounts with India addresses must be associated with the
14558//    AISPL marketplace. All accounts in an organization must be associated
14559//    with the same marketplace.
14560//
14561//    * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
14562//    in China. To create an organization, the master must have an valid business
14563//    license. For more information, contact customer support.
14564//
14565//    * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
14566//    must first provide a valid contact address and phone number for the master
14567//    account. Then try the operation again.
14568//
14569//    * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
14570//    master account must have an associated account in the AWS GovCloud (US-West)
14571//    Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
14572//    in the AWS GovCloud User Guide.
14573//
14574//    * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
14575//    with this master account, you first must associate a valid payment instrument,
14576//    such as a credit card, with the account. Follow the steps at To leave
14577//    an organization when all required account information has not yet been
14578//    provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
14579//    in the AWS Organizations User Guide.
14580//
14581//    * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
14582//    to register more delegated administrators than allowed for the service
14583//    principal.
14584//
14585//    * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
14586//    number of policies of a certain type that can be attached to an entity
14587//    at one time.
14588//
14589//    * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
14590//    on this resource.
14591//
14592//    * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
14593//    with this member account, you first must associate a valid payment instrument,
14594//    such as a credit card, with the account. Follow the steps at To leave
14595//    an organization when all required account information has not yet been
14596//    provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
14597//    in the AWS Organizations User Guide.
14598//
14599//    * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
14600//    policy from an entity that would cause the entity to have fewer than the
14601//    minimum number of policies of a certain type required.
14602//
14603//    * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
14604//    that requires the organization to be configured to support all features.
14605//    An organization that supports only consolidated billing features can't
14606//    perform this operation.
14607//
14608//    * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
14609//    too many levels deep.
14610//
14611//    * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
14612//    that you can have in an organization.
14613//
14614//    * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
14615//    is larger than the maximum size.
14616//
14617//    * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
14618//    policies that you can have in an organization.
14619//
14620//    * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
14621//    tags that are not compliant with the tag policy requirements for this
14622//    account.
14623type ConstraintViolationException struct {
14624	_            struct{}                  `type:"structure"`
14625	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
14626
14627	Message_ *string `locationName:"Message" type:"string"`
14628
14629	Reason *string `type:"string" enum:"ConstraintViolationExceptionReason"`
14630}
14631
14632// String returns the string representation
14633func (s ConstraintViolationException) String() string {
14634	return awsutil.Prettify(s)
14635}
14636
14637// GoString returns the string representation
14638func (s ConstraintViolationException) GoString() string {
14639	return s.String()
14640}
14641
14642func newErrorConstraintViolationException(v protocol.ResponseMetadata) error {
14643	return &ConstraintViolationException{
14644		RespMetadata: v,
14645	}
14646}
14647
14648// Code returns the exception type name.
14649func (s *ConstraintViolationException) Code() string {
14650	return "ConstraintViolationException"
14651}
14652
14653// Message returns the exception's message.
14654func (s *ConstraintViolationException) Message() string {
14655	if s.Message_ != nil {
14656		return *s.Message_
14657	}
14658	return ""
14659}
14660
14661// OrigErr always returns nil, satisfies awserr.Error interface.
14662func (s *ConstraintViolationException) OrigErr() error {
14663	return nil
14664}
14665
14666func (s *ConstraintViolationException) Error() string {
14667	return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
14668}
14669
14670// Status code returns the HTTP status code for the request's response error.
14671func (s *ConstraintViolationException) StatusCode() int {
14672	return s.RespMetadata.StatusCode
14673}
14674
14675// RequestID returns the service's response RequestID for request.
14676func (s *ConstraintViolationException) RequestID() string {
14677	return s.RespMetadata.RequestID
14678}
14679
14680type CreateAccountInput struct {
14681	_ struct{} `type:"structure"`
14682
14683	// The friendly name of the member account.
14684	//
14685	// AccountName is a required field
14686	AccountName *string `min:"1" type:"string" required:"true" sensitive:"true"`
14687
14688	// The email address of the owner to assign to the new member account. This
14689	// email address must not already be associated with another AWS account. You
14690	// must use a valid email address to complete account creation. You can't access
14691	// the root user of the account or remove an account that was created with an
14692	// invalid email address.
14693	//
14694	// Email is a required field
14695	Email *string `min:"6" type:"string" required:"true" sensitive:"true"`
14696
14697	// If set to ALLOW, the new account enables IAM users to access account billing
14698	// information if they have the required permissions. If set to DENY, only the
14699	// root user of the new account can access account billing information. For
14700	// more information, see Activating Access to the Billing and Cost Management
14701	// Console (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate)
14702	// in the AWS Billing and Cost Management User Guide.
14703	//
14704	// If you don't specify this parameter, the value defaults to ALLOW, and IAM
14705	// users and roles with the required permissions can access billing information
14706	// for the new account.
14707	IamUserAccessToBilling *string `type:"string" enum:"IAMUserAccessToBilling"`
14708
14709	// (Optional)
14710	//
14711	// The name of an IAM role that AWS Organizations automatically preconfigures
14712	// in the new member account. This role trusts the master account, allowing
14713	// users in the master account to assume the role, as permitted by the master
14714	// account administrator. The role has administrator permissions in the new
14715	// member account.
14716	//
14717	// If you don't specify this parameter, the role name defaults to OrganizationAccountAccessRole.
14718	//
14719	// For more information about how to use this role to access the member account,
14720	// see the following links:
14721	//
14722	//    * Accessing and Administering the Member Accounts in Your Organization
14723	//    (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role)
14724	//    in the AWS Organizations User Guide
14725	//
14726	//    * Steps 2 and 3 in Tutorial: Delegate Access Across AWS Accounts Using
14727	//    IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html)
14728	//    in the IAM User Guide
14729	//
14730	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
14731	// this parameter. The pattern can include uppercase letters, lowercase letters,
14732	// digits with no spaces, and any of the following characters: =,.@-
14733	RoleName *string `type:"string"`
14734}
14735
14736// String returns the string representation
14737func (s CreateAccountInput) String() string {
14738	return awsutil.Prettify(s)
14739}
14740
14741// GoString returns the string representation
14742func (s CreateAccountInput) GoString() string {
14743	return s.String()
14744}
14745
14746// Validate inspects the fields of the type to determine if they are valid.
14747func (s *CreateAccountInput) Validate() error {
14748	invalidParams := request.ErrInvalidParams{Context: "CreateAccountInput"}
14749	if s.AccountName == nil {
14750		invalidParams.Add(request.NewErrParamRequired("AccountName"))
14751	}
14752	if s.AccountName != nil && len(*s.AccountName) < 1 {
14753		invalidParams.Add(request.NewErrParamMinLen("AccountName", 1))
14754	}
14755	if s.Email == nil {
14756		invalidParams.Add(request.NewErrParamRequired("Email"))
14757	}
14758	if s.Email != nil && len(*s.Email) < 6 {
14759		invalidParams.Add(request.NewErrParamMinLen("Email", 6))
14760	}
14761
14762	if invalidParams.Len() > 0 {
14763		return invalidParams
14764	}
14765	return nil
14766}
14767
14768// SetAccountName sets the AccountName field's value.
14769func (s *CreateAccountInput) SetAccountName(v string) *CreateAccountInput {
14770	s.AccountName = &v
14771	return s
14772}
14773
14774// SetEmail sets the Email field's value.
14775func (s *CreateAccountInput) SetEmail(v string) *CreateAccountInput {
14776	s.Email = &v
14777	return s
14778}
14779
14780// SetIamUserAccessToBilling sets the IamUserAccessToBilling field's value.
14781func (s *CreateAccountInput) SetIamUserAccessToBilling(v string) *CreateAccountInput {
14782	s.IamUserAccessToBilling = &v
14783	return s
14784}
14785
14786// SetRoleName sets the RoleName field's value.
14787func (s *CreateAccountInput) SetRoleName(v string) *CreateAccountInput {
14788	s.RoleName = &v
14789	return s
14790}
14791
14792type CreateAccountOutput struct {
14793	_ struct{} `type:"structure"`
14794
14795	// A structure that contains details about the request to create an account.
14796	// This response structure might not be fully populated when you first receive
14797	// it because account creation is an asynchronous process. You can pass the
14798	// returned CreateAccountStatus ID as a parameter to DescribeCreateAccountStatus
14799	// to get status about the progress of the request at later times. You can also
14800	// check the AWS CloudTrail log for the CreateAccountResult event. For more
14801	// information, see Monitoring the Activity in Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_monitoring.html)
14802	// in the AWS Organizations User Guide.
14803	CreateAccountStatus *CreateAccountStatus `type:"structure"`
14804}
14805
14806// String returns the string representation
14807func (s CreateAccountOutput) String() string {
14808	return awsutil.Prettify(s)
14809}
14810
14811// GoString returns the string representation
14812func (s CreateAccountOutput) GoString() string {
14813	return s.String()
14814}
14815
14816// SetCreateAccountStatus sets the CreateAccountStatus field's value.
14817func (s *CreateAccountOutput) SetCreateAccountStatus(v *CreateAccountStatus) *CreateAccountOutput {
14818	s.CreateAccountStatus = v
14819	return s
14820}
14821
14822// Contains the status about a CreateAccount or CreateGovCloudAccount request
14823// to create an AWS account or an AWS GovCloud (US) account in an organization.
14824type CreateAccountStatus struct {
14825	_ struct{} `type:"structure"`
14826
14827	// If the account was created successfully, the unique identifier (ID) of the
14828	// new account.
14829	//
14830	// The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string
14831	// requires exactly 12 digits.
14832	AccountId *string `type:"string"`
14833
14834	// The account name given to the account when it was created.
14835	AccountName *string `min:"1" type:"string" sensitive:"true"`
14836
14837	// The date and time that the account was created and the request completed.
14838	CompletedTimestamp *time.Time `type:"timestamp"`
14839
14840	// If the request failed, a description of the reason for the failure.
14841	//
14842	//    * ACCOUNT_LIMIT_EXCEEDED: The account could not be created because you
14843	//    have reached the limit on the number of accounts in your organization.
14844	//
14845	//    * EMAIL_ALREADY_EXISTS: The account could not be created because another
14846	//    AWS account with that email address already exists.
14847	//
14848	//    * GOVCLOUD_ACCOUNT_ALREADY_EXISTS: The account in the AWS GovCloud (US)
14849	//    Region could not be created because this Region already includes an account
14850	//    with that email address.
14851	//
14852	//    * INVALID_ADDRESS: The account could not be created because the address
14853	//    you provided is not valid.
14854	//
14855	//    * INVALID_EMAIL: The account could not be created because the email address
14856	//    you provided is not valid.
14857	//
14858	//    * INTERNAL_FAILURE: The account could not be created because of an internal
14859	//    failure. Try again later. If the problem persists, contact Customer Support.
14860	FailureReason *string `type:"string" enum:"CreateAccountFailureReason"`
14861
14862	// If the account was created successfully, the unique identifier (ID) of the
14863	// new account in the AWS GovCloud (US) Region.
14864	GovCloudAccountId *string `type:"string"`
14865
14866	// The unique identifier (ID) that references this request. You get this value
14867	// from the response of the initial CreateAccount request to create the account.
14868	//
14869	// The regex pattern (http://wikipedia.org/wiki/regex) for a create account
14870	// request ID string requires "car-" followed by from 8 to 32 lower-case letters
14871	// or digits.
14872	Id *string `type:"string"`
14873
14874	// The date and time that the request was made for the account creation.
14875	RequestedTimestamp *time.Time `type:"timestamp"`
14876
14877	// The status of the request.
14878	State *string `type:"string" enum:"CreateAccountState"`
14879}
14880
14881// String returns the string representation
14882func (s CreateAccountStatus) String() string {
14883	return awsutil.Prettify(s)
14884}
14885
14886// GoString returns the string representation
14887func (s CreateAccountStatus) GoString() string {
14888	return s.String()
14889}
14890
14891// SetAccountId sets the AccountId field's value.
14892func (s *CreateAccountStatus) SetAccountId(v string) *CreateAccountStatus {
14893	s.AccountId = &v
14894	return s
14895}
14896
14897// SetAccountName sets the AccountName field's value.
14898func (s *CreateAccountStatus) SetAccountName(v string) *CreateAccountStatus {
14899	s.AccountName = &v
14900	return s
14901}
14902
14903// SetCompletedTimestamp sets the CompletedTimestamp field's value.
14904func (s *CreateAccountStatus) SetCompletedTimestamp(v time.Time) *CreateAccountStatus {
14905	s.CompletedTimestamp = &v
14906	return s
14907}
14908
14909// SetFailureReason sets the FailureReason field's value.
14910func (s *CreateAccountStatus) SetFailureReason(v string) *CreateAccountStatus {
14911	s.FailureReason = &v
14912	return s
14913}
14914
14915// SetGovCloudAccountId sets the GovCloudAccountId field's value.
14916func (s *CreateAccountStatus) SetGovCloudAccountId(v string) *CreateAccountStatus {
14917	s.GovCloudAccountId = &v
14918	return s
14919}
14920
14921// SetId sets the Id field's value.
14922func (s *CreateAccountStatus) SetId(v string) *CreateAccountStatus {
14923	s.Id = &v
14924	return s
14925}
14926
14927// SetRequestedTimestamp sets the RequestedTimestamp field's value.
14928func (s *CreateAccountStatus) SetRequestedTimestamp(v time.Time) *CreateAccountStatus {
14929	s.RequestedTimestamp = &v
14930	return s
14931}
14932
14933// SetState sets the State field's value.
14934func (s *CreateAccountStatus) SetState(v string) *CreateAccountStatus {
14935	s.State = &v
14936	return s
14937}
14938
14939// We can't find an create account request with the CreateAccountRequestId that
14940// you specified.
14941type CreateAccountStatusNotFoundException struct {
14942	_            struct{}                  `type:"structure"`
14943	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
14944
14945	Message_ *string `locationName:"Message" type:"string"`
14946}
14947
14948// String returns the string representation
14949func (s CreateAccountStatusNotFoundException) String() string {
14950	return awsutil.Prettify(s)
14951}
14952
14953// GoString returns the string representation
14954func (s CreateAccountStatusNotFoundException) GoString() string {
14955	return s.String()
14956}
14957
14958func newErrorCreateAccountStatusNotFoundException(v protocol.ResponseMetadata) error {
14959	return &CreateAccountStatusNotFoundException{
14960		RespMetadata: v,
14961	}
14962}
14963
14964// Code returns the exception type name.
14965func (s *CreateAccountStatusNotFoundException) Code() string {
14966	return "CreateAccountStatusNotFoundException"
14967}
14968
14969// Message returns the exception's message.
14970func (s *CreateAccountStatusNotFoundException) Message() string {
14971	if s.Message_ != nil {
14972		return *s.Message_
14973	}
14974	return ""
14975}
14976
14977// OrigErr always returns nil, satisfies awserr.Error interface.
14978func (s *CreateAccountStatusNotFoundException) OrigErr() error {
14979	return nil
14980}
14981
14982func (s *CreateAccountStatusNotFoundException) Error() string {
14983	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
14984}
14985
14986// Status code returns the HTTP status code for the request's response error.
14987func (s *CreateAccountStatusNotFoundException) StatusCode() int {
14988	return s.RespMetadata.StatusCode
14989}
14990
14991// RequestID returns the service's response RequestID for request.
14992func (s *CreateAccountStatusNotFoundException) RequestID() string {
14993	return s.RespMetadata.RequestID
14994}
14995
14996type CreateGovCloudAccountInput struct {
14997	_ struct{} `type:"structure"`
14998
14999	// The friendly name of the member account.
15000	//
15001	// AccountName is a required field
15002	AccountName *string `min:"1" type:"string" required:"true" sensitive:"true"`
15003
15004	// The email address of the owner to assign to the new member account in the
15005	// commercial Region. This email address must not already be associated with
15006	// another AWS account. You must use a valid email address to complete account
15007	// creation. You can't access the root user of the account or remove an account
15008	// that was created with an invalid email address. Like all request parameters
15009	// for CreateGovCloudAccount, the request for the email address for the AWS
15010	// GovCloud (US) account originates from the commercial Region, not from the
15011	// AWS GovCloud (US) Region.
15012	//
15013	// Email is a required field
15014	Email *string `min:"6" type:"string" required:"true" sensitive:"true"`
15015
15016	// If set to ALLOW, the new linked account in the commercial Region enables
15017	// IAM users to access account billing information if they have the required
15018	// permissions. If set to DENY, only the root user of the new account can access
15019	// account billing information. For more information, see Activating Access
15020	// to the Billing and Cost Management Console (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate)
15021	// in the AWS Billing and Cost Management User Guide.
15022	//
15023	// If you don't specify this parameter, the value defaults to ALLOW, and IAM
15024	// users and roles with the required permissions can access billing information
15025	// for the new account.
15026	IamUserAccessToBilling *string `type:"string" enum:"IAMUserAccessToBilling"`
15027
15028	// (Optional)
15029	//
15030	// The name of an IAM role that AWS Organizations automatically preconfigures
15031	// in the new member accounts in both the AWS GovCloud (US) Region and in the
15032	// commercial Region. This role trusts the master account, allowing users in
15033	// the master account to assume the role, as permitted by the master account
15034	// administrator. The role has administrator permissions in the new member account.
15035	//
15036	// If you don't specify this parameter, the role name defaults to OrganizationAccountAccessRole.
15037	//
15038	// For more information about how to use this role to access the member account,
15039	// see Accessing and Administering the Member Accounts in Your Organization
15040	// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role)
15041	// in the AWS Organizations User Guide and steps 2 and 3 in Tutorial: Delegate
15042	// Access Across AWS Accounts Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html)
15043	// in the IAM User Guide.
15044	//
15045	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
15046	// this parameter. The pattern can include uppercase letters, lowercase letters,
15047	// digits with no spaces, and any of the following characters: =,.@-
15048	RoleName *string `type:"string"`
15049}
15050
15051// String returns the string representation
15052func (s CreateGovCloudAccountInput) String() string {
15053	return awsutil.Prettify(s)
15054}
15055
15056// GoString returns the string representation
15057func (s CreateGovCloudAccountInput) GoString() string {
15058	return s.String()
15059}
15060
15061// Validate inspects the fields of the type to determine if they are valid.
15062func (s *CreateGovCloudAccountInput) Validate() error {
15063	invalidParams := request.ErrInvalidParams{Context: "CreateGovCloudAccountInput"}
15064	if s.AccountName == nil {
15065		invalidParams.Add(request.NewErrParamRequired("AccountName"))
15066	}
15067	if s.AccountName != nil && len(*s.AccountName) < 1 {
15068		invalidParams.Add(request.NewErrParamMinLen("AccountName", 1))
15069	}
15070	if s.Email == nil {
15071		invalidParams.Add(request.NewErrParamRequired("Email"))
15072	}
15073	if s.Email != nil && len(*s.Email) < 6 {
15074		invalidParams.Add(request.NewErrParamMinLen("Email", 6))
15075	}
15076
15077	if invalidParams.Len() > 0 {
15078		return invalidParams
15079	}
15080	return nil
15081}
15082
15083// SetAccountName sets the AccountName field's value.
15084func (s *CreateGovCloudAccountInput) SetAccountName(v string) *CreateGovCloudAccountInput {
15085	s.AccountName = &v
15086	return s
15087}
15088
15089// SetEmail sets the Email field's value.
15090func (s *CreateGovCloudAccountInput) SetEmail(v string) *CreateGovCloudAccountInput {
15091	s.Email = &v
15092	return s
15093}
15094
15095// SetIamUserAccessToBilling sets the IamUserAccessToBilling field's value.
15096func (s *CreateGovCloudAccountInput) SetIamUserAccessToBilling(v string) *CreateGovCloudAccountInput {
15097	s.IamUserAccessToBilling = &v
15098	return s
15099}
15100
15101// SetRoleName sets the RoleName field's value.
15102func (s *CreateGovCloudAccountInput) SetRoleName(v string) *CreateGovCloudAccountInput {
15103	s.RoleName = &v
15104	return s
15105}
15106
15107type CreateGovCloudAccountOutput struct {
15108	_ struct{} `type:"structure"`
15109
15110	// Contains the status about a CreateAccount or CreateGovCloudAccount request
15111	// to create an AWS account or an AWS GovCloud (US) account in an organization.
15112	CreateAccountStatus *CreateAccountStatus `type:"structure"`
15113}
15114
15115// String returns the string representation
15116func (s CreateGovCloudAccountOutput) String() string {
15117	return awsutil.Prettify(s)
15118}
15119
15120// GoString returns the string representation
15121func (s CreateGovCloudAccountOutput) GoString() string {
15122	return s.String()
15123}
15124
15125// SetCreateAccountStatus sets the CreateAccountStatus field's value.
15126func (s *CreateGovCloudAccountOutput) SetCreateAccountStatus(v *CreateAccountStatus) *CreateGovCloudAccountOutput {
15127	s.CreateAccountStatus = v
15128	return s
15129}
15130
15131type CreateOrganizationInput struct {
15132	_ struct{} `type:"structure"`
15133
15134	// Specifies the feature set supported by the new organization. Each feature
15135	// set supports different levels of functionality.
15136	//
15137	//    * CONSOLIDATED_BILLING: All member accounts have their bills consolidated
15138	//    to and paid by the master account. For more information, see Consolidated
15139	//    billing (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-cb-only)
15140	//    in the AWS Organizations User Guide. The consolidated billing feature
15141	//    subset isn't available for organizations in the AWS GovCloud (US) Region.
15142	//
15143	//    * ALL: In addition to all the features supported by the consolidated billing
15144	//    feature set, the master account can also apply any policy type to any
15145	//    member account in the organization. For more information, see All features
15146	//    (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-all)
15147	//    in the AWS Organizations User Guide.
15148	FeatureSet *string `type:"string" enum:"OrganizationFeatureSet"`
15149}
15150
15151// String returns the string representation
15152func (s CreateOrganizationInput) String() string {
15153	return awsutil.Prettify(s)
15154}
15155
15156// GoString returns the string representation
15157func (s CreateOrganizationInput) GoString() string {
15158	return s.String()
15159}
15160
15161// SetFeatureSet sets the FeatureSet field's value.
15162func (s *CreateOrganizationInput) SetFeatureSet(v string) *CreateOrganizationInput {
15163	s.FeatureSet = &v
15164	return s
15165}
15166
15167type CreateOrganizationOutput struct {
15168	_ struct{} `type:"structure"`
15169
15170	// A structure that contains details about the newly created organization.
15171	Organization *Organization `type:"structure"`
15172}
15173
15174// String returns the string representation
15175func (s CreateOrganizationOutput) String() string {
15176	return awsutil.Prettify(s)
15177}
15178
15179// GoString returns the string representation
15180func (s CreateOrganizationOutput) GoString() string {
15181	return s.String()
15182}
15183
15184// SetOrganization sets the Organization field's value.
15185func (s *CreateOrganizationOutput) SetOrganization(v *Organization) *CreateOrganizationOutput {
15186	s.Organization = v
15187	return s
15188}
15189
15190type CreateOrganizationalUnitInput struct {
15191	_ struct{} `type:"structure"`
15192
15193	// The friendly name to assign to the new OU.
15194	//
15195	// Name is a required field
15196	Name *string `min:"1" type:"string" required:"true"`
15197
15198	// The unique identifier (ID) of the parent root or OU that you want to create
15199	// the new OU in.
15200	//
15201	// The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string
15202	// requires one of the following:
15203	//
15204	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
15205	//    letters or digits.
15206	//
15207	//    * Organizational unit (OU) - A string that begins with "ou-" followed
15208	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
15209	//    OU is in). This string is followed by a second "-" dash and from 8 to
15210	//    32 additional lowercase letters or digits.
15211	//
15212	// ParentId is a required field
15213	ParentId *string `type:"string" required:"true"`
15214}
15215
15216// String returns the string representation
15217func (s CreateOrganizationalUnitInput) String() string {
15218	return awsutil.Prettify(s)
15219}
15220
15221// GoString returns the string representation
15222func (s CreateOrganizationalUnitInput) GoString() string {
15223	return s.String()
15224}
15225
15226// Validate inspects the fields of the type to determine if they are valid.
15227func (s *CreateOrganizationalUnitInput) Validate() error {
15228	invalidParams := request.ErrInvalidParams{Context: "CreateOrganizationalUnitInput"}
15229	if s.Name == nil {
15230		invalidParams.Add(request.NewErrParamRequired("Name"))
15231	}
15232	if s.Name != nil && len(*s.Name) < 1 {
15233		invalidParams.Add(request.NewErrParamMinLen("Name", 1))
15234	}
15235	if s.ParentId == nil {
15236		invalidParams.Add(request.NewErrParamRequired("ParentId"))
15237	}
15238
15239	if invalidParams.Len() > 0 {
15240		return invalidParams
15241	}
15242	return nil
15243}
15244
15245// SetName sets the Name field's value.
15246func (s *CreateOrganizationalUnitInput) SetName(v string) *CreateOrganizationalUnitInput {
15247	s.Name = &v
15248	return s
15249}
15250
15251// SetParentId sets the ParentId field's value.
15252func (s *CreateOrganizationalUnitInput) SetParentId(v string) *CreateOrganizationalUnitInput {
15253	s.ParentId = &v
15254	return s
15255}
15256
15257type CreateOrganizationalUnitOutput struct {
15258	_ struct{} `type:"structure"`
15259
15260	// A structure that contains details about the newly created OU.
15261	OrganizationalUnit *OrganizationalUnit `type:"structure"`
15262}
15263
15264// String returns the string representation
15265func (s CreateOrganizationalUnitOutput) String() string {
15266	return awsutil.Prettify(s)
15267}
15268
15269// GoString returns the string representation
15270func (s CreateOrganizationalUnitOutput) GoString() string {
15271	return s.String()
15272}
15273
15274// SetOrganizationalUnit sets the OrganizationalUnit field's value.
15275func (s *CreateOrganizationalUnitOutput) SetOrganizationalUnit(v *OrganizationalUnit) *CreateOrganizationalUnitOutput {
15276	s.OrganizationalUnit = v
15277	return s
15278}
15279
15280type CreatePolicyInput struct {
15281	_ struct{} `type:"structure"`
15282
15283	// The policy text content to add to the new policy. The text that you supply
15284	// must adhere to the rules of the policy type you specify in the Type parameter.
15285	//
15286	// Content is a required field
15287	Content *string `min:"1" type:"string" required:"true"`
15288
15289	// An optional description to assign to the policy.
15290	//
15291	// Description is a required field
15292	Description *string `type:"string" required:"true"`
15293
15294	// The friendly name to assign to the policy.
15295	//
15296	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
15297	// this parameter is a string of any of the characters in the ASCII character
15298	// range.
15299	//
15300	// Name is a required field
15301	Name *string `min:"1" type:"string" required:"true"`
15302
15303	// The type of policy to create. You can specify one of the following values:
15304	//
15305	//    * AISERVICES_OPT_OUT_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html)
15306	//
15307	//    * BACKUP_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html)
15308	//
15309	//    * SERVICE_CONTROL_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html)
15310	//
15311	//    * TAG_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html)
15312	//
15313	// Type is a required field
15314	Type *string `type:"string" required:"true" enum:"PolicyType"`
15315}
15316
15317// String returns the string representation
15318func (s CreatePolicyInput) String() string {
15319	return awsutil.Prettify(s)
15320}
15321
15322// GoString returns the string representation
15323func (s CreatePolicyInput) GoString() string {
15324	return s.String()
15325}
15326
15327// Validate inspects the fields of the type to determine if they are valid.
15328func (s *CreatePolicyInput) Validate() error {
15329	invalidParams := request.ErrInvalidParams{Context: "CreatePolicyInput"}
15330	if s.Content == nil {
15331		invalidParams.Add(request.NewErrParamRequired("Content"))
15332	}
15333	if s.Content != nil && len(*s.Content) < 1 {
15334		invalidParams.Add(request.NewErrParamMinLen("Content", 1))
15335	}
15336	if s.Description == nil {
15337		invalidParams.Add(request.NewErrParamRequired("Description"))
15338	}
15339	if s.Name == nil {
15340		invalidParams.Add(request.NewErrParamRequired("Name"))
15341	}
15342	if s.Name != nil && len(*s.Name) < 1 {
15343		invalidParams.Add(request.NewErrParamMinLen("Name", 1))
15344	}
15345	if s.Type == nil {
15346		invalidParams.Add(request.NewErrParamRequired("Type"))
15347	}
15348
15349	if invalidParams.Len() > 0 {
15350		return invalidParams
15351	}
15352	return nil
15353}
15354
15355// SetContent sets the Content field's value.
15356func (s *CreatePolicyInput) SetContent(v string) *CreatePolicyInput {
15357	s.Content = &v
15358	return s
15359}
15360
15361// SetDescription sets the Description field's value.
15362func (s *CreatePolicyInput) SetDescription(v string) *CreatePolicyInput {
15363	s.Description = &v
15364	return s
15365}
15366
15367// SetName sets the Name field's value.
15368func (s *CreatePolicyInput) SetName(v string) *CreatePolicyInput {
15369	s.Name = &v
15370	return s
15371}
15372
15373// SetType sets the Type field's value.
15374func (s *CreatePolicyInput) SetType(v string) *CreatePolicyInput {
15375	s.Type = &v
15376	return s
15377}
15378
15379type CreatePolicyOutput struct {
15380	_ struct{} `type:"structure"`
15381
15382	// A structure that contains details about the newly created policy.
15383	Policy *Policy `type:"structure"`
15384}
15385
15386// String returns the string representation
15387func (s CreatePolicyOutput) String() string {
15388	return awsutil.Prettify(s)
15389}
15390
15391// GoString returns the string representation
15392func (s CreatePolicyOutput) GoString() string {
15393	return s.String()
15394}
15395
15396// SetPolicy sets the Policy field's value.
15397func (s *CreatePolicyOutput) SetPolicy(v *Policy) *CreatePolicyOutput {
15398	s.Policy = v
15399	return s
15400}
15401
15402type DeclineHandshakeInput struct {
15403	_ struct{} `type:"structure"`
15404
15405	// The unique identifier (ID) of the handshake that you want to decline. You
15406	// can get the ID from the ListHandshakesForAccount operation.
15407	//
15408	// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
15409	// requires "h-" followed by from 8 to 32 lowercase letters or digits.
15410	//
15411	// HandshakeId is a required field
15412	HandshakeId *string `type:"string" required:"true"`
15413}
15414
15415// String returns the string representation
15416func (s DeclineHandshakeInput) String() string {
15417	return awsutil.Prettify(s)
15418}
15419
15420// GoString returns the string representation
15421func (s DeclineHandshakeInput) GoString() string {
15422	return s.String()
15423}
15424
15425// Validate inspects the fields of the type to determine if they are valid.
15426func (s *DeclineHandshakeInput) Validate() error {
15427	invalidParams := request.ErrInvalidParams{Context: "DeclineHandshakeInput"}
15428	if s.HandshakeId == nil {
15429		invalidParams.Add(request.NewErrParamRequired("HandshakeId"))
15430	}
15431
15432	if invalidParams.Len() > 0 {
15433		return invalidParams
15434	}
15435	return nil
15436}
15437
15438// SetHandshakeId sets the HandshakeId field's value.
15439func (s *DeclineHandshakeInput) SetHandshakeId(v string) *DeclineHandshakeInput {
15440	s.HandshakeId = &v
15441	return s
15442}
15443
15444type DeclineHandshakeOutput struct {
15445	_ struct{} `type:"structure"`
15446
15447	// A structure that contains details about the declined handshake. The state
15448	// is updated to show the value DECLINED.
15449	Handshake *Handshake `type:"structure"`
15450}
15451
15452// String returns the string representation
15453func (s DeclineHandshakeOutput) String() string {
15454	return awsutil.Prettify(s)
15455}
15456
15457// GoString returns the string representation
15458func (s DeclineHandshakeOutput) GoString() string {
15459	return s.String()
15460}
15461
15462// SetHandshake sets the Handshake field's value.
15463func (s *DeclineHandshakeOutput) SetHandshake(v *Handshake) *DeclineHandshakeOutput {
15464	s.Handshake = v
15465	return s
15466}
15467
15468// Contains information about the delegated administrator.
15469type DelegatedAdministrator struct {
15470	_ struct{} `type:"structure"`
15471
15472	// The Amazon Resource Name (ARN) of the delegated administrator's account.
15473	Arn *string `type:"string"`
15474
15475	// The date when the account was made a delegated administrator.
15476	DelegationEnabledDate *time.Time `type:"timestamp"`
15477
15478	// The email address that is associated with the delegated administrator's AWS
15479	// account.
15480	Email *string `min:"6" type:"string" sensitive:"true"`
15481
15482	// The unique identifier (ID) of the delegated administrator's account.
15483	Id *string `type:"string"`
15484
15485	// The method by which the delegated administrator's account joined the organization.
15486	JoinedMethod *string `type:"string" enum:"AccountJoinedMethod"`
15487
15488	// The date when the delegated administrator's account became a part of the
15489	// organization.
15490	JoinedTimestamp *time.Time `type:"timestamp"`
15491
15492	// The friendly name of the delegated administrator's account.
15493	Name *string `min:"1" type:"string" sensitive:"true"`
15494
15495	// The status of the delegated administrator's account in the organization.
15496	Status *string `type:"string" enum:"AccountStatus"`
15497}
15498
15499// String returns the string representation
15500func (s DelegatedAdministrator) String() string {
15501	return awsutil.Prettify(s)
15502}
15503
15504// GoString returns the string representation
15505func (s DelegatedAdministrator) GoString() string {
15506	return s.String()
15507}
15508
15509// SetArn sets the Arn field's value.
15510func (s *DelegatedAdministrator) SetArn(v string) *DelegatedAdministrator {
15511	s.Arn = &v
15512	return s
15513}
15514
15515// SetDelegationEnabledDate sets the DelegationEnabledDate field's value.
15516func (s *DelegatedAdministrator) SetDelegationEnabledDate(v time.Time) *DelegatedAdministrator {
15517	s.DelegationEnabledDate = &v
15518	return s
15519}
15520
15521// SetEmail sets the Email field's value.
15522func (s *DelegatedAdministrator) SetEmail(v string) *DelegatedAdministrator {
15523	s.Email = &v
15524	return s
15525}
15526
15527// SetId sets the Id field's value.
15528func (s *DelegatedAdministrator) SetId(v string) *DelegatedAdministrator {
15529	s.Id = &v
15530	return s
15531}
15532
15533// SetJoinedMethod sets the JoinedMethod field's value.
15534func (s *DelegatedAdministrator) SetJoinedMethod(v string) *DelegatedAdministrator {
15535	s.JoinedMethod = &v
15536	return s
15537}
15538
15539// SetJoinedTimestamp sets the JoinedTimestamp field's value.
15540func (s *DelegatedAdministrator) SetJoinedTimestamp(v time.Time) *DelegatedAdministrator {
15541	s.JoinedTimestamp = &v
15542	return s
15543}
15544
15545// SetName sets the Name field's value.
15546func (s *DelegatedAdministrator) SetName(v string) *DelegatedAdministrator {
15547	s.Name = &v
15548	return s
15549}
15550
15551// SetStatus sets the Status field's value.
15552func (s *DelegatedAdministrator) SetStatus(v string) *DelegatedAdministrator {
15553	s.Status = &v
15554	return s
15555}
15556
15557// Contains information about the AWS service for which the account is a delegated
15558// administrator.
15559type DelegatedService struct {
15560	_ struct{} `type:"structure"`
15561
15562	// The date that the account became a delegated administrator for this service.
15563	DelegationEnabledDate *time.Time `type:"timestamp"`
15564
15565	// The name of a service that can request an operation for the specified service.
15566	// This is typically in the form of a URL, such as: servicename.amazonaws.com.
15567	ServicePrincipal *string `min:"1" type:"string"`
15568}
15569
15570// String returns the string representation
15571func (s DelegatedService) String() string {
15572	return awsutil.Prettify(s)
15573}
15574
15575// GoString returns the string representation
15576func (s DelegatedService) GoString() string {
15577	return s.String()
15578}
15579
15580// SetDelegationEnabledDate sets the DelegationEnabledDate field's value.
15581func (s *DelegatedService) SetDelegationEnabledDate(v time.Time) *DelegatedService {
15582	s.DelegationEnabledDate = &v
15583	return s
15584}
15585
15586// SetServicePrincipal sets the ServicePrincipal field's value.
15587func (s *DelegatedService) SetServicePrincipal(v string) *DelegatedService {
15588	s.ServicePrincipal = &v
15589	return s
15590}
15591
15592type DeleteOrganizationInput struct {
15593	_ struct{} `type:"structure"`
15594}
15595
15596// String returns the string representation
15597func (s DeleteOrganizationInput) String() string {
15598	return awsutil.Prettify(s)
15599}
15600
15601// GoString returns the string representation
15602func (s DeleteOrganizationInput) GoString() string {
15603	return s.String()
15604}
15605
15606type DeleteOrganizationOutput struct {
15607	_ struct{} `type:"structure"`
15608}
15609
15610// String returns the string representation
15611func (s DeleteOrganizationOutput) String() string {
15612	return awsutil.Prettify(s)
15613}
15614
15615// GoString returns the string representation
15616func (s DeleteOrganizationOutput) GoString() string {
15617	return s.String()
15618}
15619
15620type DeleteOrganizationalUnitInput struct {
15621	_ struct{} `type:"structure"`
15622
15623	// The unique identifier (ID) of the organizational unit that you want to delete.
15624	// You can get the ID from the ListOrganizationalUnitsForParent operation.
15625	//
15626	// The regex pattern (http://wikipedia.org/wiki/regex) for an organizational
15627	// unit ID string requires "ou-" followed by from 4 to 32 lowercase letters
15628	// or digits (the ID of the root that contains the OU). This string is followed
15629	// by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
15630	//
15631	// OrganizationalUnitId is a required field
15632	OrganizationalUnitId *string `type:"string" required:"true"`
15633}
15634
15635// String returns the string representation
15636func (s DeleteOrganizationalUnitInput) String() string {
15637	return awsutil.Prettify(s)
15638}
15639
15640// GoString returns the string representation
15641func (s DeleteOrganizationalUnitInput) GoString() string {
15642	return s.String()
15643}
15644
15645// Validate inspects the fields of the type to determine if they are valid.
15646func (s *DeleteOrganizationalUnitInput) Validate() error {
15647	invalidParams := request.ErrInvalidParams{Context: "DeleteOrganizationalUnitInput"}
15648	if s.OrganizationalUnitId == nil {
15649		invalidParams.Add(request.NewErrParamRequired("OrganizationalUnitId"))
15650	}
15651
15652	if invalidParams.Len() > 0 {
15653		return invalidParams
15654	}
15655	return nil
15656}
15657
15658// SetOrganizationalUnitId sets the OrganizationalUnitId field's value.
15659func (s *DeleteOrganizationalUnitInput) SetOrganizationalUnitId(v string) *DeleteOrganizationalUnitInput {
15660	s.OrganizationalUnitId = &v
15661	return s
15662}
15663
15664type DeleteOrganizationalUnitOutput struct {
15665	_ struct{} `type:"structure"`
15666}
15667
15668// String returns the string representation
15669func (s DeleteOrganizationalUnitOutput) String() string {
15670	return awsutil.Prettify(s)
15671}
15672
15673// GoString returns the string representation
15674func (s DeleteOrganizationalUnitOutput) GoString() string {
15675	return s.String()
15676}
15677
15678type DeletePolicyInput struct {
15679	_ struct{} `type:"structure"`
15680
15681	// The unique identifier (ID) of the policy that you want to delete. You can
15682	// get the ID from the ListPolicies or ListPoliciesForTarget operations.
15683	//
15684	// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
15685	// requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits,
15686	// or the underscore character (_).
15687	//
15688	// PolicyId is a required field
15689	PolicyId *string `type:"string" required:"true"`
15690}
15691
15692// String returns the string representation
15693func (s DeletePolicyInput) String() string {
15694	return awsutil.Prettify(s)
15695}
15696
15697// GoString returns the string representation
15698func (s DeletePolicyInput) GoString() string {
15699	return s.String()
15700}
15701
15702// Validate inspects the fields of the type to determine if they are valid.
15703func (s *DeletePolicyInput) Validate() error {
15704	invalidParams := request.ErrInvalidParams{Context: "DeletePolicyInput"}
15705	if s.PolicyId == nil {
15706		invalidParams.Add(request.NewErrParamRequired("PolicyId"))
15707	}
15708
15709	if invalidParams.Len() > 0 {
15710		return invalidParams
15711	}
15712	return nil
15713}
15714
15715// SetPolicyId sets the PolicyId field's value.
15716func (s *DeletePolicyInput) SetPolicyId(v string) *DeletePolicyInput {
15717	s.PolicyId = &v
15718	return s
15719}
15720
15721type DeletePolicyOutput struct {
15722	_ struct{} `type:"structure"`
15723}
15724
15725// String returns the string representation
15726func (s DeletePolicyOutput) String() string {
15727	return awsutil.Prettify(s)
15728}
15729
15730// GoString returns the string representation
15731func (s DeletePolicyOutput) GoString() string {
15732	return s.String()
15733}
15734
15735type DeregisterDelegatedAdministratorInput struct {
15736	_ struct{} `type:"structure"`
15737
15738	// The account ID number of the member account in the organization that you
15739	// want to deregister as a delegated administrator.
15740	//
15741	// AccountId is a required field
15742	AccountId *string `type:"string" required:"true"`
15743
15744	// The service principal name of an AWS service for which the account is a delegated
15745	// administrator.
15746	//
15747	// Delegated administrator privileges are revoked for only the specified AWS
15748	// service from the member account. If the specified service is the only service
15749	// for which the member account is a delegated administrator, the operation
15750	// also revokes Organizations read action permissions.
15751	//
15752	// ServicePrincipal is a required field
15753	ServicePrincipal *string `min:"1" type:"string" required:"true"`
15754}
15755
15756// String returns the string representation
15757func (s DeregisterDelegatedAdministratorInput) String() string {
15758	return awsutil.Prettify(s)
15759}
15760
15761// GoString returns the string representation
15762func (s DeregisterDelegatedAdministratorInput) GoString() string {
15763	return s.String()
15764}
15765
15766// Validate inspects the fields of the type to determine if they are valid.
15767func (s *DeregisterDelegatedAdministratorInput) Validate() error {
15768	invalidParams := request.ErrInvalidParams{Context: "DeregisterDelegatedAdministratorInput"}
15769	if s.AccountId == nil {
15770		invalidParams.Add(request.NewErrParamRequired("AccountId"))
15771	}
15772	if s.ServicePrincipal == nil {
15773		invalidParams.Add(request.NewErrParamRequired("ServicePrincipal"))
15774	}
15775	if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 {
15776		invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1))
15777	}
15778
15779	if invalidParams.Len() > 0 {
15780		return invalidParams
15781	}
15782	return nil
15783}
15784
15785// SetAccountId sets the AccountId field's value.
15786func (s *DeregisterDelegatedAdministratorInput) SetAccountId(v string) *DeregisterDelegatedAdministratorInput {
15787	s.AccountId = &v
15788	return s
15789}
15790
15791// SetServicePrincipal sets the ServicePrincipal field's value.
15792func (s *DeregisterDelegatedAdministratorInput) SetServicePrincipal(v string) *DeregisterDelegatedAdministratorInput {
15793	s.ServicePrincipal = &v
15794	return s
15795}
15796
15797type DeregisterDelegatedAdministratorOutput struct {
15798	_ struct{} `type:"structure"`
15799}
15800
15801// String returns the string representation
15802func (s DeregisterDelegatedAdministratorOutput) String() string {
15803	return awsutil.Prettify(s)
15804}
15805
15806// GoString returns the string representation
15807func (s DeregisterDelegatedAdministratorOutput) GoString() string {
15808	return s.String()
15809}
15810
15811type DescribeAccountInput struct {
15812	_ struct{} `type:"structure"`
15813
15814	// The unique identifier (ID) of the AWS account that you want information about.
15815	// You can get the ID from the ListAccounts or ListAccountsForParent operations.
15816	//
15817	// The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string
15818	// requires exactly 12 digits.
15819	//
15820	// AccountId is a required field
15821	AccountId *string `type:"string" required:"true"`
15822}
15823
15824// String returns the string representation
15825func (s DescribeAccountInput) String() string {
15826	return awsutil.Prettify(s)
15827}
15828
15829// GoString returns the string representation
15830func (s DescribeAccountInput) GoString() string {
15831	return s.String()
15832}
15833
15834// Validate inspects the fields of the type to determine if they are valid.
15835func (s *DescribeAccountInput) Validate() error {
15836	invalidParams := request.ErrInvalidParams{Context: "DescribeAccountInput"}
15837	if s.AccountId == nil {
15838		invalidParams.Add(request.NewErrParamRequired("AccountId"))
15839	}
15840
15841	if invalidParams.Len() > 0 {
15842		return invalidParams
15843	}
15844	return nil
15845}
15846
15847// SetAccountId sets the AccountId field's value.
15848func (s *DescribeAccountInput) SetAccountId(v string) *DescribeAccountInput {
15849	s.AccountId = &v
15850	return s
15851}
15852
15853type DescribeAccountOutput struct {
15854	_ struct{} `type:"structure"`
15855
15856	// A structure that contains information about the requested account.
15857	Account *Account `type:"structure"`
15858}
15859
15860// String returns the string representation
15861func (s DescribeAccountOutput) String() string {
15862	return awsutil.Prettify(s)
15863}
15864
15865// GoString returns the string representation
15866func (s DescribeAccountOutput) GoString() string {
15867	return s.String()
15868}
15869
15870// SetAccount sets the Account field's value.
15871func (s *DescribeAccountOutput) SetAccount(v *Account) *DescribeAccountOutput {
15872	s.Account = v
15873	return s
15874}
15875
15876type DescribeCreateAccountStatusInput struct {
15877	_ struct{} `type:"structure"`
15878
15879	// Specifies the operationId that uniquely identifies the request. You can get
15880	// the ID from the response to an earlier CreateAccount request, or from the
15881	// ListCreateAccountStatus operation.
15882	//
15883	// The regex pattern (http://wikipedia.org/wiki/regex) for a create account
15884	// request ID string requires "car-" followed by from 8 to 32 lowercase letters
15885	// or digits.
15886	//
15887	// CreateAccountRequestId is a required field
15888	CreateAccountRequestId *string `type:"string" required:"true"`
15889}
15890
15891// String returns the string representation
15892func (s DescribeCreateAccountStatusInput) String() string {
15893	return awsutil.Prettify(s)
15894}
15895
15896// GoString returns the string representation
15897func (s DescribeCreateAccountStatusInput) GoString() string {
15898	return s.String()
15899}
15900
15901// Validate inspects the fields of the type to determine if they are valid.
15902func (s *DescribeCreateAccountStatusInput) Validate() error {
15903	invalidParams := request.ErrInvalidParams{Context: "DescribeCreateAccountStatusInput"}
15904	if s.CreateAccountRequestId == nil {
15905		invalidParams.Add(request.NewErrParamRequired("CreateAccountRequestId"))
15906	}
15907
15908	if invalidParams.Len() > 0 {
15909		return invalidParams
15910	}
15911	return nil
15912}
15913
15914// SetCreateAccountRequestId sets the CreateAccountRequestId field's value.
15915func (s *DescribeCreateAccountStatusInput) SetCreateAccountRequestId(v string) *DescribeCreateAccountStatusInput {
15916	s.CreateAccountRequestId = &v
15917	return s
15918}
15919
15920type DescribeCreateAccountStatusOutput struct {
15921	_ struct{} `type:"structure"`
15922
15923	// A structure that contains the current status of an account creation request.
15924	CreateAccountStatus *CreateAccountStatus `type:"structure"`
15925}
15926
15927// String returns the string representation
15928func (s DescribeCreateAccountStatusOutput) String() string {
15929	return awsutil.Prettify(s)
15930}
15931
15932// GoString returns the string representation
15933func (s DescribeCreateAccountStatusOutput) GoString() string {
15934	return s.String()
15935}
15936
15937// SetCreateAccountStatus sets the CreateAccountStatus field's value.
15938func (s *DescribeCreateAccountStatusOutput) SetCreateAccountStatus(v *CreateAccountStatus) *DescribeCreateAccountStatusOutput {
15939	s.CreateAccountStatus = v
15940	return s
15941}
15942
15943type DescribeEffectivePolicyInput struct {
15944	_ struct{} `type:"structure"`
15945
15946	// The type of policy that you want information about. You can specify one of
15947	// the following values:
15948	//
15949	//    * AISERVICES_OPT_OUT_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html)
15950	//
15951	//    * BACKUP_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html)
15952	//
15953	//    * TAG_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html)
15954	//
15955	// PolicyType is a required field
15956	PolicyType *string `type:"string" required:"true" enum:"EffectivePolicyType"`
15957
15958	// When you're signed in as the master account, specify the ID of the account
15959	// that you want details about. Specifying an organization root or organizational
15960	// unit (OU) as the target is not supported.
15961	TargetId *string `type:"string"`
15962}
15963
15964// String returns the string representation
15965func (s DescribeEffectivePolicyInput) String() string {
15966	return awsutil.Prettify(s)
15967}
15968
15969// GoString returns the string representation
15970func (s DescribeEffectivePolicyInput) GoString() string {
15971	return s.String()
15972}
15973
15974// Validate inspects the fields of the type to determine if they are valid.
15975func (s *DescribeEffectivePolicyInput) Validate() error {
15976	invalidParams := request.ErrInvalidParams{Context: "DescribeEffectivePolicyInput"}
15977	if s.PolicyType == nil {
15978		invalidParams.Add(request.NewErrParamRequired("PolicyType"))
15979	}
15980
15981	if invalidParams.Len() > 0 {
15982		return invalidParams
15983	}
15984	return nil
15985}
15986
15987// SetPolicyType sets the PolicyType field's value.
15988func (s *DescribeEffectivePolicyInput) SetPolicyType(v string) *DescribeEffectivePolicyInput {
15989	s.PolicyType = &v
15990	return s
15991}
15992
15993// SetTargetId sets the TargetId field's value.
15994func (s *DescribeEffectivePolicyInput) SetTargetId(v string) *DescribeEffectivePolicyInput {
15995	s.TargetId = &v
15996	return s
15997}
15998
15999type DescribeEffectivePolicyOutput struct {
16000	_ struct{} `type:"structure"`
16001
16002	// The contents of the effective policy.
16003	EffectivePolicy *EffectivePolicy `type:"structure"`
16004}
16005
16006// String returns the string representation
16007func (s DescribeEffectivePolicyOutput) String() string {
16008	return awsutil.Prettify(s)
16009}
16010
16011// GoString returns the string representation
16012func (s DescribeEffectivePolicyOutput) GoString() string {
16013	return s.String()
16014}
16015
16016// SetEffectivePolicy sets the EffectivePolicy field's value.
16017func (s *DescribeEffectivePolicyOutput) SetEffectivePolicy(v *EffectivePolicy) *DescribeEffectivePolicyOutput {
16018	s.EffectivePolicy = v
16019	return s
16020}
16021
16022type DescribeHandshakeInput struct {
16023	_ struct{} `type:"structure"`
16024
16025	// The unique identifier (ID) of the handshake that you want information about.
16026	// You can get the ID from the original call to InviteAccountToOrganization,
16027	// or from a call to ListHandshakesForAccount or ListHandshakesForOrganization.
16028	//
16029	// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
16030	// requires "h-" followed by from 8 to 32 lowercase letters or digits.
16031	//
16032	// HandshakeId is a required field
16033	HandshakeId *string `type:"string" required:"true"`
16034}
16035
16036// String returns the string representation
16037func (s DescribeHandshakeInput) String() string {
16038	return awsutil.Prettify(s)
16039}
16040
16041// GoString returns the string representation
16042func (s DescribeHandshakeInput) GoString() string {
16043	return s.String()
16044}
16045
16046// Validate inspects the fields of the type to determine if they are valid.
16047func (s *DescribeHandshakeInput) Validate() error {
16048	invalidParams := request.ErrInvalidParams{Context: "DescribeHandshakeInput"}
16049	if s.HandshakeId == nil {
16050		invalidParams.Add(request.NewErrParamRequired("HandshakeId"))
16051	}
16052
16053	if invalidParams.Len() > 0 {
16054		return invalidParams
16055	}
16056	return nil
16057}
16058
16059// SetHandshakeId sets the HandshakeId field's value.
16060func (s *DescribeHandshakeInput) SetHandshakeId(v string) *DescribeHandshakeInput {
16061	s.HandshakeId = &v
16062	return s
16063}
16064
16065type DescribeHandshakeOutput struct {
16066	_ struct{} `type:"structure"`
16067
16068	// A structure that contains information about the specified handshake.
16069	Handshake *Handshake `type:"structure"`
16070}
16071
16072// String returns the string representation
16073func (s DescribeHandshakeOutput) String() string {
16074	return awsutil.Prettify(s)
16075}
16076
16077// GoString returns the string representation
16078func (s DescribeHandshakeOutput) GoString() string {
16079	return s.String()
16080}
16081
16082// SetHandshake sets the Handshake field's value.
16083func (s *DescribeHandshakeOutput) SetHandshake(v *Handshake) *DescribeHandshakeOutput {
16084	s.Handshake = v
16085	return s
16086}
16087
16088type DescribeOrganizationInput struct {
16089	_ struct{} `type:"structure"`
16090}
16091
16092// String returns the string representation
16093func (s DescribeOrganizationInput) String() string {
16094	return awsutil.Prettify(s)
16095}
16096
16097// GoString returns the string representation
16098func (s DescribeOrganizationInput) GoString() string {
16099	return s.String()
16100}
16101
16102type DescribeOrganizationOutput struct {
16103	_ struct{} `type:"structure"`
16104
16105	// A structure that contains information about the organization.
16106	//
16107	// The AvailablePolicyTypes part of the response is deprecated, and you shouldn't
16108	// use it in your apps. It doesn't include any policy type supported by Organizations
16109	// other than SCPs. To determine which policy types are enabled in your organization,
16110	// use the ListRoots operation.
16111	Organization *Organization `type:"structure"`
16112}
16113
16114// String returns the string representation
16115func (s DescribeOrganizationOutput) String() string {
16116	return awsutil.Prettify(s)
16117}
16118
16119// GoString returns the string representation
16120func (s DescribeOrganizationOutput) GoString() string {
16121	return s.String()
16122}
16123
16124// SetOrganization sets the Organization field's value.
16125func (s *DescribeOrganizationOutput) SetOrganization(v *Organization) *DescribeOrganizationOutput {
16126	s.Organization = v
16127	return s
16128}
16129
16130type DescribeOrganizationalUnitInput struct {
16131	_ struct{} `type:"structure"`
16132
16133	// The unique identifier (ID) of the organizational unit that you want details
16134	// about. You can get the ID from the ListOrganizationalUnitsForParent operation.
16135	//
16136	// The regex pattern (http://wikipedia.org/wiki/regex) for an organizational
16137	// unit ID string requires "ou-" followed by from 4 to 32 lowercase letters
16138	// or digits (the ID of the root that contains the OU). This string is followed
16139	// by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
16140	//
16141	// OrganizationalUnitId is a required field
16142	OrganizationalUnitId *string `type:"string" required:"true"`
16143}
16144
16145// String returns the string representation
16146func (s DescribeOrganizationalUnitInput) String() string {
16147	return awsutil.Prettify(s)
16148}
16149
16150// GoString returns the string representation
16151func (s DescribeOrganizationalUnitInput) GoString() string {
16152	return s.String()
16153}
16154
16155// Validate inspects the fields of the type to determine if they are valid.
16156func (s *DescribeOrganizationalUnitInput) Validate() error {
16157	invalidParams := request.ErrInvalidParams{Context: "DescribeOrganizationalUnitInput"}
16158	if s.OrganizationalUnitId == nil {
16159		invalidParams.Add(request.NewErrParamRequired("OrganizationalUnitId"))
16160	}
16161
16162	if invalidParams.Len() > 0 {
16163		return invalidParams
16164	}
16165	return nil
16166}
16167
16168// SetOrganizationalUnitId sets the OrganizationalUnitId field's value.
16169func (s *DescribeOrganizationalUnitInput) SetOrganizationalUnitId(v string) *DescribeOrganizationalUnitInput {
16170	s.OrganizationalUnitId = &v
16171	return s
16172}
16173
16174type DescribeOrganizationalUnitOutput struct {
16175	_ struct{} `type:"structure"`
16176
16177	// A structure that contains details about the specified OU.
16178	OrganizationalUnit *OrganizationalUnit `type:"structure"`
16179}
16180
16181// String returns the string representation
16182func (s DescribeOrganizationalUnitOutput) String() string {
16183	return awsutil.Prettify(s)
16184}
16185
16186// GoString returns the string representation
16187func (s DescribeOrganizationalUnitOutput) GoString() string {
16188	return s.String()
16189}
16190
16191// SetOrganizationalUnit sets the OrganizationalUnit field's value.
16192func (s *DescribeOrganizationalUnitOutput) SetOrganizationalUnit(v *OrganizationalUnit) *DescribeOrganizationalUnitOutput {
16193	s.OrganizationalUnit = v
16194	return s
16195}
16196
16197type DescribePolicyInput struct {
16198	_ struct{} `type:"structure"`
16199
16200	// The unique identifier (ID) of the policy that you want details about. You
16201	// can get the ID from the ListPolicies or ListPoliciesForTarget operations.
16202	//
16203	// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
16204	// requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits,
16205	// or the underscore character (_).
16206	//
16207	// PolicyId is a required field
16208	PolicyId *string `type:"string" required:"true"`
16209}
16210
16211// String returns the string representation
16212func (s DescribePolicyInput) String() string {
16213	return awsutil.Prettify(s)
16214}
16215
16216// GoString returns the string representation
16217func (s DescribePolicyInput) GoString() string {
16218	return s.String()
16219}
16220
16221// Validate inspects the fields of the type to determine if they are valid.
16222func (s *DescribePolicyInput) Validate() error {
16223	invalidParams := request.ErrInvalidParams{Context: "DescribePolicyInput"}
16224	if s.PolicyId == nil {
16225		invalidParams.Add(request.NewErrParamRequired("PolicyId"))
16226	}
16227
16228	if invalidParams.Len() > 0 {
16229		return invalidParams
16230	}
16231	return nil
16232}
16233
16234// SetPolicyId sets the PolicyId field's value.
16235func (s *DescribePolicyInput) SetPolicyId(v string) *DescribePolicyInput {
16236	s.PolicyId = &v
16237	return s
16238}
16239
16240type DescribePolicyOutput struct {
16241	_ struct{} `type:"structure"`
16242
16243	// A structure that contains details about the specified policy.
16244	Policy *Policy `type:"structure"`
16245}
16246
16247// String returns the string representation
16248func (s DescribePolicyOutput) String() string {
16249	return awsutil.Prettify(s)
16250}
16251
16252// GoString returns the string representation
16253func (s DescribePolicyOutput) GoString() string {
16254	return s.String()
16255}
16256
16257// SetPolicy sets the Policy field's value.
16258func (s *DescribePolicyOutput) SetPolicy(v *Policy) *DescribePolicyOutput {
16259	s.Policy = v
16260	return s
16261}
16262
16263// We can't find the destination container (a root or OU) with the ParentId
16264// that you specified.
16265type DestinationParentNotFoundException struct {
16266	_            struct{}                  `type:"structure"`
16267	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
16268
16269	Message_ *string `locationName:"Message" type:"string"`
16270}
16271
16272// String returns the string representation
16273func (s DestinationParentNotFoundException) String() string {
16274	return awsutil.Prettify(s)
16275}
16276
16277// GoString returns the string representation
16278func (s DestinationParentNotFoundException) GoString() string {
16279	return s.String()
16280}
16281
16282func newErrorDestinationParentNotFoundException(v protocol.ResponseMetadata) error {
16283	return &DestinationParentNotFoundException{
16284		RespMetadata: v,
16285	}
16286}
16287
16288// Code returns the exception type name.
16289func (s *DestinationParentNotFoundException) Code() string {
16290	return "DestinationParentNotFoundException"
16291}
16292
16293// Message returns the exception's message.
16294func (s *DestinationParentNotFoundException) Message() string {
16295	if s.Message_ != nil {
16296		return *s.Message_
16297	}
16298	return ""
16299}
16300
16301// OrigErr always returns nil, satisfies awserr.Error interface.
16302func (s *DestinationParentNotFoundException) OrigErr() error {
16303	return nil
16304}
16305
16306func (s *DestinationParentNotFoundException) Error() string {
16307	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
16308}
16309
16310// Status code returns the HTTP status code for the request's response error.
16311func (s *DestinationParentNotFoundException) StatusCode() int {
16312	return s.RespMetadata.StatusCode
16313}
16314
16315// RequestID returns the service's response RequestID for request.
16316func (s *DestinationParentNotFoundException) RequestID() string {
16317	return s.RespMetadata.RequestID
16318}
16319
16320type DetachPolicyInput struct {
16321	_ struct{} `type:"structure"`
16322
16323	// The unique identifier (ID) of the policy you want to detach. You can get
16324	// the ID from the ListPolicies or ListPoliciesForTarget operations.
16325	//
16326	// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
16327	// requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits,
16328	// or the underscore character (_).
16329	//
16330	// PolicyId is a required field
16331	PolicyId *string `type:"string" required:"true"`
16332
16333	// The unique identifier (ID) of the root, OU, or account that you want to detach
16334	// the policy from. You can get the ID from the ListRoots, ListOrganizationalUnitsForParent,
16335	// or ListAccounts operations.
16336	//
16337	// The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string
16338	// requires one of the following:
16339	//
16340	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
16341	//    letters or digits.
16342	//
16343	//    * Account - A string that consists of exactly 12 digits.
16344	//
16345	//    * Organizational unit (OU) - A string that begins with "ou-" followed
16346	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
16347	//    OU is in). This string is followed by a second "-" dash and from 8 to
16348	//    32 additional lowercase letters or digits.
16349	//
16350	// TargetId is a required field
16351	TargetId *string `type:"string" required:"true"`
16352}
16353
16354// String returns the string representation
16355func (s DetachPolicyInput) String() string {
16356	return awsutil.Prettify(s)
16357}
16358
16359// GoString returns the string representation
16360func (s DetachPolicyInput) GoString() string {
16361	return s.String()
16362}
16363
16364// Validate inspects the fields of the type to determine if they are valid.
16365func (s *DetachPolicyInput) Validate() error {
16366	invalidParams := request.ErrInvalidParams{Context: "DetachPolicyInput"}
16367	if s.PolicyId == nil {
16368		invalidParams.Add(request.NewErrParamRequired("PolicyId"))
16369	}
16370	if s.TargetId == nil {
16371		invalidParams.Add(request.NewErrParamRequired("TargetId"))
16372	}
16373
16374	if invalidParams.Len() > 0 {
16375		return invalidParams
16376	}
16377	return nil
16378}
16379
16380// SetPolicyId sets the PolicyId field's value.
16381func (s *DetachPolicyInput) SetPolicyId(v string) *DetachPolicyInput {
16382	s.PolicyId = &v
16383	return s
16384}
16385
16386// SetTargetId sets the TargetId field's value.
16387func (s *DetachPolicyInput) SetTargetId(v string) *DetachPolicyInput {
16388	s.TargetId = &v
16389	return s
16390}
16391
16392type DetachPolicyOutput struct {
16393	_ struct{} `type:"structure"`
16394}
16395
16396// String returns the string representation
16397func (s DetachPolicyOutput) String() string {
16398	return awsutil.Prettify(s)
16399}
16400
16401// GoString returns the string representation
16402func (s DetachPolicyOutput) GoString() string {
16403	return s.String()
16404}
16405
16406type DisableAWSServiceAccessInput struct {
16407	_ struct{} `type:"structure"`
16408
16409	// The service principal name of the AWS service for which you want to disable
16410	// integration with your organization. This is typically in the form of a URL,
16411	// such as service-abbreviation.amazonaws.com.
16412	//
16413	// ServicePrincipal is a required field
16414	ServicePrincipal *string `min:"1" type:"string" required:"true"`
16415}
16416
16417// String returns the string representation
16418func (s DisableAWSServiceAccessInput) String() string {
16419	return awsutil.Prettify(s)
16420}
16421
16422// GoString returns the string representation
16423func (s DisableAWSServiceAccessInput) GoString() string {
16424	return s.String()
16425}
16426
16427// Validate inspects the fields of the type to determine if they are valid.
16428func (s *DisableAWSServiceAccessInput) Validate() error {
16429	invalidParams := request.ErrInvalidParams{Context: "DisableAWSServiceAccessInput"}
16430	if s.ServicePrincipal == nil {
16431		invalidParams.Add(request.NewErrParamRequired("ServicePrincipal"))
16432	}
16433	if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 {
16434		invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1))
16435	}
16436
16437	if invalidParams.Len() > 0 {
16438		return invalidParams
16439	}
16440	return nil
16441}
16442
16443// SetServicePrincipal sets the ServicePrincipal field's value.
16444func (s *DisableAWSServiceAccessInput) SetServicePrincipal(v string) *DisableAWSServiceAccessInput {
16445	s.ServicePrincipal = &v
16446	return s
16447}
16448
16449type DisableAWSServiceAccessOutput struct {
16450	_ struct{} `type:"structure"`
16451}
16452
16453// String returns the string representation
16454func (s DisableAWSServiceAccessOutput) String() string {
16455	return awsutil.Prettify(s)
16456}
16457
16458// GoString returns the string representation
16459func (s DisableAWSServiceAccessOutput) GoString() string {
16460	return s.String()
16461}
16462
16463type DisablePolicyTypeInput struct {
16464	_ struct{} `type:"structure"`
16465
16466	// The policy type that you want to disable in this root. You can specify one
16467	// of the following values:
16468	//
16469	//    * AISERVICES_OPT_OUT_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html)
16470	//
16471	//    * BACKUP_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html)
16472	//
16473	//    * SERVICE_CONTROL_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html)
16474	//
16475	//    * TAG_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html)
16476	//
16477	// PolicyType is a required field
16478	PolicyType *string `type:"string" required:"true" enum:"PolicyType"`
16479
16480	// The unique identifier (ID) of the root in which you want to disable a policy
16481	// type. You can get the ID from the ListRoots operation.
16482	//
16483	// The regex pattern (http://wikipedia.org/wiki/regex) for a root ID string
16484	// requires "r-" followed by from 4 to 32 lowercase letters or digits.
16485	//
16486	// RootId is a required field
16487	RootId *string `type:"string" required:"true"`
16488}
16489
16490// String returns the string representation
16491func (s DisablePolicyTypeInput) String() string {
16492	return awsutil.Prettify(s)
16493}
16494
16495// GoString returns the string representation
16496func (s DisablePolicyTypeInput) GoString() string {
16497	return s.String()
16498}
16499
16500// Validate inspects the fields of the type to determine if they are valid.
16501func (s *DisablePolicyTypeInput) Validate() error {
16502	invalidParams := request.ErrInvalidParams{Context: "DisablePolicyTypeInput"}
16503	if s.PolicyType == nil {
16504		invalidParams.Add(request.NewErrParamRequired("PolicyType"))
16505	}
16506	if s.RootId == nil {
16507		invalidParams.Add(request.NewErrParamRequired("RootId"))
16508	}
16509
16510	if invalidParams.Len() > 0 {
16511		return invalidParams
16512	}
16513	return nil
16514}
16515
16516// SetPolicyType sets the PolicyType field's value.
16517func (s *DisablePolicyTypeInput) SetPolicyType(v string) *DisablePolicyTypeInput {
16518	s.PolicyType = &v
16519	return s
16520}
16521
16522// SetRootId sets the RootId field's value.
16523func (s *DisablePolicyTypeInput) SetRootId(v string) *DisablePolicyTypeInput {
16524	s.RootId = &v
16525	return s
16526}
16527
16528type DisablePolicyTypeOutput struct {
16529	_ struct{} `type:"structure"`
16530
16531	// A structure that shows the root with the updated list of enabled policy types.
16532	Root *Root `type:"structure"`
16533}
16534
16535// String returns the string representation
16536func (s DisablePolicyTypeOutput) String() string {
16537	return awsutil.Prettify(s)
16538}
16539
16540// GoString returns the string representation
16541func (s DisablePolicyTypeOutput) GoString() string {
16542	return s.String()
16543}
16544
16545// SetRoot sets the Root field's value.
16546func (s *DisablePolicyTypeOutput) SetRoot(v *Root) *DisablePolicyTypeOutput {
16547	s.Root = v
16548	return s
16549}
16550
16551// That account is already present in the specified destination.
16552type DuplicateAccountException struct {
16553	_            struct{}                  `type:"structure"`
16554	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
16555
16556	Message_ *string `locationName:"Message" type:"string"`
16557}
16558
16559// String returns the string representation
16560func (s DuplicateAccountException) String() string {
16561	return awsutil.Prettify(s)
16562}
16563
16564// GoString returns the string representation
16565func (s DuplicateAccountException) GoString() string {
16566	return s.String()
16567}
16568
16569func newErrorDuplicateAccountException(v protocol.ResponseMetadata) error {
16570	return &DuplicateAccountException{
16571		RespMetadata: v,
16572	}
16573}
16574
16575// Code returns the exception type name.
16576func (s *DuplicateAccountException) Code() string {
16577	return "DuplicateAccountException"
16578}
16579
16580// Message returns the exception's message.
16581func (s *DuplicateAccountException) Message() string {
16582	if s.Message_ != nil {
16583		return *s.Message_
16584	}
16585	return ""
16586}
16587
16588// OrigErr always returns nil, satisfies awserr.Error interface.
16589func (s *DuplicateAccountException) OrigErr() error {
16590	return nil
16591}
16592
16593func (s *DuplicateAccountException) Error() string {
16594	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
16595}
16596
16597// Status code returns the HTTP status code for the request's response error.
16598func (s *DuplicateAccountException) StatusCode() int {
16599	return s.RespMetadata.StatusCode
16600}
16601
16602// RequestID returns the service's response RequestID for request.
16603func (s *DuplicateAccountException) RequestID() string {
16604	return s.RespMetadata.RequestID
16605}
16606
16607// A handshake with the same action and target already exists. For example,
16608// if you invited an account to join your organization, the invited account
16609// might already have a pending invitation from this organization. If you intend
16610// to resend an invitation to an account, ensure that existing handshakes that
16611// might be considered duplicates are canceled or declined.
16612type DuplicateHandshakeException struct {
16613	_            struct{}                  `type:"structure"`
16614	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
16615
16616	Message_ *string `locationName:"Message" type:"string"`
16617}
16618
16619// String returns the string representation
16620func (s DuplicateHandshakeException) String() string {
16621	return awsutil.Prettify(s)
16622}
16623
16624// GoString returns the string representation
16625func (s DuplicateHandshakeException) GoString() string {
16626	return s.String()
16627}
16628
16629func newErrorDuplicateHandshakeException(v protocol.ResponseMetadata) error {
16630	return &DuplicateHandshakeException{
16631		RespMetadata: v,
16632	}
16633}
16634
16635// Code returns the exception type name.
16636func (s *DuplicateHandshakeException) Code() string {
16637	return "DuplicateHandshakeException"
16638}
16639
16640// Message returns the exception's message.
16641func (s *DuplicateHandshakeException) Message() string {
16642	if s.Message_ != nil {
16643		return *s.Message_
16644	}
16645	return ""
16646}
16647
16648// OrigErr always returns nil, satisfies awserr.Error interface.
16649func (s *DuplicateHandshakeException) OrigErr() error {
16650	return nil
16651}
16652
16653func (s *DuplicateHandshakeException) Error() string {
16654	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
16655}
16656
16657// Status code returns the HTTP status code for the request's response error.
16658func (s *DuplicateHandshakeException) StatusCode() int {
16659	return s.RespMetadata.StatusCode
16660}
16661
16662// RequestID returns the service's response RequestID for request.
16663func (s *DuplicateHandshakeException) RequestID() string {
16664	return s.RespMetadata.RequestID
16665}
16666
16667// An OU with the same name already exists.
16668type DuplicateOrganizationalUnitException struct {
16669	_            struct{}                  `type:"structure"`
16670	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
16671
16672	Message_ *string `locationName:"Message" type:"string"`
16673}
16674
16675// String returns the string representation
16676func (s DuplicateOrganizationalUnitException) String() string {
16677	return awsutil.Prettify(s)
16678}
16679
16680// GoString returns the string representation
16681func (s DuplicateOrganizationalUnitException) GoString() string {
16682	return s.String()
16683}
16684
16685func newErrorDuplicateOrganizationalUnitException(v protocol.ResponseMetadata) error {
16686	return &DuplicateOrganizationalUnitException{
16687		RespMetadata: v,
16688	}
16689}
16690
16691// Code returns the exception type name.
16692func (s *DuplicateOrganizationalUnitException) Code() string {
16693	return "DuplicateOrganizationalUnitException"
16694}
16695
16696// Message returns the exception's message.
16697func (s *DuplicateOrganizationalUnitException) Message() string {
16698	if s.Message_ != nil {
16699		return *s.Message_
16700	}
16701	return ""
16702}
16703
16704// OrigErr always returns nil, satisfies awserr.Error interface.
16705func (s *DuplicateOrganizationalUnitException) OrigErr() error {
16706	return nil
16707}
16708
16709func (s *DuplicateOrganizationalUnitException) Error() string {
16710	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
16711}
16712
16713// Status code returns the HTTP status code for the request's response error.
16714func (s *DuplicateOrganizationalUnitException) StatusCode() int {
16715	return s.RespMetadata.StatusCode
16716}
16717
16718// RequestID returns the service's response RequestID for request.
16719func (s *DuplicateOrganizationalUnitException) RequestID() string {
16720	return s.RespMetadata.RequestID
16721}
16722
16723// The selected policy is already attached to the specified target.
16724type DuplicatePolicyAttachmentException struct {
16725	_            struct{}                  `type:"structure"`
16726	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
16727
16728	Message_ *string `locationName:"Message" type:"string"`
16729}
16730
16731// String returns the string representation
16732func (s DuplicatePolicyAttachmentException) String() string {
16733	return awsutil.Prettify(s)
16734}
16735
16736// GoString returns the string representation
16737func (s DuplicatePolicyAttachmentException) GoString() string {
16738	return s.String()
16739}
16740
16741func newErrorDuplicatePolicyAttachmentException(v protocol.ResponseMetadata) error {
16742	return &DuplicatePolicyAttachmentException{
16743		RespMetadata: v,
16744	}
16745}
16746
16747// Code returns the exception type name.
16748func (s *DuplicatePolicyAttachmentException) Code() string {
16749	return "DuplicatePolicyAttachmentException"
16750}
16751
16752// Message returns the exception's message.
16753func (s *DuplicatePolicyAttachmentException) Message() string {
16754	if s.Message_ != nil {
16755		return *s.Message_
16756	}
16757	return ""
16758}
16759
16760// OrigErr always returns nil, satisfies awserr.Error interface.
16761func (s *DuplicatePolicyAttachmentException) OrigErr() error {
16762	return nil
16763}
16764
16765func (s *DuplicatePolicyAttachmentException) Error() string {
16766	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
16767}
16768
16769// Status code returns the HTTP status code for the request's response error.
16770func (s *DuplicatePolicyAttachmentException) StatusCode() int {
16771	return s.RespMetadata.StatusCode
16772}
16773
16774// RequestID returns the service's response RequestID for request.
16775func (s *DuplicatePolicyAttachmentException) RequestID() string {
16776	return s.RespMetadata.RequestID
16777}
16778
16779// A policy with the same name already exists.
16780type DuplicatePolicyException struct {
16781	_            struct{}                  `type:"structure"`
16782	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
16783
16784	Message_ *string `locationName:"Message" type:"string"`
16785}
16786
16787// String returns the string representation
16788func (s DuplicatePolicyException) String() string {
16789	return awsutil.Prettify(s)
16790}
16791
16792// GoString returns the string representation
16793func (s DuplicatePolicyException) GoString() string {
16794	return s.String()
16795}
16796
16797func newErrorDuplicatePolicyException(v protocol.ResponseMetadata) error {
16798	return &DuplicatePolicyException{
16799		RespMetadata: v,
16800	}
16801}
16802
16803// Code returns the exception type name.
16804func (s *DuplicatePolicyException) Code() string {
16805	return "DuplicatePolicyException"
16806}
16807
16808// Message returns the exception's message.
16809func (s *DuplicatePolicyException) Message() string {
16810	if s.Message_ != nil {
16811		return *s.Message_
16812	}
16813	return ""
16814}
16815
16816// OrigErr always returns nil, satisfies awserr.Error interface.
16817func (s *DuplicatePolicyException) OrigErr() error {
16818	return nil
16819}
16820
16821func (s *DuplicatePolicyException) Error() string {
16822	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
16823}
16824
16825// Status code returns the HTTP status code for the request's response error.
16826func (s *DuplicatePolicyException) StatusCode() int {
16827	return s.RespMetadata.StatusCode
16828}
16829
16830// RequestID returns the service's response RequestID for request.
16831func (s *DuplicatePolicyException) RequestID() string {
16832	return s.RespMetadata.RequestID
16833}
16834
16835// Contains rules to be applied to the affected accounts. The effective policy
16836// is the aggregation of any policies the account inherits, plus any policy
16837// directly attached to the account.
16838type EffectivePolicy struct {
16839	_ struct{} `type:"structure"`
16840
16841	// The time of the last update to this policy.
16842	LastUpdatedTimestamp *time.Time `type:"timestamp"`
16843
16844	// The text content of the policy.
16845	PolicyContent *string `min:"1" type:"string"`
16846
16847	// The policy type.
16848	PolicyType *string `type:"string" enum:"EffectivePolicyType"`
16849
16850	// The account ID of the policy target.
16851	TargetId *string `type:"string"`
16852}
16853
16854// String returns the string representation
16855func (s EffectivePolicy) String() string {
16856	return awsutil.Prettify(s)
16857}
16858
16859// GoString returns the string representation
16860func (s EffectivePolicy) GoString() string {
16861	return s.String()
16862}
16863
16864// SetLastUpdatedTimestamp sets the LastUpdatedTimestamp field's value.
16865func (s *EffectivePolicy) SetLastUpdatedTimestamp(v time.Time) *EffectivePolicy {
16866	s.LastUpdatedTimestamp = &v
16867	return s
16868}
16869
16870// SetPolicyContent sets the PolicyContent field's value.
16871func (s *EffectivePolicy) SetPolicyContent(v string) *EffectivePolicy {
16872	s.PolicyContent = &v
16873	return s
16874}
16875
16876// SetPolicyType sets the PolicyType field's value.
16877func (s *EffectivePolicy) SetPolicyType(v string) *EffectivePolicy {
16878	s.PolicyType = &v
16879	return s
16880}
16881
16882// SetTargetId sets the TargetId field's value.
16883func (s *EffectivePolicy) SetTargetId(v string) *EffectivePolicy {
16884	s.TargetId = &v
16885	return s
16886}
16887
16888// If you ran this action on the master account, this policy type is not enabled.
16889// If you ran the action on a member account, the account doesn't have an effective
16890// policy of this type. Contact the administrator of your organization about
16891// attaching a policy of this type to the account.
16892type EffectivePolicyNotFoundException struct {
16893	_            struct{}                  `type:"structure"`
16894	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
16895
16896	Message_ *string `locationName:"Message" type:"string"`
16897}
16898
16899// String returns the string representation
16900func (s EffectivePolicyNotFoundException) String() string {
16901	return awsutil.Prettify(s)
16902}
16903
16904// GoString returns the string representation
16905func (s EffectivePolicyNotFoundException) GoString() string {
16906	return s.String()
16907}
16908
16909func newErrorEffectivePolicyNotFoundException(v protocol.ResponseMetadata) error {
16910	return &EffectivePolicyNotFoundException{
16911		RespMetadata: v,
16912	}
16913}
16914
16915// Code returns the exception type name.
16916func (s *EffectivePolicyNotFoundException) Code() string {
16917	return "EffectivePolicyNotFoundException"
16918}
16919
16920// Message returns the exception's message.
16921func (s *EffectivePolicyNotFoundException) Message() string {
16922	if s.Message_ != nil {
16923		return *s.Message_
16924	}
16925	return ""
16926}
16927
16928// OrigErr always returns nil, satisfies awserr.Error interface.
16929func (s *EffectivePolicyNotFoundException) OrigErr() error {
16930	return nil
16931}
16932
16933func (s *EffectivePolicyNotFoundException) Error() string {
16934	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
16935}
16936
16937// Status code returns the HTTP status code for the request's response error.
16938func (s *EffectivePolicyNotFoundException) StatusCode() int {
16939	return s.RespMetadata.StatusCode
16940}
16941
16942// RequestID returns the service's response RequestID for request.
16943func (s *EffectivePolicyNotFoundException) RequestID() string {
16944	return s.RespMetadata.RequestID
16945}
16946
16947type EnableAWSServiceAccessInput struct {
16948	_ struct{} `type:"structure"`
16949
16950	// The service principal name of the AWS service for which you want to enable
16951	// integration with your organization. This is typically in the form of a URL,
16952	// such as service-abbreviation.amazonaws.com.
16953	//
16954	// ServicePrincipal is a required field
16955	ServicePrincipal *string `min:"1" type:"string" required:"true"`
16956}
16957
16958// String returns the string representation
16959func (s EnableAWSServiceAccessInput) String() string {
16960	return awsutil.Prettify(s)
16961}
16962
16963// GoString returns the string representation
16964func (s EnableAWSServiceAccessInput) GoString() string {
16965	return s.String()
16966}
16967
16968// Validate inspects the fields of the type to determine if they are valid.
16969func (s *EnableAWSServiceAccessInput) Validate() error {
16970	invalidParams := request.ErrInvalidParams{Context: "EnableAWSServiceAccessInput"}
16971	if s.ServicePrincipal == nil {
16972		invalidParams.Add(request.NewErrParamRequired("ServicePrincipal"))
16973	}
16974	if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 {
16975		invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1))
16976	}
16977
16978	if invalidParams.Len() > 0 {
16979		return invalidParams
16980	}
16981	return nil
16982}
16983
16984// SetServicePrincipal sets the ServicePrincipal field's value.
16985func (s *EnableAWSServiceAccessInput) SetServicePrincipal(v string) *EnableAWSServiceAccessInput {
16986	s.ServicePrincipal = &v
16987	return s
16988}
16989
16990type EnableAWSServiceAccessOutput struct {
16991	_ struct{} `type:"structure"`
16992}
16993
16994// String returns the string representation
16995func (s EnableAWSServiceAccessOutput) String() string {
16996	return awsutil.Prettify(s)
16997}
16998
16999// GoString returns the string representation
17000func (s EnableAWSServiceAccessOutput) GoString() string {
17001	return s.String()
17002}
17003
17004type EnableAllFeaturesInput struct {
17005	_ struct{} `type:"structure"`
17006}
17007
17008// String returns the string representation
17009func (s EnableAllFeaturesInput) String() string {
17010	return awsutil.Prettify(s)
17011}
17012
17013// GoString returns the string representation
17014func (s EnableAllFeaturesInput) GoString() string {
17015	return s.String()
17016}
17017
17018type EnableAllFeaturesOutput struct {
17019	_ struct{} `type:"structure"`
17020
17021	// A structure that contains details about the handshake created to support
17022	// this request to enable all features in the organization.
17023	Handshake *Handshake `type:"structure"`
17024}
17025
17026// String returns the string representation
17027func (s EnableAllFeaturesOutput) String() string {
17028	return awsutil.Prettify(s)
17029}
17030
17031// GoString returns the string representation
17032func (s EnableAllFeaturesOutput) GoString() string {
17033	return s.String()
17034}
17035
17036// SetHandshake sets the Handshake field's value.
17037func (s *EnableAllFeaturesOutput) SetHandshake(v *Handshake) *EnableAllFeaturesOutput {
17038	s.Handshake = v
17039	return s
17040}
17041
17042type EnablePolicyTypeInput struct {
17043	_ struct{} `type:"structure"`
17044
17045	// The policy type that you want to enable. You can specify one of the following
17046	// values:
17047	//
17048	//    * AISERVICES_OPT_OUT_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html)
17049	//
17050	//    * BACKUP_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html)
17051	//
17052	//    * SERVICE_CONTROL_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html)
17053	//
17054	//    * TAG_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html)
17055	//
17056	// PolicyType is a required field
17057	PolicyType *string `type:"string" required:"true" enum:"PolicyType"`
17058
17059	// The unique identifier (ID) of the root in which you want to enable a policy
17060	// type. You can get the ID from the ListRoots operation.
17061	//
17062	// The regex pattern (http://wikipedia.org/wiki/regex) for a root ID string
17063	// requires "r-" followed by from 4 to 32 lowercase letters or digits.
17064	//
17065	// RootId is a required field
17066	RootId *string `type:"string" required:"true"`
17067}
17068
17069// String returns the string representation
17070func (s EnablePolicyTypeInput) String() string {
17071	return awsutil.Prettify(s)
17072}
17073
17074// GoString returns the string representation
17075func (s EnablePolicyTypeInput) GoString() string {
17076	return s.String()
17077}
17078
17079// Validate inspects the fields of the type to determine if they are valid.
17080func (s *EnablePolicyTypeInput) Validate() error {
17081	invalidParams := request.ErrInvalidParams{Context: "EnablePolicyTypeInput"}
17082	if s.PolicyType == nil {
17083		invalidParams.Add(request.NewErrParamRequired("PolicyType"))
17084	}
17085	if s.RootId == nil {
17086		invalidParams.Add(request.NewErrParamRequired("RootId"))
17087	}
17088
17089	if invalidParams.Len() > 0 {
17090		return invalidParams
17091	}
17092	return nil
17093}
17094
17095// SetPolicyType sets the PolicyType field's value.
17096func (s *EnablePolicyTypeInput) SetPolicyType(v string) *EnablePolicyTypeInput {
17097	s.PolicyType = &v
17098	return s
17099}
17100
17101// SetRootId sets the RootId field's value.
17102func (s *EnablePolicyTypeInput) SetRootId(v string) *EnablePolicyTypeInput {
17103	s.RootId = &v
17104	return s
17105}
17106
17107type EnablePolicyTypeOutput struct {
17108	_ struct{} `type:"structure"`
17109
17110	// A structure that shows the root with the updated list of enabled policy types.
17111	Root *Root `type:"structure"`
17112}
17113
17114// String returns the string representation
17115func (s EnablePolicyTypeOutput) String() string {
17116	return awsutil.Prettify(s)
17117}
17118
17119// GoString returns the string representation
17120func (s EnablePolicyTypeOutput) GoString() string {
17121	return s.String()
17122}
17123
17124// SetRoot sets the Root field's value.
17125func (s *EnablePolicyTypeOutput) SetRoot(v *Root) *EnablePolicyTypeOutput {
17126	s.Root = v
17127	return s
17128}
17129
17130// A structure that contains details of a service principal that represents
17131// an AWS service that is enabled to integrate with AWS Organizations.
17132type EnabledServicePrincipal struct {
17133	_ struct{} `type:"structure"`
17134
17135	// The date that the service principal was enabled for integration with AWS
17136	// Organizations.
17137	DateEnabled *time.Time `type:"timestamp"`
17138
17139	// The name of the service principal. This is typically in the form of a URL,
17140	// such as: servicename.amazonaws.com.
17141	ServicePrincipal *string `min:"1" type:"string"`
17142}
17143
17144// String returns the string representation
17145func (s EnabledServicePrincipal) String() string {
17146	return awsutil.Prettify(s)
17147}
17148
17149// GoString returns the string representation
17150func (s EnabledServicePrincipal) GoString() string {
17151	return s.String()
17152}
17153
17154// SetDateEnabled sets the DateEnabled field's value.
17155func (s *EnabledServicePrincipal) SetDateEnabled(v time.Time) *EnabledServicePrincipal {
17156	s.DateEnabled = &v
17157	return s
17158}
17159
17160// SetServicePrincipal sets the ServicePrincipal field's value.
17161func (s *EnabledServicePrincipal) SetServicePrincipal(v string) *EnabledServicePrincipal {
17162	s.ServicePrincipal = &v
17163	return s
17164}
17165
17166// AWS Organizations couldn't perform the operation because your organization
17167// hasn't finished initializing. This can take up to an hour. Try again later.
17168// If after one hour you continue to receive this error, contact AWS Support
17169// (https://console.aws.amazon.com/support/home#/).
17170type FinalizingOrganizationException struct {
17171	_            struct{}                  `type:"structure"`
17172	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
17173
17174	Message_ *string `locationName:"Message" type:"string"`
17175}
17176
17177// String returns the string representation
17178func (s FinalizingOrganizationException) String() string {
17179	return awsutil.Prettify(s)
17180}
17181
17182// GoString returns the string representation
17183func (s FinalizingOrganizationException) GoString() string {
17184	return s.String()
17185}
17186
17187func newErrorFinalizingOrganizationException(v protocol.ResponseMetadata) error {
17188	return &FinalizingOrganizationException{
17189		RespMetadata: v,
17190	}
17191}
17192
17193// Code returns the exception type name.
17194func (s *FinalizingOrganizationException) Code() string {
17195	return "FinalizingOrganizationException"
17196}
17197
17198// Message returns the exception's message.
17199func (s *FinalizingOrganizationException) Message() string {
17200	if s.Message_ != nil {
17201		return *s.Message_
17202	}
17203	return ""
17204}
17205
17206// OrigErr always returns nil, satisfies awserr.Error interface.
17207func (s *FinalizingOrganizationException) OrigErr() error {
17208	return nil
17209}
17210
17211func (s *FinalizingOrganizationException) Error() string {
17212	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
17213}
17214
17215// Status code returns the HTTP status code for the request's response error.
17216func (s *FinalizingOrganizationException) StatusCode() int {
17217	return s.RespMetadata.StatusCode
17218}
17219
17220// RequestID returns the service's response RequestID for request.
17221func (s *FinalizingOrganizationException) RequestID() string {
17222	return s.RespMetadata.RequestID
17223}
17224
17225// Contains information that must be exchanged to securely establish a relationship
17226// between two accounts (an originator and a recipient). For example, when a
17227// master account (the originator) invites another account (the recipient) to
17228// join its organization, the two accounts exchange information as a series
17229// of handshake requests and responses.
17230//
17231// Note: Handshakes that are CANCELED, ACCEPTED, or DECLINED show up in lists
17232// for only 30 days after entering that state After that they are deleted.
17233type Handshake struct {
17234	_ struct{} `type:"structure"`
17235
17236	// The type of handshake, indicating what action occurs when the recipient accepts
17237	// the handshake. The following handshake types are supported:
17238	//
17239	//    * INVITE: This type of handshake represents a request to join an organization.
17240	//    It is always sent from the master account to only non-member accounts.
17241	//
17242	//    * ENABLE_ALL_FEATURES: This type of handshake represents a request to
17243	//    enable all features in an organization. It is always sent from the master
17244	//    account to only invited member accounts. Created accounts do not receive
17245	//    this because those accounts were created by the organization's master
17246	//    account and approval is inferred.
17247	//
17248	//    * APPROVE_ALL_FEATURES: This type of handshake is sent from the Organizations
17249	//    service when all member accounts have approved the ENABLE_ALL_FEATURES
17250	//    invitation. It is sent only to the master account and signals the master
17251	//    that it can finalize the process to enable all features.
17252	Action *string `type:"string" enum:"ActionType"`
17253
17254	// The Amazon Resource Name (ARN) of a handshake.
17255	//
17256	// For more information about ARNs in Organizations, see ARN Formats Supported
17257	// by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns)
17258	// in the AWS Organizations User Guide.
17259	Arn *string `type:"string"`
17260
17261	// The date and time that the handshake expires. If the recipient of the handshake
17262	// request fails to respond before the specified date and time, the handshake
17263	// becomes inactive and is no longer valid.
17264	ExpirationTimestamp *time.Time `type:"timestamp"`
17265
17266	// The unique identifier (ID) of a handshake. The originating account creates
17267	// the ID when it initiates the handshake.
17268	//
17269	// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
17270	// requires "h-" followed by from 8 to 32 lower-case letters or digits.
17271	Id *string `type:"string"`
17272
17273	// Information about the two accounts that are participating in the handshake.
17274	Parties []*HandshakeParty `type:"list"`
17275
17276	// The date and time that the handshake request was made.
17277	RequestedTimestamp *time.Time `type:"timestamp"`
17278
17279	// Additional information that is needed to process the handshake.
17280	Resources []*HandshakeResource `type:"list"`
17281
17282	// The current state of the handshake. Use the state to trace the flow of the
17283	// handshake through the process from its creation to its acceptance. The meaning
17284	// of each of the valid values is as follows:
17285	//
17286	//    * REQUESTED: This handshake was sent to multiple recipients (applicable
17287	//    to only some handshake types) and not all recipients have responded yet.
17288	//    The request stays in this state until all recipients respond.
17289	//
17290	//    * OPEN: This handshake was sent to multiple recipients (applicable to
17291	//    only some policy types) and all recipients have responded, allowing the
17292	//    originator to complete the handshake action.
17293	//
17294	//    * CANCELED: This handshake is no longer active because it was canceled
17295	//    by the originating account.
17296	//
17297	//    * ACCEPTED: This handshake is complete because it has been accepted by
17298	//    the recipient.
17299	//
17300	//    * DECLINED: This handshake is no longer active because it was declined
17301	//    by the recipient account.
17302	//
17303	//    * EXPIRED: This handshake is no longer active because the originator did
17304	//    not receive a response of any kind from the recipient before the expiration
17305	//    time (15 days).
17306	State *string `type:"string" enum:"HandshakeState"`
17307}
17308
17309// String returns the string representation
17310func (s Handshake) String() string {
17311	return awsutil.Prettify(s)
17312}
17313
17314// GoString returns the string representation
17315func (s Handshake) GoString() string {
17316	return s.String()
17317}
17318
17319// SetAction sets the Action field's value.
17320func (s *Handshake) SetAction(v string) *Handshake {
17321	s.Action = &v
17322	return s
17323}
17324
17325// SetArn sets the Arn field's value.
17326func (s *Handshake) SetArn(v string) *Handshake {
17327	s.Arn = &v
17328	return s
17329}
17330
17331// SetExpirationTimestamp sets the ExpirationTimestamp field's value.
17332func (s *Handshake) SetExpirationTimestamp(v time.Time) *Handshake {
17333	s.ExpirationTimestamp = &v
17334	return s
17335}
17336
17337// SetId sets the Id field's value.
17338func (s *Handshake) SetId(v string) *Handshake {
17339	s.Id = &v
17340	return s
17341}
17342
17343// SetParties sets the Parties field's value.
17344func (s *Handshake) SetParties(v []*HandshakeParty) *Handshake {
17345	s.Parties = v
17346	return s
17347}
17348
17349// SetRequestedTimestamp sets the RequestedTimestamp field's value.
17350func (s *Handshake) SetRequestedTimestamp(v time.Time) *Handshake {
17351	s.RequestedTimestamp = &v
17352	return s
17353}
17354
17355// SetResources sets the Resources field's value.
17356func (s *Handshake) SetResources(v []*HandshakeResource) *Handshake {
17357	s.Resources = v
17358	return s
17359}
17360
17361// SetState sets the State field's value.
17362func (s *Handshake) SetState(v string) *Handshake {
17363	s.State = &v
17364	return s
17365}
17366
17367// The specified handshake is already in the requested state. For example, you
17368// can't accept a handshake that was already accepted.
17369type HandshakeAlreadyInStateException struct {
17370	_            struct{}                  `type:"structure"`
17371	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
17372
17373	Message_ *string `locationName:"Message" type:"string"`
17374}
17375
17376// String returns the string representation
17377func (s HandshakeAlreadyInStateException) String() string {
17378	return awsutil.Prettify(s)
17379}
17380
17381// GoString returns the string representation
17382func (s HandshakeAlreadyInStateException) GoString() string {
17383	return s.String()
17384}
17385
17386func newErrorHandshakeAlreadyInStateException(v protocol.ResponseMetadata) error {
17387	return &HandshakeAlreadyInStateException{
17388		RespMetadata: v,
17389	}
17390}
17391
17392// Code returns the exception type name.
17393func (s *HandshakeAlreadyInStateException) Code() string {
17394	return "HandshakeAlreadyInStateException"
17395}
17396
17397// Message returns the exception's message.
17398func (s *HandshakeAlreadyInStateException) Message() string {
17399	if s.Message_ != nil {
17400		return *s.Message_
17401	}
17402	return ""
17403}
17404
17405// OrigErr always returns nil, satisfies awserr.Error interface.
17406func (s *HandshakeAlreadyInStateException) OrigErr() error {
17407	return nil
17408}
17409
17410func (s *HandshakeAlreadyInStateException) Error() string {
17411	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
17412}
17413
17414// Status code returns the HTTP status code for the request's response error.
17415func (s *HandshakeAlreadyInStateException) StatusCode() int {
17416	return s.RespMetadata.StatusCode
17417}
17418
17419// RequestID returns the service's response RequestID for request.
17420func (s *HandshakeAlreadyInStateException) RequestID() string {
17421	return s.RespMetadata.RequestID
17422}
17423
17424// The requested operation would violate the constraint identified in the reason
17425// code.
17426//
17427// Some of the reasons in the following list might not be applicable to this
17428// specific API or operation:
17429//
17430//    * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
17431//    the number of accounts in an organization. Note that deleted and closed
17432//    accounts still count toward your limit. If you get this exception immediately
17433//    after creating the organization, wait one hour and try again. If after
17434//    an hour it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/).
17435//
17436//    * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because
17437//    the invited account is already a member of an organization.
17438//
17439//    * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
17440//    handshakes that you can send in one day.
17441//
17442//    * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations
17443//    to join an organization while it's in the process of enabling all features.
17444//    You can resume inviting accounts after you finalize the process when all
17445//    accounts have agreed to the change.
17446//
17447//    * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid
17448//    because the organization has already enabled all features.
17449//
17450//    * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because
17451//    the account is from a different marketplace than the accounts in the organization.
17452//    For example, accounts with India addresses must be associated with the
17453//    AISPL marketplace. All accounts in an organization must be from the same
17454//    marketplace.
17455//
17456//    * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to
17457//    change the membership of an account too quickly after its previous change.
17458//
17459//    * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an
17460//    account that doesn't have a payment instrument, such as a credit card,
17461//    associated with it.
17462type HandshakeConstraintViolationException struct {
17463	_            struct{}                  `type:"structure"`
17464	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
17465
17466	Message_ *string `locationName:"Message" type:"string"`
17467
17468	Reason *string `type:"string" enum:"HandshakeConstraintViolationExceptionReason"`
17469}
17470
17471// String returns the string representation
17472func (s HandshakeConstraintViolationException) String() string {
17473	return awsutil.Prettify(s)
17474}
17475
17476// GoString returns the string representation
17477func (s HandshakeConstraintViolationException) GoString() string {
17478	return s.String()
17479}
17480
17481func newErrorHandshakeConstraintViolationException(v protocol.ResponseMetadata) error {
17482	return &HandshakeConstraintViolationException{
17483		RespMetadata: v,
17484	}
17485}
17486
17487// Code returns the exception type name.
17488func (s *HandshakeConstraintViolationException) Code() string {
17489	return "HandshakeConstraintViolationException"
17490}
17491
17492// Message returns the exception's message.
17493func (s *HandshakeConstraintViolationException) Message() string {
17494	if s.Message_ != nil {
17495		return *s.Message_
17496	}
17497	return ""
17498}
17499
17500// OrigErr always returns nil, satisfies awserr.Error interface.
17501func (s *HandshakeConstraintViolationException) OrigErr() error {
17502	return nil
17503}
17504
17505func (s *HandshakeConstraintViolationException) Error() string {
17506	return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
17507}
17508
17509// Status code returns the HTTP status code for the request's response error.
17510func (s *HandshakeConstraintViolationException) StatusCode() int {
17511	return s.RespMetadata.StatusCode
17512}
17513
17514// RequestID returns the service's response RequestID for request.
17515func (s *HandshakeConstraintViolationException) RequestID() string {
17516	return s.RespMetadata.RequestID
17517}
17518
17519// Specifies the criteria that are used to select the handshakes for the operation.
17520type HandshakeFilter struct {
17521	_ struct{} `type:"structure"`
17522
17523	// Specifies the type of handshake action.
17524	//
17525	// If you specify ActionType, you cannot also specify ParentHandshakeId.
17526	ActionType *string `type:"string" enum:"ActionType"`
17527
17528	// Specifies the parent handshake. Only used for handshake types that are a
17529	// child of another type.
17530	//
17531	// If you specify ParentHandshakeId, you cannot also specify ActionType.
17532	//
17533	// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
17534	// requires "h-" followed by from 8 to 32 lower-case letters or digits.
17535	ParentHandshakeId *string `type:"string"`
17536}
17537
17538// String returns the string representation
17539func (s HandshakeFilter) String() string {
17540	return awsutil.Prettify(s)
17541}
17542
17543// GoString returns the string representation
17544func (s HandshakeFilter) GoString() string {
17545	return s.String()
17546}
17547
17548// SetActionType sets the ActionType field's value.
17549func (s *HandshakeFilter) SetActionType(v string) *HandshakeFilter {
17550	s.ActionType = &v
17551	return s
17552}
17553
17554// SetParentHandshakeId sets the ParentHandshakeId field's value.
17555func (s *HandshakeFilter) SetParentHandshakeId(v string) *HandshakeFilter {
17556	s.ParentHandshakeId = &v
17557	return s
17558}
17559
17560// We can't find a handshake with the HandshakeId that you specified.
17561type HandshakeNotFoundException struct {
17562	_            struct{}                  `type:"structure"`
17563	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
17564
17565	Message_ *string `locationName:"Message" type:"string"`
17566}
17567
17568// String returns the string representation
17569func (s HandshakeNotFoundException) String() string {
17570	return awsutil.Prettify(s)
17571}
17572
17573// GoString returns the string representation
17574func (s HandshakeNotFoundException) GoString() string {
17575	return s.String()
17576}
17577
17578func newErrorHandshakeNotFoundException(v protocol.ResponseMetadata) error {
17579	return &HandshakeNotFoundException{
17580		RespMetadata: v,
17581	}
17582}
17583
17584// Code returns the exception type name.
17585func (s *HandshakeNotFoundException) Code() string {
17586	return "HandshakeNotFoundException"
17587}
17588
17589// Message returns the exception's message.
17590func (s *HandshakeNotFoundException) Message() string {
17591	if s.Message_ != nil {
17592		return *s.Message_
17593	}
17594	return ""
17595}
17596
17597// OrigErr always returns nil, satisfies awserr.Error interface.
17598func (s *HandshakeNotFoundException) OrigErr() error {
17599	return nil
17600}
17601
17602func (s *HandshakeNotFoundException) Error() string {
17603	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
17604}
17605
17606// Status code returns the HTTP status code for the request's response error.
17607func (s *HandshakeNotFoundException) StatusCode() int {
17608	return s.RespMetadata.StatusCode
17609}
17610
17611// RequestID returns the service's response RequestID for request.
17612func (s *HandshakeNotFoundException) RequestID() string {
17613	return s.RespMetadata.RequestID
17614}
17615
17616// Identifies a participant in a handshake.
17617type HandshakeParty struct {
17618	_ struct{} `type:"structure"`
17619
17620	// The unique identifier (ID) for the party.
17621	//
17622	// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
17623	// requires "h-" followed by from 8 to 32 lower-case letters or digits.
17624	//
17625	// Id is a required field
17626	Id *string `min:"1" type:"string" required:"true" sensitive:"true"`
17627
17628	// The type of party.
17629	//
17630	// Type is a required field
17631	Type *string `type:"string" required:"true" enum:"HandshakePartyType"`
17632}
17633
17634// String returns the string representation
17635func (s HandshakeParty) String() string {
17636	return awsutil.Prettify(s)
17637}
17638
17639// GoString returns the string representation
17640func (s HandshakeParty) GoString() string {
17641	return s.String()
17642}
17643
17644// Validate inspects the fields of the type to determine if they are valid.
17645func (s *HandshakeParty) Validate() error {
17646	invalidParams := request.ErrInvalidParams{Context: "HandshakeParty"}
17647	if s.Id == nil {
17648		invalidParams.Add(request.NewErrParamRequired("Id"))
17649	}
17650	if s.Id != nil && len(*s.Id) < 1 {
17651		invalidParams.Add(request.NewErrParamMinLen("Id", 1))
17652	}
17653	if s.Type == nil {
17654		invalidParams.Add(request.NewErrParamRequired("Type"))
17655	}
17656
17657	if invalidParams.Len() > 0 {
17658		return invalidParams
17659	}
17660	return nil
17661}
17662
17663// SetId sets the Id field's value.
17664func (s *HandshakeParty) SetId(v string) *HandshakeParty {
17665	s.Id = &v
17666	return s
17667}
17668
17669// SetType sets the Type field's value.
17670func (s *HandshakeParty) SetType(v string) *HandshakeParty {
17671	s.Type = &v
17672	return s
17673}
17674
17675// Contains additional data that is needed to process a handshake.
17676type HandshakeResource struct {
17677	_ struct{} `type:"structure"`
17678
17679	// When needed, contains an additional array of HandshakeResource objects.
17680	Resources []*HandshakeResource `type:"list"`
17681
17682	// The type of information being passed, specifying how the value is to be interpreted
17683	// by the other party:
17684	//
17685	//    * ACCOUNT - Specifies an AWS account ID number.
17686	//
17687	//    * ORGANIZATION - Specifies an organization ID number.
17688	//
17689	//    * EMAIL - Specifies the email address that is associated with the account
17690	//    that receives the handshake.
17691	//
17692	//    * OWNER_EMAIL - Specifies the email address associated with the master
17693	//    account. Included as information about an organization.
17694	//
17695	//    * OWNER_NAME - Specifies the name associated with the master account.
17696	//    Included as information about an organization.
17697	//
17698	//    * NOTES - Additional text provided by the handshake initiator and intended
17699	//    for the recipient to read.
17700	Type *string `type:"string" enum:"HandshakeResourceType"`
17701
17702	// The information that is passed to the other party in the handshake. The format
17703	// of the value string must match the requirements of the specified type.
17704	Value *string `type:"string" sensitive:"true"`
17705}
17706
17707// String returns the string representation
17708func (s HandshakeResource) String() string {
17709	return awsutil.Prettify(s)
17710}
17711
17712// GoString returns the string representation
17713func (s HandshakeResource) GoString() string {
17714	return s.String()
17715}
17716
17717// SetResources sets the Resources field's value.
17718func (s *HandshakeResource) SetResources(v []*HandshakeResource) *HandshakeResource {
17719	s.Resources = v
17720	return s
17721}
17722
17723// SetType sets the Type field's value.
17724func (s *HandshakeResource) SetType(v string) *HandshakeResource {
17725	s.Type = &v
17726	return s
17727}
17728
17729// SetValue sets the Value field's value.
17730func (s *HandshakeResource) SetValue(v string) *HandshakeResource {
17731	s.Value = &v
17732	return s
17733}
17734
17735// You can't perform the operation on the handshake in its current state. For
17736// example, you can't cancel a handshake that was already accepted or accept
17737// a handshake that was already declined.
17738type InvalidHandshakeTransitionException struct {
17739	_            struct{}                  `type:"structure"`
17740	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
17741
17742	Message_ *string `locationName:"Message" type:"string"`
17743}
17744
17745// String returns the string representation
17746func (s InvalidHandshakeTransitionException) String() string {
17747	return awsutil.Prettify(s)
17748}
17749
17750// GoString returns the string representation
17751func (s InvalidHandshakeTransitionException) GoString() string {
17752	return s.String()
17753}
17754
17755func newErrorInvalidHandshakeTransitionException(v protocol.ResponseMetadata) error {
17756	return &InvalidHandshakeTransitionException{
17757		RespMetadata: v,
17758	}
17759}
17760
17761// Code returns the exception type name.
17762func (s *InvalidHandshakeTransitionException) Code() string {
17763	return "InvalidHandshakeTransitionException"
17764}
17765
17766// Message returns the exception's message.
17767func (s *InvalidHandshakeTransitionException) Message() string {
17768	if s.Message_ != nil {
17769		return *s.Message_
17770	}
17771	return ""
17772}
17773
17774// OrigErr always returns nil, satisfies awserr.Error interface.
17775func (s *InvalidHandshakeTransitionException) OrigErr() error {
17776	return nil
17777}
17778
17779func (s *InvalidHandshakeTransitionException) Error() string {
17780	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
17781}
17782
17783// Status code returns the HTTP status code for the request's response error.
17784func (s *InvalidHandshakeTransitionException) StatusCode() int {
17785	return s.RespMetadata.StatusCode
17786}
17787
17788// RequestID returns the service's response RequestID for request.
17789func (s *InvalidHandshakeTransitionException) RequestID() string {
17790	return s.RespMetadata.RequestID
17791}
17792
17793// The requested operation failed because you provided invalid values for one
17794// or more of the request parameters. This exception includes a reason that
17795// contains additional information about the violated limit:
17796//
17797// Some of the reasons in the following list might not be applicable to this
17798// specific API or operation.
17799//
17800//    * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
17801//    can't be modified.
17802//
17803//    * INPUT_REQUIRED: You must include a value for all required parameters.
17804//
17805//    * INVALID_ENUM: You specified an invalid value.
17806//
17807//    * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
17808//    characters.
17809//
17810//    * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
17811//    at least one invalid value.
17812//
17813//    * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
17814//    from the response to a previous call of the operation.
17815//
17816//    * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
17817//    organization, or email) as a party.
17818//
17819//    * INVALID_PATTERN: You provided a value that doesn't match the required
17820//    pattern.
17821//
17822//    * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
17823//    match the required pattern.
17824//
17825//    * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
17826//    name can't begin with the reserved prefix AWSServiceRoleFor.
17827//
17828//    * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
17829//    Name (ARN) for the organization.
17830//
17831//    * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
17832//
17833//    * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
17834//    tag. You can’t add, edit, or delete system tag keys because they're
17835//    reserved for AWS use. System tags don’t count against your tags per
17836//    resource limit.
17837//
17838//    * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
17839//    for the operation.
17840//
17841//    * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
17842//    than allowed.
17843//
17844//    * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
17845//    value than allowed.
17846//
17847//    * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
17848//    than allowed.
17849//
17850//    * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
17851//    value than allowed.
17852//
17853//    * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
17854//    between entities in the same root.
17855type InvalidInputException struct {
17856	_            struct{}                  `type:"structure"`
17857	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
17858
17859	Message_ *string `locationName:"Message" type:"string"`
17860
17861	Reason *string `type:"string" enum:"InvalidInputExceptionReason"`
17862}
17863
17864// String returns the string representation
17865func (s InvalidInputException) String() string {
17866	return awsutil.Prettify(s)
17867}
17868
17869// GoString returns the string representation
17870func (s InvalidInputException) GoString() string {
17871	return s.String()
17872}
17873
17874func newErrorInvalidInputException(v protocol.ResponseMetadata) error {
17875	return &InvalidInputException{
17876		RespMetadata: v,
17877	}
17878}
17879
17880// Code returns the exception type name.
17881func (s *InvalidInputException) Code() string {
17882	return "InvalidInputException"
17883}
17884
17885// Message returns the exception's message.
17886func (s *InvalidInputException) Message() string {
17887	if s.Message_ != nil {
17888		return *s.Message_
17889	}
17890	return ""
17891}
17892
17893// OrigErr always returns nil, satisfies awserr.Error interface.
17894func (s *InvalidInputException) OrigErr() error {
17895	return nil
17896}
17897
17898func (s *InvalidInputException) Error() string {
17899	return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
17900}
17901
17902// Status code returns the HTTP status code for the request's response error.
17903func (s *InvalidInputException) StatusCode() int {
17904	return s.RespMetadata.StatusCode
17905}
17906
17907// RequestID returns the service's response RequestID for request.
17908func (s *InvalidInputException) RequestID() string {
17909	return s.RespMetadata.RequestID
17910}
17911
17912type InviteAccountToOrganizationInput struct {
17913	_ struct{} `type:"structure"`
17914
17915	// Additional information that you want to include in the generated email to
17916	// the recipient account owner.
17917	Notes *string `type:"string" sensitive:"true"`
17918
17919	// The identifier (ID) of the AWS account that you want to invite to join your
17920	// organization. This is a JSON object that contains the following elements:
17921	//
17922	// { "Type": "ACCOUNT", "Id": "< account id number >" }
17923	//
17924	// If you use the AWS CLI, you can submit this as a single string, similar to
17925	// the following example:
17926	//
17927	// --target Id=123456789012,Type=ACCOUNT
17928	//
17929	// If you specify "Type": "ACCOUNT", you must provide the AWS account ID number
17930	// as the Id. If you specify "Type": "EMAIL", you must specify the email address
17931	// that is associated with the account.
17932	//
17933	// --target Id=diego@example.com,Type=EMAIL
17934	//
17935	// Target is a required field
17936	Target *HandshakeParty `type:"structure" required:"true"`
17937}
17938
17939// String returns the string representation
17940func (s InviteAccountToOrganizationInput) String() string {
17941	return awsutil.Prettify(s)
17942}
17943
17944// GoString returns the string representation
17945func (s InviteAccountToOrganizationInput) GoString() string {
17946	return s.String()
17947}
17948
17949// Validate inspects the fields of the type to determine if they are valid.
17950func (s *InviteAccountToOrganizationInput) Validate() error {
17951	invalidParams := request.ErrInvalidParams{Context: "InviteAccountToOrganizationInput"}
17952	if s.Target == nil {
17953		invalidParams.Add(request.NewErrParamRequired("Target"))
17954	}
17955	if s.Target != nil {
17956		if err := s.Target.Validate(); err != nil {
17957			invalidParams.AddNested("Target", err.(request.ErrInvalidParams))
17958		}
17959	}
17960
17961	if invalidParams.Len() > 0 {
17962		return invalidParams
17963	}
17964	return nil
17965}
17966
17967// SetNotes sets the Notes field's value.
17968func (s *InviteAccountToOrganizationInput) SetNotes(v string) *InviteAccountToOrganizationInput {
17969	s.Notes = &v
17970	return s
17971}
17972
17973// SetTarget sets the Target field's value.
17974func (s *InviteAccountToOrganizationInput) SetTarget(v *HandshakeParty) *InviteAccountToOrganizationInput {
17975	s.Target = v
17976	return s
17977}
17978
17979type InviteAccountToOrganizationOutput struct {
17980	_ struct{} `type:"structure"`
17981
17982	// A structure that contains details about the handshake that is created to
17983	// support this invitation request.
17984	Handshake *Handshake `type:"structure"`
17985}
17986
17987// String returns the string representation
17988func (s InviteAccountToOrganizationOutput) String() string {
17989	return awsutil.Prettify(s)
17990}
17991
17992// GoString returns the string representation
17993func (s InviteAccountToOrganizationOutput) GoString() string {
17994	return s.String()
17995}
17996
17997// SetHandshake sets the Handshake field's value.
17998func (s *InviteAccountToOrganizationOutput) SetHandshake(v *Handshake) *InviteAccountToOrganizationOutput {
17999	s.Handshake = v
18000	return s
18001}
18002
18003type LeaveOrganizationInput struct {
18004	_ struct{} `type:"structure"`
18005}
18006
18007// String returns the string representation
18008func (s LeaveOrganizationInput) String() string {
18009	return awsutil.Prettify(s)
18010}
18011
18012// GoString returns the string representation
18013func (s LeaveOrganizationInput) GoString() string {
18014	return s.String()
18015}
18016
18017type LeaveOrganizationOutput struct {
18018	_ struct{} `type:"structure"`
18019}
18020
18021// String returns the string representation
18022func (s LeaveOrganizationOutput) String() string {
18023	return awsutil.Prettify(s)
18024}
18025
18026// GoString returns the string representation
18027func (s LeaveOrganizationOutput) GoString() string {
18028	return s.String()
18029}
18030
18031type ListAWSServiceAccessForOrganizationInput struct {
18032	_ struct{} `type:"structure"`
18033
18034	// The total number of results that you want included on each page of the response.
18035	// If you do not include this parameter, it defaults to a value that is specific
18036	// to the operation. If additional items exist beyond the maximum you specify,
18037	// the NextToken response element is present and has a value (is not null).
18038	// Include that value as the NextToken request parameter in the next call to
18039	// the operation to get the next part of the results. Note that Organizations
18040	// might return fewer results than the maximum even when there are more results
18041	// available. You should check NextToken after every operation to ensure that
18042	// you receive all of the results.
18043	MaxResults *int64 `min:"1" type:"integer"`
18044
18045	// The parameter for receiving additional results if you receive a NextToken
18046	// response in a previous request. A NextToken response indicates that more
18047	// output is available. Set this parameter to the value of the previous call's
18048	// NextToken response to indicate where the output should continue from.
18049	NextToken *string `type:"string"`
18050}
18051
18052// String returns the string representation
18053func (s ListAWSServiceAccessForOrganizationInput) String() string {
18054	return awsutil.Prettify(s)
18055}
18056
18057// GoString returns the string representation
18058func (s ListAWSServiceAccessForOrganizationInput) GoString() string {
18059	return s.String()
18060}
18061
18062// Validate inspects the fields of the type to determine if they are valid.
18063func (s *ListAWSServiceAccessForOrganizationInput) Validate() error {
18064	invalidParams := request.ErrInvalidParams{Context: "ListAWSServiceAccessForOrganizationInput"}
18065	if s.MaxResults != nil && *s.MaxResults < 1 {
18066		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
18067	}
18068
18069	if invalidParams.Len() > 0 {
18070		return invalidParams
18071	}
18072	return nil
18073}
18074
18075// SetMaxResults sets the MaxResults field's value.
18076func (s *ListAWSServiceAccessForOrganizationInput) SetMaxResults(v int64) *ListAWSServiceAccessForOrganizationInput {
18077	s.MaxResults = &v
18078	return s
18079}
18080
18081// SetNextToken sets the NextToken field's value.
18082func (s *ListAWSServiceAccessForOrganizationInput) SetNextToken(v string) *ListAWSServiceAccessForOrganizationInput {
18083	s.NextToken = &v
18084	return s
18085}
18086
18087type ListAWSServiceAccessForOrganizationOutput struct {
18088	_ struct{} `type:"structure"`
18089
18090	// A list of the service principals for the services that are enabled to integrate
18091	// with your organization. Each principal is a structure that includes the name
18092	// and the date that it was enabled for integration with AWS Organizations.
18093	EnabledServicePrincipals []*EnabledServicePrincipal `type:"list"`
18094
18095	// If present, indicates that more output is available than is included in the
18096	// current response. Use this value in the NextToken request parameter in a
18097	// subsequent call to the operation to get the next part of the output. You
18098	// should repeat this until the NextToken response element comes back as null.
18099	NextToken *string `type:"string"`
18100}
18101
18102// String returns the string representation
18103func (s ListAWSServiceAccessForOrganizationOutput) String() string {
18104	return awsutil.Prettify(s)
18105}
18106
18107// GoString returns the string representation
18108func (s ListAWSServiceAccessForOrganizationOutput) GoString() string {
18109	return s.String()
18110}
18111
18112// SetEnabledServicePrincipals sets the EnabledServicePrincipals field's value.
18113func (s *ListAWSServiceAccessForOrganizationOutput) SetEnabledServicePrincipals(v []*EnabledServicePrincipal) *ListAWSServiceAccessForOrganizationOutput {
18114	s.EnabledServicePrincipals = v
18115	return s
18116}
18117
18118// SetNextToken sets the NextToken field's value.
18119func (s *ListAWSServiceAccessForOrganizationOutput) SetNextToken(v string) *ListAWSServiceAccessForOrganizationOutput {
18120	s.NextToken = &v
18121	return s
18122}
18123
18124type ListAccountsForParentInput struct {
18125	_ struct{} `type:"structure"`
18126
18127	// The total number of results that you want included on each page of the response.
18128	// If you do not include this parameter, it defaults to a value that is specific
18129	// to the operation. If additional items exist beyond the maximum you specify,
18130	// the NextToken response element is present and has a value (is not null).
18131	// Include that value as the NextToken request parameter in the next call to
18132	// the operation to get the next part of the results. Note that Organizations
18133	// might return fewer results than the maximum even when there are more results
18134	// available. You should check NextToken after every operation to ensure that
18135	// you receive all of the results.
18136	MaxResults *int64 `min:"1" type:"integer"`
18137
18138	// The parameter for receiving additional results if you receive a NextToken
18139	// response in a previous request. A NextToken response indicates that more
18140	// output is available. Set this parameter to the value of the previous call's
18141	// NextToken response to indicate where the output should continue from.
18142	NextToken *string `type:"string"`
18143
18144	// The unique identifier (ID) for the parent root or organization unit (OU)
18145	// whose accounts you want to list.
18146	//
18147	// ParentId is a required field
18148	ParentId *string `type:"string" required:"true"`
18149}
18150
18151// String returns the string representation
18152func (s ListAccountsForParentInput) String() string {
18153	return awsutil.Prettify(s)
18154}
18155
18156// GoString returns the string representation
18157func (s ListAccountsForParentInput) GoString() string {
18158	return s.String()
18159}
18160
18161// Validate inspects the fields of the type to determine if they are valid.
18162func (s *ListAccountsForParentInput) Validate() error {
18163	invalidParams := request.ErrInvalidParams{Context: "ListAccountsForParentInput"}
18164	if s.MaxResults != nil && *s.MaxResults < 1 {
18165		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
18166	}
18167	if s.ParentId == nil {
18168		invalidParams.Add(request.NewErrParamRequired("ParentId"))
18169	}
18170
18171	if invalidParams.Len() > 0 {
18172		return invalidParams
18173	}
18174	return nil
18175}
18176
18177// SetMaxResults sets the MaxResults field's value.
18178func (s *ListAccountsForParentInput) SetMaxResults(v int64) *ListAccountsForParentInput {
18179	s.MaxResults = &v
18180	return s
18181}
18182
18183// SetNextToken sets the NextToken field's value.
18184func (s *ListAccountsForParentInput) SetNextToken(v string) *ListAccountsForParentInput {
18185	s.NextToken = &v
18186	return s
18187}
18188
18189// SetParentId sets the ParentId field's value.
18190func (s *ListAccountsForParentInput) SetParentId(v string) *ListAccountsForParentInput {
18191	s.ParentId = &v
18192	return s
18193}
18194
18195type ListAccountsForParentOutput struct {
18196	_ struct{} `type:"structure"`
18197
18198	// A list of the accounts in the specified root or OU.
18199	Accounts []*Account `type:"list"`
18200
18201	// If present, indicates that more output is available than is included in the
18202	// current response. Use this value in the NextToken request parameter in a
18203	// subsequent call to the operation to get the next part of the output. You
18204	// should repeat this until the NextToken response element comes back as null.
18205	NextToken *string `type:"string"`
18206}
18207
18208// String returns the string representation
18209func (s ListAccountsForParentOutput) String() string {
18210	return awsutil.Prettify(s)
18211}
18212
18213// GoString returns the string representation
18214func (s ListAccountsForParentOutput) GoString() string {
18215	return s.String()
18216}
18217
18218// SetAccounts sets the Accounts field's value.
18219func (s *ListAccountsForParentOutput) SetAccounts(v []*Account) *ListAccountsForParentOutput {
18220	s.Accounts = v
18221	return s
18222}
18223
18224// SetNextToken sets the NextToken field's value.
18225func (s *ListAccountsForParentOutput) SetNextToken(v string) *ListAccountsForParentOutput {
18226	s.NextToken = &v
18227	return s
18228}
18229
18230type ListAccountsInput struct {
18231	_ struct{} `type:"structure"`
18232
18233	// The total number of results that you want included on each page of the response.
18234	// If you do not include this parameter, it defaults to a value that is specific
18235	// to the operation. If additional items exist beyond the maximum you specify,
18236	// the NextToken response element is present and has a value (is not null).
18237	// Include that value as the NextToken request parameter in the next call to
18238	// the operation to get the next part of the results. Note that Organizations
18239	// might return fewer results than the maximum even when there are more results
18240	// available. You should check NextToken after every operation to ensure that
18241	// you receive all of the results.
18242	MaxResults *int64 `min:"1" type:"integer"`
18243
18244	// The parameter for receiving additional results if you receive a NextToken
18245	// response in a previous request. A NextToken response indicates that more
18246	// output is available. Set this parameter to the value of the previous call's
18247	// NextToken response to indicate where the output should continue from.
18248	NextToken *string `type:"string"`
18249}
18250
18251// String returns the string representation
18252func (s ListAccountsInput) String() string {
18253	return awsutil.Prettify(s)
18254}
18255
18256// GoString returns the string representation
18257func (s ListAccountsInput) GoString() string {
18258	return s.String()
18259}
18260
18261// Validate inspects the fields of the type to determine if they are valid.
18262func (s *ListAccountsInput) Validate() error {
18263	invalidParams := request.ErrInvalidParams{Context: "ListAccountsInput"}
18264	if s.MaxResults != nil && *s.MaxResults < 1 {
18265		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
18266	}
18267
18268	if invalidParams.Len() > 0 {
18269		return invalidParams
18270	}
18271	return nil
18272}
18273
18274// SetMaxResults sets the MaxResults field's value.
18275func (s *ListAccountsInput) SetMaxResults(v int64) *ListAccountsInput {
18276	s.MaxResults = &v
18277	return s
18278}
18279
18280// SetNextToken sets the NextToken field's value.
18281func (s *ListAccountsInput) SetNextToken(v string) *ListAccountsInput {
18282	s.NextToken = &v
18283	return s
18284}
18285
18286type ListAccountsOutput struct {
18287	_ struct{} `type:"structure"`
18288
18289	// A list of objects in the organization.
18290	Accounts []*Account `type:"list"`
18291
18292	// If present, indicates that more output is available than is included in the
18293	// current response. Use this value in the NextToken request parameter in a
18294	// subsequent call to the operation to get the next part of the output. You
18295	// should repeat this until the NextToken response element comes back as null.
18296	NextToken *string `type:"string"`
18297}
18298
18299// String returns the string representation
18300func (s ListAccountsOutput) String() string {
18301	return awsutil.Prettify(s)
18302}
18303
18304// GoString returns the string representation
18305func (s ListAccountsOutput) GoString() string {
18306	return s.String()
18307}
18308
18309// SetAccounts sets the Accounts field's value.
18310func (s *ListAccountsOutput) SetAccounts(v []*Account) *ListAccountsOutput {
18311	s.Accounts = v
18312	return s
18313}
18314
18315// SetNextToken sets the NextToken field's value.
18316func (s *ListAccountsOutput) SetNextToken(v string) *ListAccountsOutput {
18317	s.NextToken = &v
18318	return s
18319}
18320
18321type ListChildrenInput struct {
18322	_ struct{} `type:"structure"`
18323
18324	// Filters the output to include only the specified child type.
18325	//
18326	// ChildType is a required field
18327	ChildType *string `type:"string" required:"true" enum:"ChildType"`
18328
18329	// The total number of results that you want included on each page of the response.
18330	// If you do not include this parameter, it defaults to a value that is specific
18331	// to the operation. If additional items exist beyond the maximum you specify,
18332	// the NextToken response element is present and has a value (is not null).
18333	// Include that value as the NextToken request parameter in the next call to
18334	// the operation to get the next part of the results. Note that Organizations
18335	// might return fewer results than the maximum even when there are more results
18336	// available. You should check NextToken after every operation to ensure that
18337	// you receive all of the results.
18338	MaxResults *int64 `min:"1" type:"integer"`
18339
18340	// The parameter for receiving additional results if you receive a NextToken
18341	// response in a previous request. A NextToken response indicates that more
18342	// output is available. Set this parameter to the value of the previous call's
18343	// NextToken response to indicate where the output should continue from.
18344	NextToken *string `type:"string"`
18345
18346	// The unique identifier (ID) for the parent root or OU whose children you want
18347	// to list.
18348	//
18349	// The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string
18350	// requires one of the following:
18351	//
18352	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
18353	//    letters or digits.
18354	//
18355	//    * Organizational unit (OU) - A string that begins with "ou-" followed
18356	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
18357	//    OU is in). This string is followed by a second "-" dash and from 8 to
18358	//    32 additional lowercase letters or digits.
18359	//
18360	// ParentId is a required field
18361	ParentId *string `type:"string" required:"true"`
18362}
18363
18364// String returns the string representation
18365func (s ListChildrenInput) String() string {
18366	return awsutil.Prettify(s)
18367}
18368
18369// GoString returns the string representation
18370func (s ListChildrenInput) GoString() string {
18371	return s.String()
18372}
18373
18374// Validate inspects the fields of the type to determine if they are valid.
18375func (s *ListChildrenInput) Validate() error {
18376	invalidParams := request.ErrInvalidParams{Context: "ListChildrenInput"}
18377	if s.ChildType == nil {
18378		invalidParams.Add(request.NewErrParamRequired("ChildType"))
18379	}
18380	if s.MaxResults != nil && *s.MaxResults < 1 {
18381		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
18382	}
18383	if s.ParentId == nil {
18384		invalidParams.Add(request.NewErrParamRequired("ParentId"))
18385	}
18386
18387	if invalidParams.Len() > 0 {
18388		return invalidParams
18389	}
18390	return nil
18391}
18392
18393// SetChildType sets the ChildType field's value.
18394func (s *ListChildrenInput) SetChildType(v string) *ListChildrenInput {
18395	s.ChildType = &v
18396	return s
18397}
18398
18399// SetMaxResults sets the MaxResults field's value.
18400func (s *ListChildrenInput) SetMaxResults(v int64) *ListChildrenInput {
18401	s.MaxResults = &v
18402	return s
18403}
18404
18405// SetNextToken sets the NextToken field's value.
18406func (s *ListChildrenInput) SetNextToken(v string) *ListChildrenInput {
18407	s.NextToken = &v
18408	return s
18409}
18410
18411// SetParentId sets the ParentId field's value.
18412func (s *ListChildrenInput) SetParentId(v string) *ListChildrenInput {
18413	s.ParentId = &v
18414	return s
18415}
18416
18417type ListChildrenOutput struct {
18418	_ struct{} `type:"structure"`
18419
18420	// The list of children of the specified parent container.
18421	Children []*Child `type:"list"`
18422
18423	// If present, indicates that more output is available than is included in the
18424	// current response. Use this value in the NextToken request parameter in a
18425	// subsequent call to the operation to get the next part of the output. You
18426	// should repeat this until the NextToken response element comes back as null.
18427	NextToken *string `type:"string"`
18428}
18429
18430// String returns the string representation
18431func (s ListChildrenOutput) String() string {
18432	return awsutil.Prettify(s)
18433}
18434
18435// GoString returns the string representation
18436func (s ListChildrenOutput) GoString() string {
18437	return s.String()
18438}
18439
18440// SetChildren sets the Children field's value.
18441func (s *ListChildrenOutput) SetChildren(v []*Child) *ListChildrenOutput {
18442	s.Children = v
18443	return s
18444}
18445
18446// SetNextToken sets the NextToken field's value.
18447func (s *ListChildrenOutput) SetNextToken(v string) *ListChildrenOutput {
18448	s.NextToken = &v
18449	return s
18450}
18451
18452type ListCreateAccountStatusInput struct {
18453	_ struct{} `type:"structure"`
18454
18455	// The total number of results that you want included on each page of the response.
18456	// If you do not include this parameter, it defaults to a value that is specific
18457	// to the operation. If additional items exist beyond the maximum you specify,
18458	// the NextToken response element is present and has a value (is not null).
18459	// Include that value as the NextToken request parameter in the next call to
18460	// the operation to get the next part of the results. Note that Organizations
18461	// might return fewer results than the maximum even when there are more results
18462	// available. You should check NextToken after every operation to ensure that
18463	// you receive all of the results.
18464	MaxResults *int64 `min:"1" type:"integer"`
18465
18466	// The parameter for receiving additional results if you receive a NextToken
18467	// response in a previous request. A NextToken response indicates that more
18468	// output is available. Set this parameter to the value of the previous call's
18469	// NextToken response to indicate where the output should continue from.
18470	NextToken *string `type:"string"`
18471
18472	// A list of one or more states that you want included in the response. If this
18473	// parameter isn't present, all requests are included in the response.
18474	States []*string `type:"list"`
18475}
18476
18477// String returns the string representation
18478func (s ListCreateAccountStatusInput) String() string {
18479	return awsutil.Prettify(s)
18480}
18481
18482// GoString returns the string representation
18483func (s ListCreateAccountStatusInput) GoString() string {
18484	return s.String()
18485}
18486
18487// Validate inspects the fields of the type to determine if they are valid.
18488func (s *ListCreateAccountStatusInput) Validate() error {
18489	invalidParams := request.ErrInvalidParams{Context: "ListCreateAccountStatusInput"}
18490	if s.MaxResults != nil && *s.MaxResults < 1 {
18491		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
18492	}
18493
18494	if invalidParams.Len() > 0 {
18495		return invalidParams
18496	}
18497	return nil
18498}
18499
18500// SetMaxResults sets the MaxResults field's value.
18501func (s *ListCreateAccountStatusInput) SetMaxResults(v int64) *ListCreateAccountStatusInput {
18502	s.MaxResults = &v
18503	return s
18504}
18505
18506// SetNextToken sets the NextToken field's value.
18507func (s *ListCreateAccountStatusInput) SetNextToken(v string) *ListCreateAccountStatusInput {
18508	s.NextToken = &v
18509	return s
18510}
18511
18512// SetStates sets the States field's value.
18513func (s *ListCreateAccountStatusInput) SetStates(v []*string) *ListCreateAccountStatusInput {
18514	s.States = v
18515	return s
18516}
18517
18518type ListCreateAccountStatusOutput struct {
18519	_ struct{} `type:"structure"`
18520
18521	// A list of objects with details about the requests. Certain elements, such
18522	// as the accountId number, are present in the output only after the account
18523	// has been successfully created.
18524	CreateAccountStatuses []*CreateAccountStatus `type:"list"`
18525
18526	// If present, indicates that more output is available than is included in the
18527	// current response. Use this value in the NextToken request parameter in a
18528	// subsequent call to the operation to get the next part of the output. You
18529	// should repeat this until the NextToken response element comes back as null.
18530	NextToken *string `type:"string"`
18531}
18532
18533// String returns the string representation
18534func (s ListCreateAccountStatusOutput) String() string {
18535	return awsutil.Prettify(s)
18536}
18537
18538// GoString returns the string representation
18539func (s ListCreateAccountStatusOutput) GoString() string {
18540	return s.String()
18541}
18542
18543// SetCreateAccountStatuses sets the CreateAccountStatuses field's value.
18544func (s *ListCreateAccountStatusOutput) SetCreateAccountStatuses(v []*CreateAccountStatus) *ListCreateAccountStatusOutput {
18545	s.CreateAccountStatuses = v
18546	return s
18547}
18548
18549// SetNextToken sets the NextToken field's value.
18550func (s *ListCreateAccountStatusOutput) SetNextToken(v string) *ListCreateAccountStatusOutput {
18551	s.NextToken = &v
18552	return s
18553}
18554
18555type ListDelegatedAdministratorsInput struct {
18556	_ struct{} `type:"structure"`
18557
18558	// The total number of results that you want included on each page of the response.
18559	// If you do not include this parameter, it defaults to a value that is specific
18560	// to the operation. If additional items exist beyond the maximum you specify,
18561	// the NextToken response element is present and has a value (is not null).
18562	// Include that value as the NextToken request parameter in the next call to
18563	// the operation to get the next part of the results. Note that Organizations
18564	// might return fewer results than the maximum even when there are more results
18565	// available. You should check NextToken after every operation to ensure that
18566	// you receive all of the results.
18567	MaxResults *int64 `min:"1" type:"integer"`
18568
18569	// The parameter for receiving additional results if you receive a NextToken
18570	// response in a previous request. A NextToken response indicates that more
18571	// output is available. Set this parameter to the value of the previous call's
18572	// NextToken response to indicate where the output should continue from.
18573	NextToken *string `type:"string"`
18574
18575	// Specifies a service principal name. If specified, then the operation lists
18576	// the delegated administrators only for the specified service.
18577	//
18578	// If you don't specify a service principal, the operation lists all delegated
18579	// administrators for all services in your organization.
18580	ServicePrincipal *string `min:"1" type:"string"`
18581}
18582
18583// String returns the string representation
18584func (s ListDelegatedAdministratorsInput) String() string {
18585	return awsutil.Prettify(s)
18586}
18587
18588// GoString returns the string representation
18589func (s ListDelegatedAdministratorsInput) GoString() string {
18590	return s.String()
18591}
18592
18593// Validate inspects the fields of the type to determine if they are valid.
18594func (s *ListDelegatedAdministratorsInput) Validate() error {
18595	invalidParams := request.ErrInvalidParams{Context: "ListDelegatedAdministratorsInput"}
18596	if s.MaxResults != nil && *s.MaxResults < 1 {
18597		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
18598	}
18599	if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 {
18600		invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1))
18601	}
18602
18603	if invalidParams.Len() > 0 {
18604		return invalidParams
18605	}
18606	return nil
18607}
18608
18609// SetMaxResults sets the MaxResults field's value.
18610func (s *ListDelegatedAdministratorsInput) SetMaxResults(v int64) *ListDelegatedAdministratorsInput {
18611	s.MaxResults = &v
18612	return s
18613}
18614
18615// SetNextToken sets the NextToken field's value.
18616func (s *ListDelegatedAdministratorsInput) SetNextToken(v string) *ListDelegatedAdministratorsInput {
18617	s.NextToken = &v
18618	return s
18619}
18620
18621// SetServicePrincipal sets the ServicePrincipal field's value.
18622func (s *ListDelegatedAdministratorsInput) SetServicePrincipal(v string) *ListDelegatedAdministratorsInput {
18623	s.ServicePrincipal = &v
18624	return s
18625}
18626
18627type ListDelegatedAdministratorsOutput struct {
18628	_ struct{} `type:"structure"`
18629
18630	// The list of delegated administrators in your organization.
18631	DelegatedAdministrators []*DelegatedAdministrator `type:"list"`
18632
18633	// If present, indicates that more output is available than is included in the
18634	// current response. Use this value in the NextToken request parameter in a
18635	// subsequent call to the operation to get the next part of the output. You
18636	// should repeat this until the NextToken response element comes back as null.
18637	NextToken *string `type:"string"`
18638}
18639
18640// String returns the string representation
18641func (s ListDelegatedAdministratorsOutput) String() string {
18642	return awsutil.Prettify(s)
18643}
18644
18645// GoString returns the string representation
18646func (s ListDelegatedAdministratorsOutput) GoString() string {
18647	return s.String()
18648}
18649
18650// SetDelegatedAdministrators sets the DelegatedAdministrators field's value.
18651func (s *ListDelegatedAdministratorsOutput) SetDelegatedAdministrators(v []*DelegatedAdministrator) *ListDelegatedAdministratorsOutput {
18652	s.DelegatedAdministrators = v
18653	return s
18654}
18655
18656// SetNextToken sets the NextToken field's value.
18657func (s *ListDelegatedAdministratorsOutput) SetNextToken(v string) *ListDelegatedAdministratorsOutput {
18658	s.NextToken = &v
18659	return s
18660}
18661
18662type ListDelegatedServicesForAccountInput struct {
18663	_ struct{} `type:"structure"`
18664
18665	// The account ID number of a delegated administrator account in the organization.
18666	//
18667	// AccountId is a required field
18668	AccountId *string `type:"string" required:"true"`
18669
18670	// The total number of results that you want included on each page of the response.
18671	// If you do not include this parameter, it defaults to a value that is specific
18672	// to the operation. If additional items exist beyond the maximum you specify,
18673	// the NextToken response element is present and has a value (is not null).
18674	// Include that value as the NextToken request parameter in the next call to
18675	// the operation to get the next part of the results. Note that Organizations
18676	// might return fewer results than the maximum even when there are more results
18677	// available. You should check NextToken after every operation to ensure that
18678	// you receive all of the results.
18679	MaxResults *int64 `min:"1" type:"integer"`
18680
18681	// The parameter for receiving additional results if you receive a NextToken
18682	// response in a previous request. A NextToken response indicates that more
18683	// output is available. Set this parameter to the value of the previous call's
18684	// NextToken response to indicate where the output should continue from.
18685	NextToken *string `type:"string"`
18686}
18687
18688// String returns the string representation
18689func (s ListDelegatedServicesForAccountInput) String() string {
18690	return awsutil.Prettify(s)
18691}
18692
18693// GoString returns the string representation
18694func (s ListDelegatedServicesForAccountInput) GoString() string {
18695	return s.String()
18696}
18697
18698// Validate inspects the fields of the type to determine if they are valid.
18699func (s *ListDelegatedServicesForAccountInput) Validate() error {
18700	invalidParams := request.ErrInvalidParams{Context: "ListDelegatedServicesForAccountInput"}
18701	if s.AccountId == nil {
18702		invalidParams.Add(request.NewErrParamRequired("AccountId"))
18703	}
18704	if s.MaxResults != nil && *s.MaxResults < 1 {
18705		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
18706	}
18707
18708	if invalidParams.Len() > 0 {
18709		return invalidParams
18710	}
18711	return nil
18712}
18713
18714// SetAccountId sets the AccountId field's value.
18715func (s *ListDelegatedServicesForAccountInput) SetAccountId(v string) *ListDelegatedServicesForAccountInput {
18716	s.AccountId = &v
18717	return s
18718}
18719
18720// SetMaxResults sets the MaxResults field's value.
18721func (s *ListDelegatedServicesForAccountInput) SetMaxResults(v int64) *ListDelegatedServicesForAccountInput {
18722	s.MaxResults = &v
18723	return s
18724}
18725
18726// SetNextToken sets the NextToken field's value.
18727func (s *ListDelegatedServicesForAccountInput) SetNextToken(v string) *ListDelegatedServicesForAccountInput {
18728	s.NextToken = &v
18729	return s
18730}
18731
18732type ListDelegatedServicesForAccountOutput struct {
18733	_ struct{} `type:"structure"`
18734
18735	// The services for which the account is a delegated administrator.
18736	DelegatedServices []*DelegatedService `type:"list"`
18737
18738	// If present, indicates that more output is available than is included in the
18739	// current response. Use this value in the NextToken request parameter in a
18740	// subsequent call to the operation to get the next part of the output. You
18741	// should repeat this until the NextToken response element comes back as null.
18742	NextToken *string `type:"string"`
18743}
18744
18745// String returns the string representation
18746func (s ListDelegatedServicesForAccountOutput) String() string {
18747	return awsutil.Prettify(s)
18748}
18749
18750// GoString returns the string representation
18751func (s ListDelegatedServicesForAccountOutput) GoString() string {
18752	return s.String()
18753}
18754
18755// SetDelegatedServices sets the DelegatedServices field's value.
18756func (s *ListDelegatedServicesForAccountOutput) SetDelegatedServices(v []*DelegatedService) *ListDelegatedServicesForAccountOutput {
18757	s.DelegatedServices = v
18758	return s
18759}
18760
18761// SetNextToken sets the NextToken field's value.
18762func (s *ListDelegatedServicesForAccountOutput) SetNextToken(v string) *ListDelegatedServicesForAccountOutput {
18763	s.NextToken = &v
18764	return s
18765}
18766
18767type ListHandshakesForAccountInput struct {
18768	_ struct{} `type:"structure"`
18769
18770	// Filters the handshakes that you want included in the response. The default
18771	// is all types. Use the ActionType element to limit the output to only a specified
18772	// type, such as INVITE, ENABLE_ALL_FEATURES, or APPROVE_ALL_FEATURES. Alternatively,
18773	// for the ENABLE_ALL_FEATURES handshake that generates a separate child handshake
18774	// for each member account, you can specify ParentHandshakeId to see only the
18775	// handshakes that were generated by that parent request.
18776	Filter *HandshakeFilter `type:"structure"`
18777
18778	// The total number of results that you want included on each page of the response.
18779	// If you do not include this parameter, it defaults to a value that is specific
18780	// to the operation. If additional items exist beyond the maximum you specify,
18781	// the NextToken response element is present and has a value (is not null).
18782	// Include that value as the NextToken request parameter in the next call to
18783	// the operation to get the next part of the results. Note that Organizations
18784	// might return fewer results than the maximum even when there are more results
18785	// available. You should check NextToken after every operation to ensure that
18786	// you receive all of the results.
18787	MaxResults *int64 `min:"1" type:"integer"`
18788
18789	// The parameter for receiving additional results if you receive a NextToken
18790	// response in a previous request. A NextToken response indicates that more
18791	// output is available. Set this parameter to the value of the previous call's
18792	// NextToken response to indicate where the output should continue from.
18793	NextToken *string `type:"string"`
18794}
18795
18796// String returns the string representation
18797func (s ListHandshakesForAccountInput) String() string {
18798	return awsutil.Prettify(s)
18799}
18800
18801// GoString returns the string representation
18802func (s ListHandshakesForAccountInput) GoString() string {
18803	return s.String()
18804}
18805
18806// Validate inspects the fields of the type to determine if they are valid.
18807func (s *ListHandshakesForAccountInput) Validate() error {
18808	invalidParams := request.ErrInvalidParams{Context: "ListHandshakesForAccountInput"}
18809	if s.MaxResults != nil && *s.MaxResults < 1 {
18810		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
18811	}
18812
18813	if invalidParams.Len() > 0 {
18814		return invalidParams
18815	}
18816	return nil
18817}
18818
18819// SetFilter sets the Filter field's value.
18820func (s *ListHandshakesForAccountInput) SetFilter(v *HandshakeFilter) *ListHandshakesForAccountInput {
18821	s.Filter = v
18822	return s
18823}
18824
18825// SetMaxResults sets the MaxResults field's value.
18826func (s *ListHandshakesForAccountInput) SetMaxResults(v int64) *ListHandshakesForAccountInput {
18827	s.MaxResults = &v
18828	return s
18829}
18830
18831// SetNextToken sets the NextToken field's value.
18832func (s *ListHandshakesForAccountInput) SetNextToken(v string) *ListHandshakesForAccountInput {
18833	s.NextToken = &v
18834	return s
18835}
18836
18837type ListHandshakesForAccountOutput struct {
18838	_ struct{} `type:"structure"`
18839
18840	// A list of Handshake objects with details about each of the handshakes that
18841	// is associated with the specified account.
18842	Handshakes []*Handshake `type:"list"`
18843
18844	// If present, indicates that more output is available than is included in the
18845	// current response. Use this value in the NextToken request parameter in a
18846	// subsequent call to the operation to get the next part of the output. You
18847	// should repeat this until the NextToken response element comes back as null.
18848	NextToken *string `type:"string"`
18849}
18850
18851// String returns the string representation
18852func (s ListHandshakesForAccountOutput) String() string {
18853	return awsutil.Prettify(s)
18854}
18855
18856// GoString returns the string representation
18857func (s ListHandshakesForAccountOutput) GoString() string {
18858	return s.String()
18859}
18860
18861// SetHandshakes sets the Handshakes field's value.
18862func (s *ListHandshakesForAccountOutput) SetHandshakes(v []*Handshake) *ListHandshakesForAccountOutput {
18863	s.Handshakes = v
18864	return s
18865}
18866
18867// SetNextToken sets the NextToken field's value.
18868func (s *ListHandshakesForAccountOutput) SetNextToken(v string) *ListHandshakesForAccountOutput {
18869	s.NextToken = &v
18870	return s
18871}
18872
18873type ListHandshakesForOrganizationInput struct {
18874	_ struct{} `type:"structure"`
18875
18876	// A filter of the handshakes that you want included in the response. The default
18877	// is all types. Use the ActionType element to limit the output to only a specified
18878	// type, such as INVITE, ENABLE-ALL-FEATURES, or APPROVE-ALL-FEATURES. Alternatively,
18879	// for the ENABLE-ALL-FEATURES handshake that generates a separate child handshake
18880	// for each member account, you can specify the ParentHandshakeId to see only
18881	// the handshakes that were generated by that parent request.
18882	Filter *HandshakeFilter `type:"structure"`
18883
18884	// The total number of results that you want included on each page of the response.
18885	// If you do not include this parameter, it defaults to a value that is specific
18886	// to the operation. If additional items exist beyond the maximum you specify,
18887	// the NextToken response element is present and has a value (is not null).
18888	// Include that value as the NextToken request parameter in the next call to
18889	// the operation to get the next part of the results. Note that Organizations
18890	// might return fewer results than the maximum even when there are more results
18891	// available. You should check NextToken after every operation to ensure that
18892	// you receive all of the results.
18893	MaxResults *int64 `min:"1" type:"integer"`
18894
18895	// The parameter for receiving additional results if you receive a NextToken
18896	// response in a previous request. A NextToken response indicates that more
18897	// output is available. Set this parameter to the value of the previous call's
18898	// NextToken response to indicate where the output should continue from.
18899	NextToken *string `type:"string"`
18900}
18901
18902// String returns the string representation
18903func (s ListHandshakesForOrganizationInput) String() string {
18904	return awsutil.Prettify(s)
18905}
18906
18907// GoString returns the string representation
18908func (s ListHandshakesForOrganizationInput) GoString() string {
18909	return s.String()
18910}
18911
18912// Validate inspects the fields of the type to determine if they are valid.
18913func (s *ListHandshakesForOrganizationInput) Validate() error {
18914	invalidParams := request.ErrInvalidParams{Context: "ListHandshakesForOrganizationInput"}
18915	if s.MaxResults != nil && *s.MaxResults < 1 {
18916		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
18917	}
18918
18919	if invalidParams.Len() > 0 {
18920		return invalidParams
18921	}
18922	return nil
18923}
18924
18925// SetFilter sets the Filter field's value.
18926func (s *ListHandshakesForOrganizationInput) SetFilter(v *HandshakeFilter) *ListHandshakesForOrganizationInput {
18927	s.Filter = v
18928	return s
18929}
18930
18931// SetMaxResults sets the MaxResults field's value.
18932func (s *ListHandshakesForOrganizationInput) SetMaxResults(v int64) *ListHandshakesForOrganizationInput {
18933	s.MaxResults = &v
18934	return s
18935}
18936
18937// SetNextToken sets the NextToken field's value.
18938func (s *ListHandshakesForOrganizationInput) SetNextToken(v string) *ListHandshakesForOrganizationInput {
18939	s.NextToken = &v
18940	return s
18941}
18942
18943type ListHandshakesForOrganizationOutput struct {
18944	_ struct{} `type:"structure"`
18945
18946	// A list of Handshake objects with details about each of the handshakes that
18947	// are associated with an organization.
18948	Handshakes []*Handshake `type:"list"`
18949
18950	// If present, indicates that more output is available than is included in the
18951	// current response. Use this value in the NextToken request parameter in a
18952	// subsequent call to the operation to get the next part of the output. You
18953	// should repeat this until the NextToken response element comes back as null.
18954	NextToken *string `type:"string"`
18955}
18956
18957// String returns the string representation
18958func (s ListHandshakesForOrganizationOutput) String() string {
18959	return awsutil.Prettify(s)
18960}
18961
18962// GoString returns the string representation
18963func (s ListHandshakesForOrganizationOutput) GoString() string {
18964	return s.String()
18965}
18966
18967// SetHandshakes sets the Handshakes field's value.
18968func (s *ListHandshakesForOrganizationOutput) SetHandshakes(v []*Handshake) *ListHandshakesForOrganizationOutput {
18969	s.Handshakes = v
18970	return s
18971}
18972
18973// SetNextToken sets the NextToken field's value.
18974func (s *ListHandshakesForOrganizationOutput) SetNextToken(v string) *ListHandshakesForOrganizationOutput {
18975	s.NextToken = &v
18976	return s
18977}
18978
18979type ListOrganizationalUnitsForParentInput struct {
18980	_ struct{} `type:"structure"`
18981
18982	// The total number of results that you want included on each page of the response.
18983	// If you do not include this parameter, it defaults to a value that is specific
18984	// to the operation. If additional items exist beyond the maximum you specify,
18985	// the NextToken response element is present and has a value (is not null).
18986	// Include that value as the NextToken request parameter in the next call to
18987	// the operation to get the next part of the results. Note that Organizations
18988	// might return fewer results than the maximum even when there are more results
18989	// available. You should check NextToken after every operation to ensure that
18990	// you receive all of the results.
18991	MaxResults *int64 `min:"1" type:"integer"`
18992
18993	// The parameter for receiving additional results if you receive a NextToken
18994	// response in a previous request. A NextToken response indicates that more
18995	// output is available. Set this parameter to the value of the previous call's
18996	// NextToken response to indicate where the output should continue from.
18997	NextToken *string `type:"string"`
18998
18999	// The unique identifier (ID) of the root or OU whose child OUs you want to
19000	// list.
19001	//
19002	// The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string
19003	// requires one of the following:
19004	//
19005	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
19006	//    letters or digits.
19007	//
19008	//    * Organizational unit (OU) - A string that begins with "ou-" followed
19009	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
19010	//    OU is in). This string is followed by a second "-" dash and from 8 to
19011	//    32 additional lowercase letters or digits.
19012	//
19013	// ParentId is a required field
19014	ParentId *string `type:"string" required:"true"`
19015}
19016
19017// String returns the string representation
19018func (s ListOrganizationalUnitsForParentInput) String() string {
19019	return awsutil.Prettify(s)
19020}
19021
19022// GoString returns the string representation
19023func (s ListOrganizationalUnitsForParentInput) GoString() string {
19024	return s.String()
19025}
19026
19027// Validate inspects the fields of the type to determine if they are valid.
19028func (s *ListOrganizationalUnitsForParentInput) Validate() error {
19029	invalidParams := request.ErrInvalidParams{Context: "ListOrganizationalUnitsForParentInput"}
19030	if s.MaxResults != nil && *s.MaxResults < 1 {
19031		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
19032	}
19033	if s.ParentId == nil {
19034		invalidParams.Add(request.NewErrParamRequired("ParentId"))
19035	}
19036
19037	if invalidParams.Len() > 0 {
19038		return invalidParams
19039	}
19040	return nil
19041}
19042
19043// SetMaxResults sets the MaxResults field's value.
19044func (s *ListOrganizationalUnitsForParentInput) SetMaxResults(v int64) *ListOrganizationalUnitsForParentInput {
19045	s.MaxResults = &v
19046	return s
19047}
19048
19049// SetNextToken sets the NextToken field's value.
19050func (s *ListOrganizationalUnitsForParentInput) SetNextToken(v string) *ListOrganizationalUnitsForParentInput {
19051	s.NextToken = &v
19052	return s
19053}
19054
19055// SetParentId sets the ParentId field's value.
19056func (s *ListOrganizationalUnitsForParentInput) SetParentId(v string) *ListOrganizationalUnitsForParentInput {
19057	s.ParentId = &v
19058	return s
19059}
19060
19061type ListOrganizationalUnitsForParentOutput struct {
19062	_ struct{} `type:"structure"`
19063
19064	// If present, indicates that more output is available than is included in the
19065	// current response. Use this value in the NextToken request parameter in a
19066	// subsequent call to the operation to get the next part of the output. You
19067	// should repeat this until the NextToken response element comes back as null.
19068	NextToken *string `type:"string"`
19069
19070	// A list of the OUs in the specified root or parent OU.
19071	OrganizationalUnits []*OrganizationalUnit `type:"list"`
19072}
19073
19074// String returns the string representation
19075func (s ListOrganizationalUnitsForParentOutput) String() string {
19076	return awsutil.Prettify(s)
19077}
19078
19079// GoString returns the string representation
19080func (s ListOrganizationalUnitsForParentOutput) GoString() string {
19081	return s.String()
19082}
19083
19084// SetNextToken sets the NextToken field's value.
19085func (s *ListOrganizationalUnitsForParentOutput) SetNextToken(v string) *ListOrganizationalUnitsForParentOutput {
19086	s.NextToken = &v
19087	return s
19088}
19089
19090// SetOrganizationalUnits sets the OrganizationalUnits field's value.
19091func (s *ListOrganizationalUnitsForParentOutput) SetOrganizationalUnits(v []*OrganizationalUnit) *ListOrganizationalUnitsForParentOutput {
19092	s.OrganizationalUnits = v
19093	return s
19094}
19095
19096type ListParentsInput struct {
19097	_ struct{} `type:"structure"`
19098
19099	// The unique identifier (ID) of the OU or account whose parent containers you
19100	// want to list. Don't specify a root.
19101	//
19102	// The regex pattern (http://wikipedia.org/wiki/regex) for a child ID string
19103	// requires one of the following:
19104	//
19105	//    * Account - A string that consists of exactly 12 digits.
19106	//
19107	//    * Organizational unit (OU) - A string that begins with "ou-" followed
19108	//    by from 4 to 32 lowercase letters or digits (the ID of the root that contains
19109	//    the OU). This string is followed by a second "-" dash and from 8 to 32
19110	//    additional lowercase letters or digits.
19111	//
19112	// ChildId is a required field
19113	ChildId *string `type:"string" required:"true"`
19114
19115	// The total number of results that you want included on each page of the response.
19116	// If you do not include this parameter, it defaults to a value that is specific
19117	// to the operation. If additional items exist beyond the maximum you specify,
19118	// the NextToken response element is present and has a value (is not null).
19119	// Include that value as the NextToken request parameter in the next call to
19120	// the operation to get the next part of the results. Note that Organizations
19121	// might return fewer results than the maximum even when there are more results
19122	// available. You should check NextToken after every operation to ensure that
19123	// you receive all of the results.
19124	MaxResults *int64 `min:"1" type:"integer"`
19125
19126	// The parameter for receiving additional results if you receive a NextToken
19127	// response in a previous request. A NextToken response indicates that more
19128	// output is available. Set this parameter to the value of the previous call's
19129	// NextToken response to indicate where the output should continue from.
19130	NextToken *string `type:"string"`
19131}
19132
19133// String returns the string representation
19134func (s ListParentsInput) String() string {
19135	return awsutil.Prettify(s)
19136}
19137
19138// GoString returns the string representation
19139func (s ListParentsInput) GoString() string {
19140	return s.String()
19141}
19142
19143// Validate inspects the fields of the type to determine if they are valid.
19144func (s *ListParentsInput) Validate() error {
19145	invalidParams := request.ErrInvalidParams{Context: "ListParentsInput"}
19146	if s.ChildId == nil {
19147		invalidParams.Add(request.NewErrParamRequired("ChildId"))
19148	}
19149	if s.MaxResults != nil && *s.MaxResults < 1 {
19150		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
19151	}
19152
19153	if invalidParams.Len() > 0 {
19154		return invalidParams
19155	}
19156	return nil
19157}
19158
19159// SetChildId sets the ChildId field's value.
19160func (s *ListParentsInput) SetChildId(v string) *ListParentsInput {
19161	s.ChildId = &v
19162	return s
19163}
19164
19165// SetMaxResults sets the MaxResults field's value.
19166func (s *ListParentsInput) SetMaxResults(v int64) *ListParentsInput {
19167	s.MaxResults = &v
19168	return s
19169}
19170
19171// SetNextToken sets the NextToken field's value.
19172func (s *ListParentsInput) SetNextToken(v string) *ListParentsInput {
19173	s.NextToken = &v
19174	return s
19175}
19176
19177type ListParentsOutput struct {
19178	_ struct{} `type:"structure"`
19179
19180	// If present, indicates that more output is available than is included in the
19181	// current response. Use this value in the NextToken request parameter in a
19182	// subsequent call to the operation to get the next part of the output. You
19183	// should repeat this until the NextToken response element comes back as null.
19184	NextToken *string `type:"string"`
19185
19186	// A list of parents for the specified child account or OU.
19187	Parents []*Parent `type:"list"`
19188}
19189
19190// String returns the string representation
19191func (s ListParentsOutput) String() string {
19192	return awsutil.Prettify(s)
19193}
19194
19195// GoString returns the string representation
19196func (s ListParentsOutput) GoString() string {
19197	return s.String()
19198}
19199
19200// SetNextToken sets the NextToken field's value.
19201func (s *ListParentsOutput) SetNextToken(v string) *ListParentsOutput {
19202	s.NextToken = &v
19203	return s
19204}
19205
19206// SetParents sets the Parents field's value.
19207func (s *ListParentsOutput) SetParents(v []*Parent) *ListParentsOutput {
19208	s.Parents = v
19209	return s
19210}
19211
19212type ListPoliciesForTargetInput struct {
19213	_ struct{} `type:"structure"`
19214
19215	// The type of policy that you want to include in the returned list. You must
19216	// specify one of the following values:
19217	//
19218	//    * AISERVICES_OPT_OUT_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html)
19219	//
19220	//    * BACKUP_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html)
19221	//
19222	//    * SERVICE_CONTROL_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html)
19223	//
19224	//    * TAG_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html)
19225	//
19226	// Filter is a required field
19227	Filter *string `type:"string" required:"true" enum:"PolicyType"`
19228
19229	// The total number of results that you want included on each page of the response.
19230	// If you do not include this parameter, it defaults to a value that is specific
19231	// to the operation. If additional items exist beyond the maximum you specify,
19232	// the NextToken response element is present and has a value (is not null).
19233	// Include that value as the NextToken request parameter in the next call to
19234	// the operation to get the next part of the results. Note that Organizations
19235	// might return fewer results than the maximum even when there are more results
19236	// available. You should check NextToken after every operation to ensure that
19237	// you receive all of the results.
19238	MaxResults *int64 `min:"1" type:"integer"`
19239
19240	// The parameter for receiving additional results if you receive a NextToken
19241	// response in a previous request. A NextToken response indicates that more
19242	// output is available. Set this parameter to the value of the previous call's
19243	// NextToken response to indicate where the output should continue from.
19244	NextToken *string `type:"string"`
19245
19246	// The unique identifier (ID) of the root, organizational unit, or account whose
19247	// policies you want to list.
19248	//
19249	// The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string
19250	// requires one of the following:
19251	//
19252	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
19253	//    letters or digits.
19254	//
19255	//    * Account - A string that consists of exactly 12 digits.
19256	//
19257	//    * Organizational unit (OU) - A string that begins with "ou-" followed
19258	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
19259	//    OU is in). This string is followed by a second "-" dash and from 8 to
19260	//    32 additional lowercase letters or digits.
19261	//
19262	// TargetId is a required field
19263	TargetId *string `type:"string" required:"true"`
19264}
19265
19266// String returns the string representation
19267func (s ListPoliciesForTargetInput) String() string {
19268	return awsutil.Prettify(s)
19269}
19270
19271// GoString returns the string representation
19272func (s ListPoliciesForTargetInput) GoString() string {
19273	return s.String()
19274}
19275
19276// Validate inspects the fields of the type to determine if they are valid.
19277func (s *ListPoliciesForTargetInput) Validate() error {
19278	invalidParams := request.ErrInvalidParams{Context: "ListPoliciesForTargetInput"}
19279	if s.Filter == nil {
19280		invalidParams.Add(request.NewErrParamRequired("Filter"))
19281	}
19282	if s.MaxResults != nil && *s.MaxResults < 1 {
19283		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
19284	}
19285	if s.TargetId == nil {
19286		invalidParams.Add(request.NewErrParamRequired("TargetId"))
19287	}
19288
19289	if invalidParams.Len() > 0 {
19290		return invalidParams
19291	}
19292	return nil
19293}
19294
19295// SetFilter sets the Filter field's value.
19296func (s *ListPoliciesForTargetInput) SetFilter(v string) *ListPoliciesForTargetInput {
19297	s.Filter = &v
19298	return s
19299}
19300
19301// SetMaxResults sets the MaxResults field's value.
19302func (s *ListPoliciesForTargetInput) SetMaxResults(v int64) *ListPoliciesForTargetInput {
19303	s.MaxResults = &v
19304	return s
19305}
19306
19307// SetNextToken sets the NextToken field's value.
19308func (s *ListPoliciesForTargetInput) SetNextToken(v string) *ListPoliciesForTargetInput {
19309	s.NextToken = &v
19310	return s
19311}
19312
19313// SetTargetId sets the TargetId field's value.
19314func (s *ListPoliciesForTargetInput) SetTargetId(v string) *ListPoliciesForTargetInput {
19315	s.TargetId = &v
19316	return s
19317}
19318
19319type ListPoliciesForTargetOutput struct {
19320	_ struct{} `type:"structure"`
19321
19322	// If present, indicates that more output is available than is included in the
19323	// current response. Use this value in the NextToken request parameter in a
19324	// subsequent call to the operation to get the next part of the output. You
19325	// should repeat this until the NextToken response element comes back as null.
19326	NextToken *string `type:"string"`
19327
19328	// The list of policies that match the criteria in the request.
19329	Policies []*PolicySummary `type:"list"`
19330}
19331
19332// String returns the string representation
19333func (s ListPoliciesForTargetOutput) String() string {
19334	return awsutil.Prettify(s)
19335}
19336
19337// GoString returns the string representation
19338func (s ListPoliciesForTargetOutput) GoString() string {
19339	return s.String()
19340}
19341
19342// SetNextToken sets the NextToken field's value.
19343func (s *ListPoliciesForTargetOutput) SetNextToken(v string) *ListPoliciesForTargetOutput {
19344	s.NextToken = &v
19345	return s
19346}
19347
19348// SetPolicies sets the Policies field's value.
19349func (s *ListPoliciesForTargetOutput) SetPolicies(v []*PolicySummary) *ListPoliciesForTargetOutput {
19350	s.Policies = v
19351	return s
19352}
19353
19354type ListPoliciesInput struct {
19355	_ struct{} `type:"structure"`
19356
19357	// Specifies the type of policy that you want to include in the response. You
19358	// must specify one of the following values:
19359	//
19360	//    * AISERVICES_OPT_OUT_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html)
19361	//
19362	//    * BACKUP_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html)
19363	//
19364	//    * SERVICE_CONTROL_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html)
19365	//
19366	//    * TAG_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html)
19367	//
19368	// Filter is a required field
19369	Filter *string `type:"string" required:"true" enum:"PolicyType"`
19370
19371	// The total number of results that you want included on each page of the response.
19372	// If you do not include this parameter, it defaults to a value that is specific
19373	// to the operation. If additional items exist beyond the maximum you specify,
19374	// the NextToken response element is present and has a value (is not null).
19375	// Include that value as the NextToken request parameter in the next call to
19376	// the operation to get the next part of the results. Note that Organizations
19377	// might return fewer results than the maximum even when there are more results
19378	// available. You should check NextToken after every operation to ensure that
19379	// you receive all of the results.
19380	MaxResults *int64 `min:"1" type:"integer"`
19381
19382	// The parameter for receiving additional results if you receive a NextToken
19383	// response in a previous request. A NextToken response indicates that more
19384	// output is available. Set this parameter to the value of the previous call's
19385	// NextToken response to indicate where the output should continue from.
19386	NextToken *string `type:"string"`
19387}
19388
19389// String returns the string representation
19390func (s ListPoliciesInput) String() string {
19391	return awsutil.Prettify(s)
19392}
19393
19394// GoString returns the string representation
19395func (s ListPoliciesInput) GoString() string {
19396	return s.String()
19397}
19398
19399// Validate inspects the fields of the type to determine if they are valid.
19400func (s *ListPoliciesInput) Validate() error {
19401	invalidParams := request.ErrInvalidParams{Context: "ListPoliciesInput"}
19402	if s.Filter == nil {
19403		invalidParams.Add(request.NewErrParamRequired("Filter"))
19404	}
19405	if s.MaxResults != nil && *s.MaxResults < 1 {
19406		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
19407	}
19408
19409	if invalidParams.Len() > 0 {
19410		return invalidParams
19411	}
19412	return nil
19413}
19414
19415// SetFilter sets the Filter field's value.
19416func (s *ListPoliciesInput) SetFilter(v string) *ListPoliciesInput {
19417	s.Filter = &v
19418	return s
19419}
19420
19421// SetMaxResults sets the MaxResults field's value.
19422func (s *ListPoliciesInput) SetMaxResults(v int64) *ListPoliciesInput {
19423	s.MaxResults = &v
19424	return s
19425}
19426
19427// SetNextToken sets the NextToken field's value.
19428func (s *ListPoliciesInput) SetNextToken(v string) *ListPoliciesInput {
19429	s.NextToken = &v
19430	return s
19431}
19432
19433type ListPoliciesOutput struct {
19434	_ struct{} `type:"structure"`
19435
19436	// If present, indicates that more output is available than is included in the
19437	// current response. Use this value in the NextToken request parameter in a
19438	// subsequent call to the operation to get the next part of the output. You
19439	// should repeat this until the NextToken response element comes back as null.
19440	NextToken *string `type:"string"`
19441
19442	// A list of policies that match the filter criteria in the request. The output
19443	// list doesn't include the policy contents. To see the content for a policy,
19444	// see DescribePolicy.
19445	Policies []*PolicySummary `type:"list"`
19446}
19447
19448// String returns the string representation
19449func (s ListPoliciesOutput) String() string {
19450	return awsutil.Prettify(s)
19451}
19452
19453// GoString returns the string representation
19454func (s ListPoliciesOutput) GoString() string {
19455	return s.String()
19456}
19457
19458// SetNextToken sets the NextToken field's value.
19459func (s *ListPoliciesOutput) SetNextToken(v string) *ListPoliciesOutput {
19460	s.NextToken = &v
19461	return s
19462}
19463
19464// SetPolicies sets the Policies field's value.
19465func (s *ListPoliciesOutput) SetPolicies(v []*PolicySummary) *ListPoliciesOutput {
19466	s.Policies = v
19467	return s
19468}
19469
19470type ListRootsInput struct {
19471	_ struct{} `type:"structure"`
19472
19473	// The total number of results that you want included on each page of the response.
19474	// If you do not include this parameter, it defaults to a value that is specific
19475	// to the operation. If additional items exist beyond the maximum you specify,
19476	// the NextToken response element is present and has a value (is not null).
19477	// Include that value as the NextToken request parameter in the next call to
19478	// the operation to get the next part of the results. Note that Organizations
19479	// might return fewer results than the maximum even when there are more results
19480	// available. You should check NextToken after every operation to ensure that
19481	// you receive all of the results.
19482	MaxResults *int64 `min:"1" type:"integer"`
19483
19484	// The parameter for receiving additional results if you receive a NextToken
19485	// response in a previous request. A NextToken response indicates that more
19486	// output is available. Set this parameter to the value of the previous call's
19487	// NextToken response to indicate where the output should continue from.
19488	NextToken *string `type:"string"`
19489}
19490
19491// String returns the string representation
19492func (s ListRootsInput) String() string {
19493	return awsutil.Prettify(s)
19494}
19495
19496// GoString returns the string representation
19497func (s ListRootsInput) GoString() string {
19498	return s.String()
19499}
19500
19501// Validate inspects the fields of the type to determine if they are valid.
19502func (s *ListRootsInput) Validate() error {
19503	invalidParams := request.ErrInvalidParams{Context: "ListRootsInput"}
19504	if s.MaxResults != nil && *s.MaxResults < 1 {
19505		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
19506	}
19507
19508	if invalidParams.Len() > 0 {
19509		return invalidParams
19510	}
19511	return nil
19512}
19513
19514// SetMaxResults sets the MaxResults field's value.
19515func (s *ListRootsInput) SetMaxResults(v int64) *ListRootsInput {
19516	s.MaxResults = &v
19517	return s
19518}
19519
19520// SetNextToken sets the NextToken field's value.
19521func (s *ListRootsInput) SetNextToken(v string) *ListRootsInput {
19522	s.NextToken = &v
19523	return s
19524}
19525
19526type ListRootsOutput struct {
19527	_ struct{} `type:"structure"`
19528
19529	// If present, indicates that more output is available than is included in the
19530	// current response. Use this value in the NextToken request parameter in a
19531	// subsequent call to the operation to get the next part of the output. You
19532	// should repeat this until the NextToken response element comes back as null.
19533	NextToken *string `type:"string"`
19534
19535	// A list of roots that are defined in an organization.
19536	Roots []*Root `type:"list"`
19537}
19538
19539// String returns the string representation
19540func (s ListRootsOutput) String() string {
19541	return awsutil.Prettify(s)
19542}
19543
19544// GoString returns the string representation
19545func (s ListRootsOutput) GoString() string {
19546	return s.String()
19547}
19548
19549// SetNextToken sets the NextToken field's value.
19550func (s *ListRootsOutput) SetNextToken(v string) *ListRootsOutput {
19551	s.NextToken = &v
19552	return s
19553}
19554
19555// SetRoots sets the Roots field's value.
19556func (s *ListRootsOutput) SetRoots(v []*Root) *ListRootsOutput {
19557	s.Roots = v
19558	return s
19559}
19560
19561type ListTagsForResourceInput struct {
19562	_ struct{} `type:"structure"`
19563
19564	// The parameter for receiving additional results if you receive a NextToken
19565	// response in a previous request. A NextToken response indicates that more
19566	// output is available. Set this parameter to the value of the previous call's
19567	// NextToken response to indicate where the output should continue from.
19568	NextToken *string `type:"string"`
19569
19570	// The ID of the resource that you want to retrieve tags for.
19571	//
19572	// ResourceId is a required field
19573	ResourceId *string `type:"string" required:"true"`
19574}
19575
19576// String returns the string representation
19577func (s ListTagsForResourceInput) String() string {
19578	return awsutil.Prettify(s)
19579}
19580
19581// GoString returns the string representation
19582func (s ListTagsForResourceInput) GoString() string {
19583	return s.String()
19584}
19585
19586// Validate inspects the fields of the type to determine if they are valid.
19587func (s *ListTagsForResourceInput) Validate() error {
19588	invalidParams := request.ErrInvalidParams{Context: "ListTagsForResourceInput"}
19589	if s.ResourceId == nil {
19590		invalidParams.Add(request.NewErrParamRequired("ResourceId"))
19591	}
19592
19593	if invalidParams.Len() > 0 {
19594		return invalidParams
19595	}
19596	return nil
19597}
19598
19599// SetNextToken sets the NextToken field's value.
19600func (s *ListTagsForResourceInput) SetNextToken(v string) *ListTagsForResourceInput {
19601	s.NextToken = &v
19602	return s
19603}
19604
19605// SetResourceId sets the ResourceId field's value.
19606func (s *ListTagsForResourceInput) SetResourceId(v string) *ListTagsForResourceInput {
19607	s.ResourceId = &v
19608	return s
19609}
19610
19611type ListTagsForResourceOutput struct {
19612	_ struct{} `type:"structure"`
19613
19614	// If present, indicates that more output is available than is included in the
19615	// current response. Use this value in the NextToken request parameter in a
19616	// subsequent call to the operation to get the next part of the output. You
19617	// should repeat this until the NextToken response element comes back as null.
19618	NextToken *string `type:"string"`
19619
19620	// The tags that are assigned to the resource.
19621	Tags []*Tag `type:"list"`
19622}
19623
19624// String returns the string representation
19625func (s ListTagsForResourceOutput) String() string {
19626	return awsutil.Prettify(s)
19627}
19628
19629// GoString returns the string representation
19630func (s ListTagsForResourceOutput) GoString() string {
19631	return s.String()
19632}
19633
19634// SetNextToken sets the NextToken field's value.
19635func (s *ListTagsForResourceOutput) SetNextToken(v string) *ListTagsForResourceOutput {
19636	s.NextToken = &v
19637	return s
19638}
19639
19640// SetTags sets the Tags field's value.
19641func (s *ListTagsForResourceOutput) SetTags(v []*Tag) *ListTagsForResourceOutput {
19642	s.Tags = v
19643	return s
19644}
19645
19646type ListTargetsForPolicyInput struct {
19647	_ struct{} `type:"structure"`
19648
19649	// The total number of results that you want included on each page of the response.
19650	// If you do not include this parameter, it defaults to a value that is specific
19651	// to the operation. If additional items exist beyond the maximum you specify,
19652	// the NextToken response element is present and has a value (is not null).
19653	// Include that value as the NextToken request parameter in the next call to
19654	// the operation to get the next part of the results. Note that Organizations
19655	// might return fewer results than the maximum even when there are more results
19656	// available. You should check NextToken after every operation to ensure that
19657	// you receive all of the results.
19658	MaxResults *int64 `min:"1" type:"integer"`
19659
19660	// The parameter for receiving additional results if you receive a NextToken
19661	// response in a previous request. A NextToken response indicates that more
19662	// output is available. Set this parameter to the value of the previous call's
19663	// NextToken response to indicate where the output should continue from.
19664	NextToken *string `type:"string"`
19665
19666	// The unique identifier (ID) of the policy whose attachments you want to know.
19667	//
19668	// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
19669	// requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits,
19670	// or the underscore character (_).
19671	//
19672	// PolicyId is a required field
19673	PolicyId *string `type:"string" required:"true"`
19674}
19675
19676// String returns the string representation
19677func (s ListTargetsForPolicyInput) String() string {
19678	return awsutil.Prettify(s)
19679}
19680
19681// GoString returns the string representation
19682func (s ListTargetsForPolicyInput) GoString() string {
19683	return s.String()
19684}
19685
19686// Validate inspects the fields of the type to determine if they are valid.
19687func (s *ListTargetsForPolicyInput) Validate() error {
19688	invalidParams := request.ErrInvalidParams{Context: "ListTargetsForPolicyInput"}
19689	if s.MaxResults != nil && *s.MaxResults < 1 {
19690		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
19691	}
19692	if s.PolicyId == nil {
19693		invalidParams.Add(request.NewErrParamRequired("PolicyId"))
19694	}
19695
19696	if invalidParams.Len() > 0 {
19697		return invalidParams
19698	}
19699	return nil
19700}
19701
19702// SetMaxResults sets the MaxResults field's value.
19703func (s *ListTargetsForPolicyInput) SetMaxResults(v int64) *ListTargetsForPolicyInput {
19704	s.MaxResults = &v
19705	return s
19706}
19707
19708// SetNextToken sets the NextToken field's value.
19709func (s *ListTargetsForPolicyInput) SetNextToken(v string) *ListTargetsForPolicyInput {
19710	s.NextToken = &v
19711	return s
19712}
19713
19714// SetPolicyId sets the PolicyId field's value.
19715func (s *ListTargetsForPolicyInput) SetPolicyId(v string) *ListTargetsForPolicyInput {
19716	s.PolicyId = &v
19717	return s
19718}
19719
19720type ListTargetsForPolicyOutput struct {
19721	_ struct{} `type:"structure"`
19722
19723	// If present, indicates that more output is available than is included in the
19724	// current response. Use this value in the NextToken request parameter in a
19725	// subsequent call to the operation to get the next part of the output. You
19726	// should repeat this until the NextToken response element comes back as null.
19727	NextToken *string `type:"string"`
19728
19729	// A list of structures, each of which contains details about one of the entities
19730	// to which the specified policy is attached.
19731	Targets []*PolicyTargetSummary `type:"list"`
19732}
19733
19734// String returns the string representation
19735func (s ListTargetsForPolicyOutput) String() string {
19736	return awsutil.Prettify(s)
19737}
19738
19739// GoString returns the string representation
19740func (s ListTargetsForPolicyOutput) GoString() string {
19741	return s.String()
19742}
19743
19744// SetNextToken sets the NextToken field's value.
19745func (s *ListTargetsForPolicyOutput) SetNextToken(v string) *ListTargetsForPolicyOutput {
19746	s.NextToken = &v
19747	return s
19748}
19749
19750// SetTargets sets the Targets field's value.
19751func (s *ListTargetsForPolicyOutput) SetTargets(v []*PolicyTargetSummary) *ListTargetsForPolicyOutput {
19752	s.Targets = v
19753	return s
19754}
19755
19756// The provided policy document doesn't meet the requirements of the specified
19757// policy type. For example, the syntax might be incorrect. For details about
19758// service control policy syntax, see Service Control Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html)
19759// in the AWS Organizations User Guide.
19760type MalformedPolicyDocumentException struct {
19761	_            struct{}                  `type:"structure"`
19762	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
19763
19764	Message_ *string `locationName:"Message" type:"string"`
19765}
19766
19767// String returns the string representation
19768func (s MalformedPolicyDocumentException) String() string {
19769	return awsutil.Prettify(s)
19770}
19771
19772// GoString returns the string representation
19773func (s MalformedPolicyDocumentException) GoString() string {
19774	return s.String()
19775}
19776
19777func newErrorMalformedPolicyDocumentException(v protocol.ResponseMetadata) error {
19778	return &MalformedPolicyDocumentException{
19779		RespMetadata: v,
19780	}
19781}
19782
19783// Code returns the exception type name.
19784func (s *MalformedPolicyDocumentException) Code() string {
19785	return "MalformedPolicyDocumentException"
19786}
19787
19788// Message returns the exception's message.
19789func (s *MalformedPolicyDocumentException) Message() string {
19790	if s.Message_ != nil {
19791		return *s.Message_
19792	}
19793	return ""
19794}
19795
19796// OrigErr always returns nil, satisfies awserr.Error interface.
19797func (s *MalformedPolicyDocumentException) OrigErr() error {
19798	return nil
19799}
19800
19801func (s *MalformedPolicyDocumentException) Error() string {
19802	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
19803}
19804
19805// Status code returns the HTTP status code for the request's response error.
19806func (s *MalformedPolicyDocumentException) StatusCode() int {
19807	return s.RespMetadata.StatusCode
19808}
19809
19810// RequestID returns the service's response RequestID for request.
19811func (s *MalformedPolicyDocumentException) RequestID() string {
19812	return s.RespMetadata.RequestID
19813}
19814
19815// You can't remove a master account from an organization. If you want the master
19816// account to become a member account in another organization, you must first
19817// delete the current organization of the master account.
19818type MasterCannotLeaveOrganizationException struct {
19819	_            struct{}                  `type:"structure"`
19820	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
19821
19822	Message_ *string `locationName:"Message" type:"string"`
19823}
19824
19825// String returns the string representation
19826func (s MasterCannotLeaveOrganizationException) String() string {
19827	return awsutil.Prettify(s)
19828}
19829
19830// GoString returns the string representation
19831func (s MasterCannotLeaveOrganizationException) GoString() string {
19832	return s.String()
19833}
19834
19835func newErrorMasterCannotLeaveOrganizationException(v protocol.ResponseMetadata) error {
19836	return &MasterCannotLeaveOrganizationException{
19837		RespMetadata: v,
19838	}
19839}
19840
19841// Code returns the exception type name.
19842func (s *MasterCannotLeaveOrganizationException) Code() string {
19843	return "MasterCannotLeaveOrganizationException"
19844}
19845
19846// Message returns the exception's message.
19847func (s *MasterCannotLeaveOrganizationException) Message() string {
19848	if s.Message_ != nil {
19849		return *s.Message_
19850	}
19851	return ""
19852}
19853
19854// OrigErr always returns nil, satisfies awserr.Error interface.
19855func (s *MasterCannotLeaveOrganizationException) OrigErr() error {
19856	return nil
19857}
19858
19859func (s *MasterCannotLeaveOrganizationException) Error() string {
19860	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
19861}
19862
19863// Status code returns the HTTP status code for the request's response error.
19864func (s *MasterCannotLeaveOrganizationException) StatusCode() int {
19865	return s.RespMetadata.StatusCode
19866}
19867
19868// RequestID returns the service's response RequestID for request.
19869func (s *MasterCannotLeaveOrganizationException) RequestID() string {
19870	return s.RespMetadata.RequestID
19871}
19872
19873type MoveAccountInput struct {
19874	_ struct{} `type:"structure"`
19875
19876	// The unique identifier (ID) of the account that you want to move.
19877	//
19878	// The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string
19879	// requires exactly 12 digits.
19880	//
19881	// AccountId is a required field
19882	AccountId *string `type:"string" required:"true"`
19883
19884	// The unique identifier (ID) of the root or organizational unit that you want
19885	// to move the account to.
19886	//
19887	// The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string
19888	// requires one of the following:
19889	//
19890	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
19891	//    letters or digits.
19892	//
19893	//    * Organizational unit (OU) - A string that begins with "ou-" followed
19894	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
19895	//    OU is in). This string is followed by a second "-" dash and from 8 to
19896	//    32 additional lowercase letters or digits.
19897	//
19898	// DestinationParentId is a required field
19899	DestinationParentId *string `type:"string" required:"true"`
19900
19901	// The unique identifier (ID) of the root or organizational unit that you want
19902	// to move the account from.
19903	//
19904	// The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string
19905	// requires one of the following:
19906	//
19907	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
19908	//    letters or digits.
19909	//
19910	//    * Organizational unit (OU) - A string that begins with "ou-" followed
19911	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
19912	//    OU is in). This string is followed by a second "-" dash and from 8 to
19913	//    32 additional lowercase letters or digits.
19914	//
19915	// SourceParentId is a required field
19916	SourceParentId *string `type:"string" required:"true"`
19917}
19918
19919// String returns the string representation
19920func (s MoveAccountInput) String() string {
19921	return awsutil.Prettify(s)
19922}
19923
19924// GoString returns the string representation
19925func (s MoveAccountInput) GoString() string {
19926	return s.String()
19927}
19928
19929// Validate inspects the fields of the type to determine if they are valid.
19930func (s *MoveAccountInput) Validate() error {
19931	invalidParams := request.ErrInvalidParams{Context: "MoveAccountInput"}
19932	if s.AccountId == nil {
19933		invalidParams.Add(request.NewErrParamRequired("AccountId"))
19934	}
19935	if s.DestinationParentId == nil {
19936		invalidParams.Add(request.NewErrParamRequired("DestinationParentId"))
19937	}
19938	if s.SourceParentId == nil {
19939		invalidParams.Add(request.NewErrParamRequired("SourceParentId"))
19940	}
19941
19942	if invalidParams.Len() > 0 {
19943		return invalidParams
19944	}
19945	return nil
19946}
19947
19948// SetAccountId sets the AccountId field's value.
19949func (s *MoveAccountInput) SetAccountId(v string) *MoveAccountInput {
19950	s.AccountId = &v
19951	return s
19952}
19953
19954// SetDestinationParentId sets the DestinationParentId field's value.
19955func (s *MoveAccountInput) SetDestinationParentId(v string) *MoveAccountInput {
19956	s.DestinationParentId = &v
19957	return s
19958}
19959
19960// SetSourceParentId sets the SourceParentId field's value.
19961func (s *MoveAccountInput) SetSourceParentId(v string) *MoveAccountInput {
19962	s.SourceParentId = &v
19963	return s
19964}
19965
19966type MoveAccountOutput struct {
19967	_ struct{} `type:"structure"`
19968}
19969
19970// String returns the string representation
19971func (s MoveAccountOutput) String() string {
19972	return awsutil.Prettify(s)
19973}
19974
19975// GoString returns the string representation
19976func (s MoveAccountOutput) GoString() string {
19977	return s.String()
19978}
19979
19980// Contains details about an organization. An organization is a collection of
19981// accounts that are centrally managed together using consolidated billing,
19982// organized hierarchically with organizational units (OUs), and controlled
19983// with policies .
19984type Organization struct {
19985	_ struct{} `type:"structure"`
19986
19987	// The Amazon Resource Name (ARN) of an organization.
19988	//
19989	// For more information about ARNs in Organizations, see ARN Formats Supported
19990	// by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns)
19991	// in the AWS Organizations User Guide.
19992	Arn *string `type:"string"`
19993
19994	//
19995	// Do not use. This field is deprecated and doesn't provide complete information
19996	// about the policies in your organization.
19997	//
19998	// To determine the policies that are enabled and available for use in your
19999	// organization, use the ListRoots operation instead.
20000	AvailablePolicyTypes []*PolicyTypeSummary `type:"list"`
20001
20002	// Specifies the functionality that currently is available to the organization.
20003	// If set to "ALL", then all features are enabled and policies can be applied
20004	// to accounts in the organization. If set to "CONSOLIDATED_BILLING", then only
20005	// consolidated billing functionality is available. For more information, see
20006	// Enabling All Features in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
20007	// in the AWS Organizations User Guide.
20008	FeatureSet *string `type:"string" enum:"OrganizationFeatureSet"`
20009
20010	// The unique identifier (ID) of an organization.
20011	//
20012	// The regex pattern (http://wikipedia.org/wiki/regex) for an organization ID
20013	// string requires "o-" followed by from 10 to 32 lower-case letters or digits.
20014	Id *string `type:"string"`
20015
20016	// The Amazon Resource Name (ARN) of the account that is designated as the master
20017	// account for the organization.
20018	//
20019	// For more information about ARNs in Organizations, see ARN Formats Supported
20020	// by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns)
20021	// in the AWS Organizations User Guide.
20022	MasterAccountArn *string `type:"string"`
20023
20024	// The email address that is associated with the AWS account that is designated
20025	// as the master account for the organization.
20026	MasterAccountEmail *string `min:"6" type:"string" sensitive:"true"`
20027
20028	// The unique identifier (ID) of the master account of an organization.
20029	//
20030	// The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string
20031	// requires exactly 12 digits.
20032	MasterAccountId *string `type:"string"`
20033}
20034
20035// String returns the string representation
20036func (s Organization) String() string {
20037	return awsutil.Prettify(s)
20038}
20039
20040// GoString returns the string representation
20041func (s Organization) GoString() string {
20042	return s.String()
20043}
20044
20045// SetArn sets the Arn field's value.
20046func (s *Organization) SetArn(v string) *Organization {
20047	s.Arn = &v
20048	return s
20049}
20050
20051// SetAvailablePolicyTypes sets the AvailablePolicyTypes field's value.
20052func (s *Organization) SetAvailablePolicyTypes(v []*PolicyTypeSummary) *Organization {
20053	s.AvailablePolicyTypes = v
20054	return s
20055}
20056
20057// SetFeatureSet sets the FeatureSet field's value.
20058func (s *Organization) SetFeatureSet(v string) *Organization {
20059	s.FeatureSet = &v
20060	return s
20061}
20062
20063// SetId sets the Id field's value.
20064func (s *Organization) SetId(v string) *Organization {
20065	s.Id = &v
20066	return s
20067}
20068
20069// SetMasterAccountArn sets the MasterAccountArn field's value.
20070func (s *Organization) SetMasterAccountArn(v string) *Organization {
20071	s.MasterAccountArn = &v
20072	return s
20073}
20074
20075// SetMasterAccountEmail sets the MasterAccountEmail field's value.
20076func (s *Organization) SetMasterAccountEmail(v string) *Organization {
20077	s.MasterAccountEmail = &v
20078	return s
20079}
20080
20081// SetMasterAccountId sets the MasterAccountId field's value.
20082func (s *Organization) SetMasterAccountId(v string) *Organization {
20083	s.MasterAccountId = &v
20084	return s
20085}
20086
20087// The organization isn't empty. To delete an organization, you must first remove
20088// all accounts except the master account, delete all OUs, and delete all policies.
20089type OrganizationNotEmptyException struct {
20090	_            struct{}                  `type:"structure"`
20091	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
20092
20093	Message_ *string `locationName:"Message" type:"string"`
20094}
20095
20096// String returns the string representation
20097func (s OrganizationNotEmptyException) String() string {
20098	return awsutil.Prettify(s)
20099}
20100
20101// GoString returns the string representation
20102func (s OrganizationNotEmptyException) GoString() string {
20103	return s.String()
20104}
20105
20106func newErrorOrganizationNotEmptyException(v protocol.ResponseMetadata) error {
20107	return &OrganizationNotEmptyException{
20108		RespMetadata: v,
20109	}
20110}
20111
20112// Code returns the exception type name.
20113func (s *OrganizationNotEmptyException) Code() string {
20114	return "OrganizationNotEmptyException"
20115}
20116
20117// Message returns the exception's message.
20118func (s *OrganizationNotEmptyException) Message() string {
20119	if s.Message_ != nil {
20120		return *s.Message_
20121	}
20122	return ""
20123}
20124
20125// OrigErr always returns nil, satisfies awserr.Error interface.
20126func (s *OrganizationNotEmptyException) OrigErr() error {
20127	return nil
20128}
20129
20130func (s *OrganizationNotEmptyException) Error() string {
20131	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
20132}
20133
20134// Status code returns the HTTP status code for the request's response error.
20135func (s *OrganizationNotEmptyException) StatusCode() int {
20136	return s.RespMetadata.StatusCode
20137}
20138
20139// RequestID returns the service's response RequestID for request.
20140func (s *OrganizationNotEmptyException) RequestID() string {
20141	return s.RespMetadata.RequestID
20142}
20143
20144// Contains details about an organizational unit (OU). An OU is a container
20145// of AWS accounts within a root of an organization. Policies that are attached
20146// to an OU apply to all accounts contained in that OU and in any child OUs.
20147type OrganizationalUnit struct {
20148	_ struct{} `type:"structure"`
20149
20150	// The Amazon Resource Name (ARN) of this OU.
20151	//
20152	// For more information about ARNs in Organizations, see ARN Formats Supported
20153	// by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns)
20154	// in the AWS Organizations User Guide.
20155	Arn *string `type:"string"`
20156
20157	// The unique identifier (ID) associated with this OU.
20158	//
20159	// The regex pattern (http://wikipedia.org/wiki/regex) for an organizational
20160	// unit ID string requires "ou-" followed by from 4 to 32 lower-case letters
20161	// or digits (the ID of the root that contains the OU). This string is followed
20162	// by a second "-" dash and from 8 to 32 additional lower-case letters or digits.
20163	Id *string `type:"string"`
20164
20165	// The friendly name of this OU.
20166	//
20167	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
20168	// this parameter is a string of any of the characters in the ASCII character
20169	// range.
20170	Name *string `min:"1" type:"string"`
20171}
20172
20173// String returns the string representation
20174func (s OrganizationalUnit) String() string {
20175	return awsutil.Prettify(s)
20176}
20177
20178// GoString returns the string representation
20179func (s OrganizationalUnit) GoString() string {
20180	return s.String()
20181}
20182
20183// SetArn sets the Arn field's value.
20184func (s *OrganizationalUnit) SetArn(v string) *OrganizationalUnit {
20185	s.Arn = &v
20186	return s
20187}
20188
20189// SetId sets the Id field's value.
20190func (s *OrganizationalUnit) SetId(v string) *OrganizationalUnit {
20191	s.Id = &v
20192	return s
20193}
20194
20195// SetName sets the Name field's value.
20196func (s *OrganizationalUnit) SetName(v string) *OrganizationalUnit {
20197	s.Name = &v
20198	return s
20199}
20200
20201// The specified OU is not empty. Move all accounts to another root or to other
20202// OUs, remove all child OUs, and try the operation again.
20203type OrganizationalUnitNotEmptyException struct {
20204	_            struct{}                  `type:"structure"`
20205	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
20206
20207	Message_ *string `locationName:"Message" type:"string"`
20208}
20209
20210// String returns the string representation
20211func (s OrganizationalUnitNotEmptyException) String() string {
20212	return awsutil.Prettify(s)
20213}
20214
20215// GoString returns the string representation
20216func (s OrganizationalUnitNotEmptyException) GoString() string {
20217	return s.String()
20218}
20219
20220func newErrorOrganizationalUnitNotEmptyException(v protocol.ResponseMetadata) error {
20221	return &OrganizationalUnitNotEmptyException{
20222		RespMetadata: v,
20223	}
20224}
20225
20226// Code returns the exception type name.
20227func (s *OrganizationalUnitNotEmptyException) Code() string {
20228	return "OrganizationalUnitNotEmptyException"
20229}
20230
20231// Message returns the exception's message.
20232func (s *OrganizationalUnitNotEmptyException) Message() string {
20233	if s.Message_ != nil {
20234		return *s.Message_
20235	}
20236	return ""
20237}
20238
20239// OrigErr always returns nil, satisfies awserr.Error interface.
20240func (s *OrganizationalUnitNotEmptyException) OrigErr() error {
20241	return nil
20242}
20243
20244func (s *OrganizationalUnitNotEmptyException) Error() string {
20245	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
20246}
20247
20248// Status code returns the HTTP status code for the request's response error.
20249func (s *OrganizationalUnitNotEmptyException) StatusCode() int {
20250	return s.RespMetadata.StatusCode
20251}
20252
20253// RequestID returns the service's response RequestID for request.
20254func (s *OrganizationalUnitNotEmptyException) RequestID() string {
20255	return s.RespMetadata.RequestID
20256}
20257
20258// We can't find an OU with the OrganizationalUnitId that you specified.
20259type OrganizationalUnitNotFoundException struct {
20260	_            struct{}                  `type:"structure"`
20261	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
20262
20263	Message_ *string `locationName:"Message" type:"string"`
20264}
20265
20266// String returns the string representation
20267func (s OrganizationalUnitNotFoundException) String() string {
20268	return awsutil.Prettify(s)
20269}
20270
20271// GoString returns the string representation
20272func (s OrganizationalUnitNotFoundException) GoString() string {
20273	return s.String()
20274}
20275
20276func newErrorOrganizationalUnitNotFoundException(v protocol.ResponseMetadata) error {
20277	return &OrganizationalUnitNotFoundException{
20278		RespMetadata: v,
20279	}
20280}
20281
20282// Code returns the exception type name.
20283func (s *OrganizationalUnitNotFoundException) Code() string {
20284	return "OrganizationalUnitNotFoundException"
20285}
20286
20287// Message returns the exception's message.
20288func (s *OrganizationalUnitNotFoundException) Message() string {
20289	if s.Message_ != nil {
20290		return *s.Message_
20291	}
20292	return ""
20293}
20294
20295// OrigErr always returns nil, satisfies awserr.Error interface.
20296func (s *OrganizationalUnitNotFoundException) OrigErr() error {
20297	return nil
20298}
20299
20300func (s *OrganizationalUnitNotFoundException) Error() string {
20301	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
20302}
20303
20304// Status code returns the HTTP status code for the request's response error.
20305func (s *OrganizationalUnitNotFoundException) StatusCode() int {
20306	return s.RespMetadata.StatusCode
20307}
20308
20309// RequestID returns the service's response RequestID for request.
20310func (s *OrganizationalUnitNotFoundException) RequestID() string {
20311	return s.RespMetadata.RequestID
20312}
20313
20314// Contains information about either a root or an organizational unit (OU) that
20315// can contain OUs or accounts in an organization.
20316type Parent struct {
20317	_ struct{} `type:"structure"`
20318
20319	// The unique identifier (ID) of the parent entity.
20320	//
20321	// The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string
20322	// requires one of the following:
20323	//
20324	//    * Root: A string that begins with "r-" followed by from 4 to 32 lower-case
20325	//    letters or digits.
20326	//
20327	//    * Organizational unit (OU): A string that begins with "ou-" followed by
20328	//    from 4 to 32 lower-case letters or digits (the ID of the root that the
20329	//    OU is in). This string is followed by a second "-" dash and from 8 to
20330	//    32 additional lower-case letters or digits.
20331	Id *string `type:"string"`
20332
20333	// The type of the parent entity.
20334	Type *string `type:"string" enum:"ParentType"`
20335}
20336
20337// String returns the string representation
20338func (s Parent) String() string {
20339	return awsutil.Prettify(s)
20340}
20341
20342// GoString returns the string representation
20343func (s Parent) GoString() string {
20344	return s.String()
20345}
20346
20347// SetId sets the Id field's value.
20348func (s *Parent) SetId(v string) *Parent {
20349	s.Id = &v
20350	return s
20351}
20352
20353// SetType sets the Type field's value.
20354func (s *Parent) SetType(v string) *Parent {
20355	s.Type = &v
20356	return s
20357}
20358
20359// We can't find a root or OU with the ParentId that you specified.
20360type ParentNotFoundException struct {
20361	_            struct{}                  `type:"structure"`
20362	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
20363
20364	Message_ *string `locationName:"Message" type:"string"`
20365}
20366
20367// String returns the string representation
20368func (s ParentNotFoundException) String() string {
20369	return awsutil.Prettify(s)
20370}
20371
20372// GoString returns the string representation
20373func (s ParentNotFoundException) GoString() string {
20374	return s.String()
20375}
20376
20377func newErrorParentNotFoundException(v protocol.ResponseMetadata) error {
20378	return &ParentNotFoundException{
20379		RespMetadata: v,
20380	}
20381}
20382
20383// Code returns the exception type name.
20384func (s *ParentNotFoundException) Code() string {
20385	return "ParentNotFoundException"
20386}
20387
20388// Message returns the exception's message.
20389func (s *ParentNotFoundException) Message() string {
20390	if s.Message_ != nil {
20391		return *s.Message_
20392	}
20393	return ""
20394}
20395
20396// OrigErr always returns nil, satisfies awserr.Error interface.
20397func (s *ParentNotFoundException) OrigErr() error {
20398	return nil
20399}
20400
20401func (s *ParentNotFoundException) Error() string {
20402	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
20403}
20404
20405// Status code returns the HTTP status code for the request's response error.
20406func (s *ParentNotFoundException) StatusCode() int {
20407	return s.RespMetadata.StatusCode
20408}
20409
20410// RequestID returns the service's response RequestID for request.
20411func (s *ParentNotFoundException) RequestID() string {
20412	return s.RespMetadata.RequestID
20413}
20414
20415// Contains rules to be applied to the affected accounts. Policies can be attached
20416// directly to accounts, or to roots and OUs to affect all accounts in those
20417// hierarchies.
20418type Policy struct {
20419	_ struct{} `type:"structure"`
20420
20421	// The text content of the policy.
20422	Content *string `min:"1" type:"string"`
20423
20424	// A structure that contains additional details about the policy.
20425	PolicySummary *PolicySummary `type:"structure"`
20426}
20427
20428// String returns the string representation
20429func (s Policy) String() string {
20430	return awsutil.Prettify(s)
20431}
20432
20433// GoString returns the string representation
20434func (s Policy) GoString() string {
20435	return s.String()
20436}
20437
20438// SetContent sets the Content field's value.
20439func (s *Policy) SetContent(v string) *Policy {
20440	s.Content = &v
20441	return s
20442}
20443
20444// SetPolicySummary sets the PolicySummary field's value.
20445func (s *Policy) SetPolicySummary(v *PolicySummary) *Policy {
20446	s.PolicySummary = v
20447	return s
20448}
20449
20450// Changes to the effective policy are in progress, and its contents can't be
20451// returned. Try the operation again later.
20452type PolicyChangesInProgressException struct {
20453	_            struct{}                  `type:"structure"`
20454	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
20455
20456	Message_ *string `locationName:"Message" type:"string"`
20457}
20458
20459// String returns the string representation
20460func (s PolicyChangesInProgressException) String() string {
20461	return awsutil.Prettify(s)
20462}
20463
20464// GoString returns the string representation
20465func (s PolicyChangesInProgressException) GoString() string {
20466	return s.String()
20467}
20468
20469func newErrorPolicyChangesInProgressException(v protocol.ResponseMetadata) error {
20470	return &PolicyChangesInProgressException{
20471		RespMetadata: v,
20472	}
20473}
20474
20475// Code returns the exception type name.
20476func (s *PolicyChangesInProgressException) Code() string {
20477	return "PolicyChangesInProgressException"
20478}
20479
20480// Message returns the exception's message.
20481func (s *PolicyChangesInProgressException) Message() string {
20482	if s.Message_ != nil {
20483		return *s.Message_
20484	}
20485	return ""
20486}
20487
20488// OrigErr always returns nil, satisfies awserr.Error interface.
20489func (s *PolicyChangesInProgressException) OrigErr() error {
20490	return nil
20491}
20492
20493func (s *PolicyChangesInProgressException) Error() string {
20494	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
20495}
20496
20497// Status code returns the HTTP status code for the request's response error.
20498func (s *PolicyChangesInProgressException) StatusCode() int {
20499	return s.RespMetadata.StatusCode
20500}
20501
20502// RequestID returns the service's response RequestID for request.
20503func (s *PolicyChangesInProgressException) RequestID() string {
20504	return s.RespMetadata.RequestID
20505}
20506
20507// The policy is attached to one or more entities. You must detach it from all
20508// roots, OUs, and accounts before performing this operation.
20509type PolicyInUseException struct {
20510	_            struct{}                  `type:"structure"`
20511	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
20512
20513	Message_ *string `locationName:"Message" type:"string"`
20514}
20515
20516// String returns the string representation
20517func (s PolicyInUseException) String() string {
20518	return awsutil.Prettify(s)
20519}
20520
20521// GoString returns the string representation
20522func (s PolicyInUseException) GoString() string {
20523	return s.String()
20524}
20525
20526func newErrorPolicyInUseException(v protocol.ResponseMetadata) error {
20527	return &PolicyInUseException{
20528		RespMetadata: v,
20529	}
20530}
20531
20532// Code returns the exception type name.
20533func (s *PolicyInUseException) Code() string {
20534	return "PolicyInUseException"
20535}
20536
20537// Message returns the exception's message.
20538func (s *PolicyInUseException) Message() string {
20539	if s.Message_ != nil {
20540		return *s.Message_
20541	}
20542	return ""
20543}
20544
20545// OrigErr always returns nil, satisfies awserr.Error interface.
20546func (s *PolicyInUseException) OrigErr() error {
20547	return nil
20548}
20549
20550func (s *PolicyInUseException) Error() string {
20551	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
20552}
20553
20554// Status code returns the HTTP status code for the request's response error.
20555func (s *PolicyInUseException) StatusCode() int {
20556	return s.RespMetadata.StatusCode
20557}
20558
20559// RequestID returns the service's response RequestID for request.
20560func (s *PolicyInUseException) RequestID() string {
20561	return s.RespMetadata.RequestID
20562}
20563
20564// The policy isn't attached to the specified target in the specified root.
20565type PolicyNotAttachedException struct {
20566	_            struct{}                  `type:"structure"`
20567	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
20568
20569	Message_ *string `locationName:"Message" type:"string"`
20570}
20571
20572// String returns the string representation
20573func (s PolicyNotAttachedException) String() string {
20574	return awsutil.Prettify(s)
20575}
20576
20577// GoString returns the string representation
20578func (s PolicyNotAttachedException) GoString() string {
20579	return s.String()
20580}
20581
20582func newErrorPolicyNotAttachedException(v protocol.ResponseMetadata) error {
20583	return &PolicyNotAttachedException{
20584		RespMetadata: v,
20585	}
20586}
20587
20588// Code returns the exception type name.
20589func (s *PolicyNotAttachedException) Code() string {
20590	return "PolicyNotAttachedException"
20591}
20592
20593// Message returns the exception's message.
20594func (s *PolicyNotAttachedException) Message() string {
20595	if s.Message_ != nil {
20596		return *s.Message_
20597	}
20598	return ""
20599}
20600
20601// OrigErr always returns nil, satisfies awserr.Error interface.
20602func (s *PolicyNotAttachedException) OrigErr() error {
20603	return nil
20604}
20605
20606func (s *PolicyNotAttachedException) Error() string {
20607	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
20608}
20609
20610// Status code returns the HTTP status code for the request's response error.
20611func (s *PolicyNotAttachedException) StatusCode() int {
20612	return s.RespMetadata.StatusCode
20613}
20614
20615// RequestID returns the service's response RequestID for request.
20616func (s *PolicyNotAttachedException) RequestID() string {
20617	return s.RespMetadata.RequestID
20618}
20619
20620// We can't find a policy with the PolicyId that you specified.
20621type PolicyNotFoundException struct {
20622	_            struct{}                  `type:"structure"`
20623	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
20624
20625	Message_ *string `locationName:"Message" type:"string"`
20626}
20627
20628// String returns the string representation
20629func (s PolicyNotFoundException) String() string {
20630	return awsutil.Prettify(s)
20631}
20632
20633// GoString returns the string representation
20634func (s PolicyNotFoundException) GoString() string {
20635	return s.String()
20636}
20637
20638func newErrorPolicyNotFoundException(v protocol.ResponseMetadata) error {
20639	return &PolicyNotFoundException{
20640		RespMetadata: v,
20641	}
20642}
20643
20644// Code returns the exception type name.
20645func (s *PolicyNotFoundException) Code() string {
20646	return "PolicyNotFoundException"
20647}
20648
20649// Message returns the exception's message.
20650func (s *PolicyNotFoundException) Message() string {
20651	if s.Message_ != nil {
20652		return *s.Message_
20653	}
20654	return ""
20655}
20656
20657// OrigErr always returns nil, satisfies awserr.Error interface.
20658func (s *PolicyNotFoundException) OrigErr() error {
20659	return nil
20660}
20661
20662func (s *PolicyNotFoundException) Error() string {
20663	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
20664}
20665
20666// Status code returns the HTTP status code for the request's response error.
20667func (s *PolicyNotFoundException) StatusCode() int {
20668	return s.RespMetadata.StatusCode
20669}
20670
20671// RequestID returns the service's response RequestID for request.
20672func (s *PolicyNotFoundException) RequestID() string {
20673	return s.RespMetadata.RequestID
20674}
20675
20676// Contains information about a policy, but does not include the content. To
20677// see the content of a policy, see DescribePolicy.
20678type PolicySummary struct {
20679	_ struct{} `type:"structure"`
20680
20681	// The Amazon Resource Name (ARN) of the policy.
20682	//
20683	// For more information about ARNs in Organizations, see ARN Formats Supported
20684	// by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns)
20685	// in the AWS Organizations User Guide.
20686	Arn *string `type:"string"`
20687
20688	// A boolean value that indicates whether the specified policy is an AWS managed
20689	// policy. If true, then you can attach the policy to roots, OUs, or accounts,
20690	// but you cannot edit it.
20691	AwsManaged *bool `type:"boolean"`
20692
20693	// The description of the policy.
20694	Description *string `type:"string"`
20695
20696	// The unique identifier (ID) of the policy.
20697	//
20698	// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
20699	// requires "p-" followed by from 8 to 128 lower-case letters or digits.
20700	Id *string `type:"string"`
20701
20702	// The friendly name of the policy.
20703	//
20704	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
20705	// this parameter is a string of any of the characters in the ASCII character
20706	// range.
20707	Name *string `min:"1" type:"string"`
20708
20709	// The type of policy.
20710	Type *string `type:"string" enum:"PolicyType"`
20711}
20712
20713// String returns the string representation
20714func (s PolicySummary) String() string {
20715	return awsutil.Prettify(s)
20716}
20717
20718// GoString returns the string representation
20719func (s PolicySummary) GoString() string {
20720	return s.String()
20721}
20722
20723// SetArn sets the Arn field's value.
20724func (s *PolicySummary) SetArn(v string) *PolicySummary {
20725	s.Arn = &v
20726	return s
20727}
20728
20729// SetAwsManaged sets the AwsManaged field's value.
20730func (s *PolicySummary) SetAwsManaged(v bool) *PolicySummary {
20731	s.AwsManaged = &v
20732	return s
20733}
20734
20735// SetDescription sets the Description field's value.
20736func (s *PolicySummary) SetDescription(v string) *PolicySummary {
20737	s.Description = &v
20738	return s
20739}
20740
20741// SetId sets the Id field's value.
20742func (s *PolicySummary) SetId(v string) *PolicySummary {
20743	s.Id = &v
20744	return s
20745}
20746
20747// SetName sets the Name field's value.
20748func (s *PolicySummary) SetName(v string) *PolicySummary {
20749	s.Name = &v
20750	return s
20751}
20752
20753// SetType sets the Type field's value.
20754func (s *PolicySummary) SetType(v string) *PolicySummary {
20755	s.Type = &v
20756	return s
20757}
20758
20759// Contains information about a root, OU, or account that a policy is attached
20760// to.
20761type PolicyTargetSummary struct {
20762	_ struct{} `type:"structure"`
20763
20764	// The Amazon Resource Name (ARN) of the policy target.
20765	//
20766	// For more information about ARNs in Organizations, see ARN Formats Supported
20767	// by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns)
20768	// in the AWS Organizations User Guide.
20769	Arn *string `type:"string"`
20770
20771	// The friendly name of the policy target.
20772	//
20773	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
20774	// this parameter is a string of any of the characters in the ASCII character
20775	// range.
20776	Name *string `min:"1" type:"string"`
20777
20778	// The unique identifier (ID) of the policy target.
20779	//
20780	// The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string
20781	// requires one of the following:
20782	//
20783	//    * Root: A string that begins with "r-" followed by from 4 to 32 lower-case
20784	//    letters or digits.
20785	//
20786	//    * Account: A string that consists of exactly 12 digits.
20787	//
20788	//    * Organizational unit (OU): A string that begins with "ou-" followed by
20789	//    from 4 to 32 lower-case letters or digits (the ID of the root that the
20790	//    OU is in). This string is followed by a second "-" dash and from 8 to
20791	//    32 additional lower-case letters or digits.
20792	TargetId *string `type:"string"`
20793
20794	// The type of the policy target.
20795	Type *string `type:"string" enum:"TargetType"`
20796}
20797
20798// String returns the string representation
20799func (s PolicyTargetSummary) String() string {
20800	return awsutil.Prettify(s)
20801}
20802
20803// GoString returns the string representation
20804func (s PolicyTargetSummary) GoString() string {
20805	return s.String()
20806}
20807
20808// SetArn sets the Arn field's value.
20809func (s *PolicyTargetSummary) SetArn(v string) *PolicyTargetSummary {
20810	s.Arn = &v
20811	return s
20812}
20813
20814// SetName sets the Name field's value.
20815func (s *PolicyTargetSummary) SetName(v string) *PolicyTargetSummary {
20816	s.Name = &v
20817	return s
20818}
20819
20820// SetTargetId sets the TargetId field's value.
20821func (s *PolicyTargetSummary) SetTargetId(v string) *PolicyTargetSummary {
20822	s.TargetId = &v
20823	return s
20824}
20825
20826// SetType sets the Type field's value.
20827func (s *PolicyTargetSummary) SetType(v string) *PolicyTargetSummary {
20828	s.Type = &v
20829	return s
20830}
20831
20832// The specified policy type is already enabled in the specified root.
20833type PolicyTypeAlreadyEnabledException struct {
20834	_            struct{}                  `type:"structure"`
20835	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
20836
20837	Message_ *string `locationName:"Message" type:"string"`
20838}
20839
20840// String returns the string representation
20841func (s PolicyTypeAlreadyEnabledException) String() string {
20842	return awsutil.Prettify(s)
20843}
20844
20845// GoString returns the string representation
20846func (s PolicyTypeAlreadyEnabledException) GoString() string {
20847	return s.String()
20848}
20849
20850func newErrorPolicyTypeAlreadyEnabledException(v protocol.ResponseMetadata) error {
20851	return &PolicyTypeAlreadyEnabledException{
20852		RespMetadata: v,
20853	}
20854}
20855
20856// Code returns the exception type name.
20857func (s *PolicyTypeAlreadyEnabledException) Code() string {
20858	return "PolicyTypeAlreadyEnabledException"
20859}
20860
20861// Message returns the exception's message.
20862func (s *PolicyTypeAlreadyEnabledException) Message() string {
20863	if s.Message_ != nil {
20864		return *s.Message_
20865	}
20866	return ""
20867}
20868
20869// OrigErr always returns nil, satisfies awserr.Error interface.
20870func (s *PolicyTypeAlreadyEnabledException) OrigErr() error {
20871	return nil
20872}
20873
20874func (s *PolicyTypeAlreadyEnabledException) Error() string {
20875	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
20876}
20877
20878// Status code returns the HTTP status code for the request's response error.
20879func (s *PolicyTypeAlreadyEnabledException) StatusCode() int {
20880	return s.RespMetadata.StatusCode
20881}
20882
20883// RequestID returns the service's response RequestID for request.
20884func (s *PolicyTypeAlreadyEnabledException) RequestID() string {
20885	return s.RespMetadata.RequestID
20886}
20887
20888// You can't use the specified policy type with the feature set currently enabled
20889// for this organization. For example, you can enable SCPs only after you enable
20890// all features in the organization. For more information, see Managing AWS
20891// Organizations Policies (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root)in
20892// the AWS Organizations User Guide.
20893type PolicyTypeNotAvailableForOrganizationException struct {
20894	_            struct{}                  `type:"structure"`
20895	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
20896
20897	Message_ *string `locationName:"Message" type:"string"`
20898}
20899
20900// String returns the string representation
20901func (s PolicyTypeNotAvailableForOrganizationException) String() string {
20902	return awsutil.Prettify(s)
20903}
20904
20905// GoString returns the string representation
20906func (s PolicyTypeNotAvailableForOrganizationException) GoString() string {
20907	return s.String()
20908}
20909
20910func newErrorPolicyTypeNotAvailableForOrganizationException(v protocol.ResponseMetadata) error {
20911	return &PolicyTypeNotAvailableForOrganizationException{
20912		RespMetadata: v,
20913	}
20914}
20915
20916// Code returns the exception type name.
20917func (s *PolicyTypeNotAvailableForOrganizationException) Code() string {
20918	return "PolicyTypeNotAvailableForOrganizationException"
20919}
20920
20921// Message returns the exception's message.
20922func (s *PolicyTypeNotAvailableForOrganizationException) Message() string {
20923	if s.Message_ != nil {
20924		return *s.Message_
20925	}
20926	return ""
20927}
20928
20929// OrigErr always returns nil, satisfies awserr.Error interface.
20930func (s *PolicyTypeNotAvailableForOrganizationException) OrigErr() error {
20931	return nil
20932}
20933
20934func (s *PolicyTypeNotAvailableForOrganizationException) Error() string {
20935	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
20936}
20937
20938// Status code returns the HTTP status code for the request's response error.
20939func (s *PolicyTypeNotAvailableForOrganizationException) StatusCode() int {
20940	return s.RespMetadata.StatusCode
20941}
20942
20943// RequestID returns the service's response RequestID for request.
20944func (s *PolicyTypeNotAvailableForOrganizationException) RequestID() string {
20945	return s.RespMetadata.RequestID
20946}
20947
20948// The specified policy type isn't currently enabled in this root. You can't
20949// attach policies of the specified type to entities in a root until you enable
20950// that type in the root. For more information, see Enabling All Features in
20951// Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
20952// in the AWS Organizations User Guide.
20953type PolicyTypeNotEnabledException struct {
20954	_            struct{}                  `type:"structure"`
20955	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
20956
20957	Message_ *string `locationName:"Message" type:"string"`
20958}
20959
20960// String returns the string representation
20961func (s PolicyTypeNotEnabledException) String() string {
20962	return awsutil.Prettify(s)
20963}
20964
20965// GoString returns the string representation
20966func (s PolicyTypeNotEnabledException) GoString() string {
20967	return s.String()
20968}
20969
20970func newErrorPolicyTypeNotEnabledException(v protocol.ResponseMetadata) error {
20971	return &PolicyTypeNotEnabledException{
20972		RespMetadata: v,
20973	}
20974}
20975
20976// Code returns the exception type name.
20977func (s *PolicyTypeNotEnabledException) Code() string {
20978	return "PolicyTypeNotEnabledException"
20979}
20980
20981// Message returns the exception's message.
20982func (s *PolicyTypeNotEnabledException) Message() string {
20983	if s.Message_ != nil {
20984		return *s.Message_
20985	}
20986	return ""
20987}
20988
20989// OrigErr always returns nil, satisfies awserr.Error interface.
20990func (s *PolicyTypeNotEnabledException) OrigErr() error {
20991	return nil
20992}
20993
20994func (s *PolicyTypeNotEnabledException) Error() string {
20995	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
20996}
20997
20998// Status code returns the HTTP status code for the request's response error.
20999func (s *PolicyTypeNotEnabledException) StatusCode() int {
21000	return s.RespMetadata.StatusCode
21001}
21002
21003// RequestID returns the service's response RequestID for request.
21004func (s *PolicyTypeNotEnabledException) RequestID() string {
21005	return s.RespMetadata.RequestID
21006}
21007
21008// Contains information about a policy type and its status in the associated
21009// root.
21010type PolicyTypeSummary struct {
21011	_ struct{} `type:"structure"`
21012
21013	// The status of the policy type as it relates to the associated root. To attach
21014	// a policy of the specified type to a root or to an OU or account in that root,
21015	// it must be available in the organization and enabled for that root.
21016	Status *string `type:"string" enum:"PolicyTypeStatus"`
21017
21018	// The name of the policy type.
21019	Type *string `type:"string" enum:"PolicyType"`
21020}
21021
21022// String returns the string representation
21023func (s PolicyTypeSummary) String() string {
21024	return awsutil.Prettify(s)
21025}
21026
21027// GoString returns the string representation
21028func (s PolicyTypeSummary) GoString() string {
21029	return s.String()
21030}
21031
21032// SetStatus sets the Status field's value.
21033func (s *PolicyTypeSummary) SetStatus(v string) *PolicyTypeSummary {
21034	s.Status = &v
21035	return s
21036}
21037
21038// SetType sets the Type field's value.
21039func (s *PolicyTypeSummary) SetType(v string) *PolicyTypeSummary {
21040	s.Type = &v
21041	return s
21042}
21043
21044type RegisterDelegatedAdministratorInput struct {
21045	_ struct{} `type:"structure"`
21046
21047	// The account ID number of the member account in the organization to register
21048	// as a delegated administrator.
21049	//
21050	// AccountId is a required field
21051	AccountId *string `type:"string" required:"true"`
21052
21053	// The service principal of the AWS service for which you want to make the member
21054	// account a delegated administrator.
21055	//
21056	// ServicePrincipal is a required field
21057	ServicePrincipal *string `min:"1" type:"string" required:"true"`
21058}
21059
21060// String returns the string representation
21061func (s RegisterDelegatedAdministratorInput) String() string {
21062	return awsutil.Prettify(s)
21063}
21064
21065// GoString returns the string representation
21066func (s RegisterDelegatedAdministratorInput) GoString() string {
21067	return s.String()
21068}
21069
21070// Validate inspects the fields of the type to determine if they are valid.
21071func (s *RegisterDelegatedAdministratorInput) Validate() error {
21072	invalidParams := request.ErrInvalidParams{Context: "RegisterDelegatedAdministratorInput"}
21073	if s.AccountId == nil {
21074		invalidParams.Add(request.NewErrParamRequired("AccountId"))
21075	}
21076	if s.ServicePrincipal == nil {
21077		invalidParams.Add(request.NewErrParamRequired("ServicePrincipal"))
21078	}
21079	if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 {
21080		invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1))
21081	}
21082
21083	if invalidParams.Len() > 0 {
21084		return invalidParams
21085	}
21086	return nil
21087}
21088
21089// SetAccountId sets the AccountId field's value.
21090func (s *RegisterDelegatedAdministratorInput) SetAccountId(v string) *RegisterDelegatedAdministratorInput {
21091	s.AccountId = &v
21092	return s
21093}
21094
21095// SetServicePrincipal sets the ServicePrincipal field's value.
21096func (s *RegisterDelegatedAdministratorInput) SetServicePrincipal(v string) *RegisterDelegatedAdministratorInput {
21097	s.ServicePrincipal = &v
21098	return s
21099}
21100
21101type RegisterDelegatedAdministratorOutput struct {
21102	_ struct{} `type:"structure"`
21103}
21104
21105// String returns the string representation
21106func (s RegisterDelegatedAdministratorOutput) String() string {
21107	return awsutil.Prettify(s)
21108}
21109
21110// GoString returns the string representation
21111func (s RegisterDelegatedAdministratorOutput) GoString() string {
21112	return s.String()
21113}
21114
21115type RemoveAccountFromOrganizationInput struct {
21116	_ struct{} `type:"structure"`
21117
21118	// The unique identifier (ID) of the member account that you want to remove
21119	// from the organization.
21120	//
21121	// The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string
21122	// requires exactly 12 digits.
21123	//
21124	// AccountId is a required field
21125	AccountId *string `type:"string" required:"true"`
21126}
21127
21128// String returns the string representation
21129func (s RemoveAccountFromOrganizationInput) String() string {
21130	return awsutil.Prettify(s)
21131}
21132
21133// GoString returns the string representation
21134func (s RemoveAccountFromOrganizationInput) GoString() string {
21135	return s.String()
21136}
21137
21138// Validate inspects the fields of the type to determine if they are valid.
21139func (s *RemoveAccountFromOrganizationInput) Validate() error {
21140	invalidParams := request.ErrInvalidParams{Context: "RemoveAccountFromOrganizationInput"}
21141	if s.AccountId == nil {
21142		invalidParams.Add(request.NewErrParamRequired("AccountId"))
21143	}
21144
21145	if invalidParams.Len() > 0 {
21146		return invalidParams
21147	}
21148	return nil
21149}
21150
21151// SetAccountId sets the AccountId field's value.
21152func (s *RemoveAccountFromOrganizationInput) SetAccountId(v string) *RemoveAccountFromOrganizationInput {
21153	s.AccountId = &v
21154	return s
21155}
21156
21157type RemoveAccountFromOrganizationOutput struct {
21158	_ struct{} `type:"structure"`
21159}
21160
21161// String returns the string representation
21162func (s RemoveAccountFromOrganizationOutput) String() string {
21163	return awsutil.Prettify(s)
21164}
21165
21166// GoString returns the string representation
21167func (s RemoveAccountFromOrganizationOutput) GoString() string {
21168	return s.String()
21169}
21170
21171// Contains details about a root. A root is a top-level parent node in the hierarchy
21172// of an organization that can contain organizational units (OUs) and accounts.
21173// Every root contains every AWS account in the organization. Each root enables
21174// the accounts to be organized in a different way and to have different policy
21175// types enabled for use in that root.
21176type Root struct {
21177	_ struct{} `type:"structure"`
21178
21179	// The Amazon Resource Name (ARN) of the root.
21180	//
21181	// For more information about ARNs in Organizations, see ARN Formats Supported
21182	// by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns)
21183	// in the AWS Organizations User Guide.
21184	Arn *string `type:"string"`
21185
21186	// The unique identifier (ID) for the root.
21187	//
21188	// The regex pattern (http://wikipedia.org/wiki/regex) for a root ID string
21189	// requires "r-" followed by from 4 to 32 lower-case letters or digits.
21190	Id *string `type:"string"`
21191
21192	// The friendly name of the root.
21193	//
21194	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
21195	// this parameter is a string of any of the characters in the ASCII character
21196	// range.
21197	Name *string `min:"1" type:"string"`
21198
21199	// The types of policies that are currently enabled for the root and therefore
21200	// can be attached to the root or to its OUs or accounts.
21201	//
21202	// Even if a policy type is shown as available in the organization, you can
21203	// separately enable and disable them at the root level by using EnablePolicyType
21204	// and DisablePolicyType. Use DescribeOrganization to see the availability of
21205	// the policy types in that organization.
21206	PolicyTypes []*PolicyTypeSummary `type:"list"`
21207}
21208
21209// String returns the string representation
21210func (s Root) String() string {
21211	return awsutil.Prettify(s)
21212}
21213
21214// GoString returns the string representation
21215func (s Root) GoString() string {
21216	return s.String()
21217}
21218
21219// SetArn sets the Arn field's value.
21220func (s *Root) SetArn(v string) *Root {
21221	s.Arn = &v
21222	return s
21223}
21224
21225// SetId sets the Id field's value.
21226func (s *Root) SetId(v string) *Root {
21227	s.Id = &v
21228	return s
21229}
21230
21231// SetName sets the Name field's value.
21232func (s *Root) SetName(v string) *Root {
21233	s.Name = &v
21234	return s
21235}
21236
21237// SetPolicyTypes sets the PolicyTypes field's value.
21238func (s *Root) SetPolicyTypes(v []*PolicyTypeSummary) *Root {
21239	s.PolicyTypes = v
21240	return s
21241}
21242
21243// We can't find a root with the RootId that you specified.
21244type RootNotFoundException struct {
21245	_            struct{}                  `type:"structure"`
21246	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
21247
21248	Message_ *string `locationName:"Message" type:"string"`
21249}
21250
21251// String returns the string representation
21252func (s RootNotFoundException) String() string {
21253	return awsutil.Prettify(s)
21254}
21255
21256// GoString returns the string representation
21257func (s RootNotFoundException) GoString() string {
21258	return s.String()
21259}
21260
21261func newErrorRootNotFoundException(v protocol.ResponseMetadata) error {
21262	return &RootNotFoundException{
21263		RespMetadata: v,
21264	}
21265}
21266
21267// Code returns the exception type name.
21268func (s *RootNotFoundException) Code() string {
21269	return "RootNotFoundException"
21270}
21271
21272// Message returns the exception's message.
21273func (s *RootNotFoundException) Message() string {
21274	if s.Message_ != nil {
21275		return *s.Message_
21276	}
21277	return ""
21278}
21279
21280// OrigErr always returns nil, satisfies awserr.Error interface.
21281func (s *RootNotFoundException) OrigErr() error {
21282	return nil
21283}
21284
21285func (s *RootNotFoundException) Error() string {
21286	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
21287}
21288
21289// Status code returns the HTTP status code for the request's response error.
21290func (s *RootNotFoundException) StatusCode() int {
21291	return s.RespMetadata.StatusCode
21292}
21293
21294// RequestID returns the service's response RequestID for request.
21295func (s *RootNotFoundException) RequestID() string {
21296	return s.RespMetadata.RequestID
21297}
21298
21299// AWS Organizations can't complete your request because of an internal service
21300// error. Try again later.
21301type ServiceException struct {
21302	_            struct{}                  `type:"structure"`
21303	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
21304
21305	Message_ *string `locationName:"Message" type:"string"`
21306}
21307
21308// String returns the string representation
21309func (s ServiceException) String() string {
21310	return awsutil.Prettify(s)
21311}
21312
21313// GoString returns the string representation
21314func (s ServiceException) GoString() string {
21315	return s.String()
21316}
21317
21318func newErrorServiceException(v protocol.ResponseMetadata) error {
21319	return &ServiceException{
21320		RespMetadata: v,
21321	}
21322}
21323
21324// Code returns the exception type name.
21325func (s *ServiceException) Code() string {
21326	return "ServiceException"
21327}
21328
21329// Message returns the exception's message.
21330func (s *ServiceException) Message() string {
21331	if s.Message_ != nil {
21332		return *s.Message_
21333	}
21334	return ""
21335}
21336
21337// OrigErr always returns nil, satisfies awserr.Error interface.
21338func (s *ServiceException) OrigErr() error {
21339	return nil
21340}
21341
21342func (s *ServiceException) Error() string {
21343	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
21344}
21345
21346// Status code returns the HTTP status code for the request's response error.
21347func (s *ServiceException) StatusCode() int {
21348	return s.RespMetadata.StatusCode
21349}
21350
21351// RequestID returns the service's response RequestID for request.
21352func (s *ServiceException) RequestID() string {
21353	return s.RespMetadata.RequestID
21354}
21355
21356// We can't find a source root or OU with the ParentId that you specified.
21357type SourceParentNotFoundException struct {
21358	_            struct{}                  `type:"structure"`
21359	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
21360
21361	Message_ *string `locationName:"Message" type:"string"`
21362}
21363
21364// String returns the string representation
21365func (s SourceParentNotFoundException) String() string {
21366	return awsutil.Prettify(s)
21367}
21368
21369// GoString returns the string representation
21370func (s SourceParentNotFoundException) GoString() string {
21371	return s.String()
21372}
21373
21374func newErrorSourceParentNotFoundException(v protocol.ResponseMetadata) error {
21375	return &SourceParentNotFoundException{
21376		RespMetadata: v,
21377	}
21378}
21379
21380// Code returns the exception type name.
21381func (s *SourceParentNotFoundException) Code() string {
21382	return "SourceParentNotFoundException"
21383}
21384
21385// Message returns the exception's message.
21386func (s *SourceParentNotFoundException) Message() string {
21387	if s.Message_ != nil {
21388		return *s.Message_
21389	}
21390	return ""
21391}
21392
21393// OrigErr always returns nil, satisfies awserr.Error interface.
21394func (s *SourceParentNotFoundException) OrigErr() error {
21395	return nil
21396}
21397
21398func (s *SourceParentNotFoundException) Error() string {
21399	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
21400}
21401
21402// Status code returns the HTTP status code for the request's response error.
21403func (s *SourceParentNotFoundException) StatusCode() int {
21404	return s.RespMetadata.StatusCode
21405}
21406
21407// RequestID returns the service's response RequestID for request.
21408func (s *SourceParentNotFoundException) RequestID() string {
21409	return s.RespMetadata.RequestID
21410}
21411
21412// A custom key-value pair associated with a resource such as an account within
21413// your organization.
21414type Tag struct {
21415	_ struct{} `type:"structure"`
21416
21417	// The key identifier, or name, of the tag.
21418	//
21419	// Key is a required field
21420	Key *string `min:"1" type:"string" required:"true"`
21421
21422	// The string value that's associated with the key of the tag. You can set the
21423	// value of a tag to an empty string, but you can't set the value of a tag to
21424	// null.
21425	//
21426	// Value is a required field
21427	Value *string `type:"string" required:"true"`
21428}
21429
21430// String returns the string representation
21431func (s Tag) String() string {
21432	return awsutil.Prettify(s)
21433}
21434
21435// GoString returns the string representation
21436func (s Tag) GoString() string {
21437	return s.String()
21438}
21439
21440// Validate inspects the fields of the type to determine if they are valid.
21441func (s *Tag) Validate() error {
21442	invalidParams := request.ErrInvalidParams{Context: "Tag"}
21443	if s.Key == nil {
21444		invalidParams.Add(request.NewErrParamRequired("Key"))
21445	}
21446	if s.Key != nil && len(*s.Key) < 1 {
21447		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
21448	}
21449	if s.Value == nil {
21450		invalidParams.Add(request.NewErrParamRequired("Value"))
21451	}
21452
21453	if invalidParams.Len() > 0 {
21454		return invalidParams
21455	}
21456	return nil
21457}
21458
21459// SetKey sets the Key field's value.
21460func (s *Tag) SetKey(v string) *Tag {
21461	s.Key = &v
21462	return s
21463}
21464
21465// SetValue sets the Value field's value.
21466func (s *Tag) SetValue(v string) *Tag {
21467	s.Value = &v
21468	return s
21469}
21470
21471type TagResourceInput struct {
21472	_ struct{} `type:"structure"`
21473
21474	// The ID of the resource to add a tag to.
21475	//
21476	// ResourceId is a required field
21477	ResourceId *string `type:"string" required:"true"`
21478
21479	// The tag to add to the specified resource. You must specify both a tag key
21480	// and value. You can set the value of a tag to an empty string, but you can't
21481	// set it to null.
21482	//
21483	// Tags is a required field
21484	Tags []*Tag `type:"list" required:"true"`
21485}
21486
21487// String returns the string representation
21488func (s TagResourceInput) String() string {
21489	return awsutil.Prettify(s)
21490}
21491
21492// GoString returns the string representation
21493func (s TagResourceInput) GoString() string {
21494	return s.String()
21495}
21496
21497// Validate inspects the fields of the type to determine if they are valid.
21498func (s *TagResourceInput) Validate() error {
21499	invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"}
21500	if s.ResourceId == nil {
21501		invalidParams.Add(request.NewErrParamRequired("ResourceId"))
21502	}
21503	if s.Tags == nil {
21504		invalidParams.Add(request.NewErrParamRequired("Tags"))
21505	}
21506	if s.Tags != nil {
21507		for i, v := range s.Tags {
21508			if v == nil {
21509				continue
21510			}
21511			if err := v.Validate(); err != nil {
21512				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
21513			}
21514		}
21515	}
21516
21517	if invalidParams.Len() > 0 {
21518		return invalidParams
21519	}
21520	return nil
21521}
21522
21523// SetResourceId sets the ResourceId field's value.
21524func (s *TagResourceInput) SetResourceId(v string) *TagResourceInput {
21525	s.ResourceId = &v
21526	return s
21527}
21528
21529// SetTags sets the Tags field's value.
21530func (s *TagResourceInput) SetTags(v []*Tag) *TagResourceInput {
21531	s.Tags = v
21532	return s
21533}
21534
21535type TagResourceOutput struct {
21536	_ struct{} `type:"structure"`
21537}
21538
21539// String returns the string representation
21540func (s TagResourceOutput) String() string {
21541	return awsutil.Prettify(s)
21542}
21543
21544// GoString returns the string representation
21545func (s TagResourceOutput) GoString() string {
21546	return s.String()
21547}
21548
21549// We can't find a root, OU, or account with the TargetId that you specified.
21550type TargetNotFoundException struct {
21551	_            struct{}                  `type:"structure"`
21552	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
21553
21554	Message_ *string `locationName:"Message" type:"string"`
21555}
21556
21557// String returns the string representation
21558func (s TargetNotFoundException) String() string {
21559	return awsutil.Prettify(s)
21560}
21561
21562// GoString returns the string representation
21563func (s TargetNotFoundException) GoString() string {
21564	return s.String()
21565}
21566
21567func newErrorTargetNotFoundException(v protocol.ResponseMetadata) error {
21568	return &TargetNotFoundException{
21569		RespMetadata: v,
21570	}
21571}
21572
21573// Code returns the exception type name.
21574func (s *TargetNotFoundException) Code() string {
21575	return "TargetNotFoundException"
21576}
21577
21578// Message returns the exception's message.
21579func (s *TargetNotFoundException) Message() string {
21580	if s.Message_ != nil {
21581		return *s.Message_
21582	}
21583	return ""
21584}
21585
21586// OrigErr always returns nil, satisfies awserr.Error interface.
21587func (s *TargetNotFoundException) OrigErr() error {
21588	return nil
21589}
21590
21591func (s *TargetNotFoundException) Error() string {
21592	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
21593}
21594
21595// Status code returns the HTTP status code for the request's response error.
21596func (s *TargetNotFoundException) StatusCode() int {
21597	return s.RespMetadata.StatusCode
21598}
21599
21600// RequestID returns the service's response RequestID for request.
21601func (s *TargetNotFoundException) RequestID() string {
21602	return s.RespMetadata.RequestID
21603}
21604
21605// You have sent too many requests in too short a period of time. The quota
21606// helps protect against denial-of-service attacks. Try again later.
21607//
21608// For information about quotas that affect AWS Organizations, see Quotas for
21609// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
21610// the AWS Organizations User Guide.
21611type TooManyRequestsException struct {
21612	_            struct{}                  `type:"structure"`
21613	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
21614
21615	Message_ *string `locationName:"Message" type:"string"`
21616
21617	Type *string `type:"string"`
21618}
21619
21620// String returns the string representation
21621func (s TooManyRequestsException) String() string {
21622	return awsutil.Prettify(s)
21623}
21624
21625// GoString returns the string representation
21626func (s TooManyRequestsException) GoString() string {
21627	return s.String()
21628}
21629
21630func newErrorTooManyRequestsException(v protocol.ResponseMetadata) error {
21631	return &TooManyRequestsException{
21632		RespMetadata: v,
21633	}
21634}
21635
21636// Code returns the exception type name.
21637func (s *TooManyRequestsException) Code() string {
21638	return "TooManyRequestsException"
21639}
21640
21641// Message returns the exception's message.
21642func (s *TooManyRequestsException) Message() string {
21643	if s.Message_ != nil {
21644		return *s.Message_
21645	}
21646	return ""
21647}
21648
21649// OrigErr always returns nil, satisfies awserr.Error interface.
21650func (s *TooManyRequestsException) OrigErr() error {
21651	return nil
21652}
21653
21654func (s *TooManyRequestsException) Error() string {
21655	return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
21656}
21657
21658// Status code returns the HTTP status code for the request's response error.
21659func (s *TooManyRequestsException) StatusCode() int {
21660	return s.RespMetadata.StatusCode
21661}
21662
21663// RequestID returns the service's response RequestID for request.
21664func (s *TooManyRequestsException) RequestID() string {
21665	return s.RespMetadata.RequestID
21666}
21667
21668// This action isn't available in the current AWS Region.
21669type UnsupportedAPIEndpointException struct {
21670	_            struct{}                  `type:"structure"`
21671	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
21672
21673	Message_ *string `locationName:"Message" type:"string"`
21674}
21675
21676// String returns the string representation
21677func (s UnsupportedAPIEndpointException) String() string {
21678	return awsutil.Prettify(s)
21679}
21680
21681// GoString returns the string representation
21682func (s UnsupportedAPIEndpointException) GoString() string {
21683	return s.String()
21684}
21685
21686func newErrorUnsupportedAPIEndpointException(v protocol.ResponseMetadata) error {
21687	return &UnsupportedAPIEndpointException{
21688		RespMetadata: v,
21689	}
21690}
21691
21692// Code returns the exception type name.
21693func (s *UnsupportedAPIEndpointException) Code() string {
21694	return "UnsupportedAPIEndpointException"
21695}
21696
21697// Message returns the exception's message.
21698func (s *UnsupportedAPIEndpointException) Message() string {
21699	if s.Message_ != nil {
21700		return *s.Message_
21701	}
21702	return ""
21703}
21704
21705// OrigErr always returns nil, satisfies awserr.Error interface.
21706func (s *UnsupportedAPIEndpointException) OrigErr() error {
21707	return nil
21708}
21709
21710func (s *UnsupportedAPIEndpointException) Error() string {
21711	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
21712}
21713
21714// Status code returns the HTTP status code for the request's response error.
21715func (s *UnsupportedAPIEndpointException) StatusCode() int {
21716	return s.RespMetadata.StatusCode
21717}
21718
21719// RequestID returns the service's response RequestID for request.
21720func (s *UnsupportedAPIEndpointException) RequestID() string {
21721	return s.RespMetadata.RequestID
21722}
21723
21724type UntagResourceInput struct {
21725	_ struct{} `type:"structure"`
21726
21727	// The ID of the resource to remove the tag from.
21728	//
21729	// ResourceId is a required field
21730	ResourceId *string `type:"string" required:"true"`
21731
21732	// The tag to remove from the specified resource.
21733	//
21734	// TagKeys is a required field
21735	TagKeys []*string `type:"list" required:"true"`
21736}
21737
21738// String returns the string representation
21739func (s UntagResourceInput) String() string {
21740	return awsutil.Prettify(s)
21741}
21742
21743// GoString returns the string representation
21744func (s UntagResourceInput) GoString() string {
21745	return s.String()
21746}
21747
21748// Validate inspects the fields of the type to determine if they are valid.
21749func (s *UntagResourceInput) Validate() error {
21750	invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"}
21751	if s.ResourceId == nil {
21752		invalidParams.Add(request.NewErrParamRequired("ResourceId"))
21753	}
21754	if s.TagKeys == nil {
21755		invalidParams.Add(request.NewErrParamRequired("TagKeys"))
21756	}
21757
21758	if invalidParams.Len() > 0 {
21759		return invalidParams
21760	}
21761	return nil
21762}
21763
21764// SetResourceId sets the ResourceId field's value.
21765func (s *UntagResourceInput) SetResourceId(v string) *UntagResourceInput {
21766	s.ResourceId = &v
21767	return s
21768}
21769
21770// SetTagKeys sets the TagKeys field's value.
21771func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput {
21772	s.TagKeys = v
21773	return s
21774}
21775
21776type UntagResourceOutput struct {
21777	_ struct{} `type:"structure"`
21778}
21779
21780// String returns the string representation
21781func (s UntagResourceOutput) String() string {
21782	return awsutil.Prettify(s)
21783}
21784
21785// GoString returns the string representation
21786func (s UntagResourceOutput) GoString() string {
21787	return s.String()
21788}
21789
21790type UpdateOrganizationalUnitInput struct {
21791	_ struct{} `type:"structure"`
21792
21793	// The new name that you want to assign to the OU.
21794	//
21795	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
21796	// this parameter is a string of any of the characters in the ASCII character
21797	// range.
21798	Name *string `min:"1" type:"string"`
21799
21800	// The unique identifier (ID) of the OU that you want to rename. You can get
21801	// the ID from the ListOrganizationalUnitsForParent operation.
21802	//
21803	// The regex pattern (http://wikipedia.org/wiki/regex) for an organizational
21804	// unit ID string requires "ou-" followed by from 4 to 32 lowercase letters
21805	// or digits (the ID of the root that contains the OU). This string is followed
21806	// by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
21807	//
21808	// OrganizationalUnitId is a required field
21809	OrganizationalUnitId *string `type:"string" required:"true"`
21810}
21811
21812// String returns the string representation
21813func (s UpdateOrganizationalUnitInput) String() string {
21814	return awsutil.Prettify(s)
21815}
21816
21817// GoString returns the string representation
21818func (s UpdateOrganizationalUnitInput) GoString() string {
21819	return s.String()
21820}
21821
21822// Validate inspects the fields of the type to determine if they are valid.
21823func (s *UpdateOrganizationalUnitInput) Validate() error {
21824	invalidParams := request.ErrInvalidParams{Context: "UpdateOrganizationalUnitInput"}
21825	if s.Name != nil && len(*s.Name) < 1 {
21826		invalidParams.Add(request.NewErrParamMinLen("Name", 1))
21827	}
21828	if s.OrganizationalUnitId == nil {
21829		invalidParams.Add(request.NewErrParamRequired("OrganizationalUnitId"))
21830	}
21831
21832	if invalidParams.Len() > 0 {
21833		return invalidParams
21834	}
21835	return nil
21836}
21837
21838// SetName sets the Name field's value.
21839func (s *UpdateOrganizationalUnitInput) SetName(v string) *UpdateOrganizationalUnitInput {
21840	s.Name = &v
21841	return s
21842}
21843
21844// SetOrganizationalUnitId sets the OrganizationalUnitId field's value.
21845func (s *UpdateOrganizationalUnitInput) SetOrganizationalUnitId(v string) *UpdateOrganizationalUnitInput {
21846	s.OrganizationalUnitId = &v
21847	return s
21848}
21849
21850type UpdateOrganizationalUnitOutput struct {
21851	_ struct{} `type:"structure"`
21852
21853	// A structure that contains the details about the specified OU, including its
21854	// new name.
21855	OrganizationalUnit *OrganizationalUnit `type:"structure"`
21856}
21857
21858// String returns the string representation
21859func (s UpdateOrganizationalUnitOutput) String() string {
21860	return awsutil.Prettify(s)
21861}
21862
21863// GoString returns the string representation
21864func (s UpdateOrganizationalUnitOutput) GoString() string {
21865	return s.String()
21866}
21867
21868// SetOrganizationalUnit sets the OrganizationalUnit field's value.
21869func (s *UpdateOrganizationalUnitOutput) SetOrganizationalUnit(v *OrganizationalUnit) *UpdateOrganizationalUnitOutput {
21870	s.OrganizationalUnit = v
21871	return s
21872}
21873
21874type UpdatePolicyInput struct {
21875	_ struct{} `type:"structure"`
21876
21877	// If provided, the new content for the policy. The text must be correctly formatted
21878	// JSON that complies with the syntax for the policy's type. For more information,
21879	// see Service Control Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html)
21880	// in the AWS Organizations User Guide.
21881	Content *string `min:"1" type:"string"`
21882
21883	// If provided, the new description for the policy.
21884	Description *string `type:"string"`
21885
21886	// If provided, the new name for the policy.
21887	//
21888	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
21889	// this parameter is a string of any of the characters in the ASCII character
21890	// range.
21891	Name *string `min:"1" type:"string"`
21892
21893	// The unique identifier (ID) of the policy that you want to update.
21894	//
21895	// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
21896	// requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits,
21897	// or the underscore character (_).
21898	//
21899	// PolicyId is a required field
21900	PolicyId *string `type:"string" required:"true"`
21901}
21902
21903// String returns the string representation
21904func (s UpdatePolicyInput) String() string {
21905	return awsutil.Prettify(s)
21906}
21907
21908// GoString returns the string representation
21909func (s UpdatePolicyInput) GoString() string {
21910	return s.String()
21911}
21912
21913// Validate inspects the fields of the type to determine if they are valid.
21914func (s *UpdatePolicyInput) Validate() error {
21915	invalidParams := request.ErrInvalidParams{Context: "UpdatePolicyInput"}
21916	if s.Content != nil && len(*s.Content) < 1 {
21917		invalidParams.Add(request.NewErrParamMinLen("Content", 1))
21918	}
21919	if s.Name != nil && len(*s.Name) < 1 {
21920		invalidParams.Add(request.NewErrParamMinLen("Name", 1))
21921	}
21922	if s.PolicyId == nil {
21923		invalidParams.Add(request.NewErrParamRequired("PolicyId"))
21924	}
21925
21926	if invalidParams.Len() > 0 {
21927		return invalidParams
21928	}
21929	return nil
21930}
21931
21932// SetContent sets the Content field's value.
21933func (s *UpdatePolicyInput) SetContent(v string) *UpdatePolicyInput {
21934	s.Content = &v
21935	return s
21936}
21937
21938// SetDescription sets the Description field's value.
21939func (s *UpdatePolicyInput) SetDescription(v string) *UpdatePolicyInput {
21940	s.Description = &v
21941	return s
21942}
21943
21944// SetName sets the Name field's value.
21945func (s *UpdatePolicyInput) SetName(v string) *UpdatePolicyInput {
21946	s.Name = &v
21947	return s
21948}
21949
21950// SetPolicyId sets the PolicyId field's value.
21951func (s *UpdatePolicyInput) SetPolicyId(v string) *UpdatePolicyInput {
21952	s.PolicyId = &v
21953	return s
21954}
21955
21956type UpdatePolicyOutput struct {
21957	_ struct{} `type:"structure"`
21958
21959	// A structure that contains details about the updated policy, showing the requested
21960	// changes.
21961	Policy *Policy `type:"structure"`
21962}
21963
21964// String returns the string representation
21965func (s UpdatePolicyOutput) String() string {
21966	return awsutil.Prettify(s)
21967}
21968
21969// GoString returns the string representation
21970func (s UpdatePolicyOutput) GoString() string {
21971	return s.String()
21972}
21973
21974// SetPolicy sets the Policy field's value.
21975func (s *UpdatePolicyOutput) SetPolicy(v *Policy) *UpdatePolicyOutput {
21976	s.Policy = v
21977	return s
21978}
21979
21980const (
21981	// AccessDeniedForDependencyExceptionReasonAccessDeniedDuringCreateServiceLinkedRole is a AccessDeniedForDependencyExceptionReason enum value
21982	AccessDeniedForDependencyExceptionReasonAccessDeniedDuringCreateServiceLinkedRole = "ACCESS_DENIED_DURING_CREATE_SERVICE_LINKED_ROLE"
21983)
21984
21985const (
21986	// AccountJoinedMethodInvited is a AccountJoinedMethod enum value
21987	AccountJoinedMethodInvited = "INVITED"
21988
21989	// AccountJoinedMethodCreated is a AccountJoinedMethod enum value
21990	AccountJoinedMethodCreated = "CREATED"
21991)
21992
21993const (
21994	// AccountStatusActive is a AccountStatus enum value
21995	AccountStatusActive = "ACTIVE"
21996
21997	// AccountStatusSuspended is a AccountStatus enum value
21998	AccountStatusSuspended = "SUSPENDED"
21999)
22000
22001const (
22002	// ActionTypeInvite is a ActionType enum value
22003	ActionTypeInvite = "INVITE"
22004
22005	// ActionTypeEnableAllFeatures is a ActionType enum value
22006	ActionTypeEnableAllFeatures = "ENABLE_ALL_FEATURES"
22007
22008	// ActionTypeApproveAllFeatures is a ActionType enum value
22009	ActionTypeApproveAllFeatures = "APPROVE_ALL_FEATURES"
22010
22011	// ActionTypeAddOrganizationsServiceLinkedRole is a ActionType enum value
22012	ActionTypeAddOrganizationsServiceLinkedRole = "ADD_ORGANIZATIONS_SERVICE_LINKED_ROLE"
22013)
22014
22015const (
22016	// ChildTypeAccount is a ChildType enum value
22017	ChildTypeAccount = "ACCOUNT"
22018
22019	// ChildTypeOrganizationalUnit is a ChildType enum value
22020	ChildTypeOrganizationalUnit = "ORGANIZATIONAL_UNIT"
22021)
22022
22023const (
22024	// ConstraintViolationExceptionReasonAccountNumberLimitExceeded is a ConstraintViolationExceptionReason enum value
22025	ConstraintViolationExceptionReasonAccountNumberLimitExceeded = "ACCOUNT_NUMBER_LIMIT_EXCEEDED"
22026
22027	// ConstraintViolationExceptionReasonHandshakeRateLimitExceeded is a ConstraintViolationExceptionReason enum value
22028	ConstraintViolationExceptionReasonHandshakeRateLimitExceeded = "HANDSHAKE_RATE_LIMIT_EXCEEDED"
22029
22030	// ConstraintViolationExceptionReasonOuNumberLimitExceeded is a ConstraintViolationExceptionReason enum value
22031	ConstraintViolationExceptionReasonOuNumberLimitExceeded = "OU_NUMBER_LIMIT_EXCEEDED"
22032
22033	// ConstraintViolationExceptionReasonOuDepthLimitExceeded is a ConstraintViolationExceptionReason enum value
22034	ConstraintViolationExceptionReasonOuDepthLimitExceeded = "OU_DEPTH_LIMIT_EXCEEDED"
22035
22036	// ConstraintViolationExceptionReasonPolicyNumberLimitExceeded is a ConstraintViolationExceptionReason enum value
22037	ConstraintViolationExceptionReasonPolicyNumberLimitExceeded = "POLICY_NUMBER_LIMIT_EXCEEDED"
22038
22039	// ConstraintViolationExceptionReasonPolicyContentLimitExceeded is a ConstraintViolationExceptionReason enum value
22040	ConstraintViolationExceptionReasonPolicyContentLimitExceeded = "POLICY_CONTENT_LIMIT_EXCEEDED"
22041
22042	// ConstraintViolationExceptionReasonMaxPolicyTypeAttachmentLimitExceeded is a ConstraintViolationExceptionReason enum value
22043	ConstraintViolationExceptionReasonMaxPolicyTypeAttachmentLimitExceeded = "MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED"
22044
22045	// ConstraintViolationExceptionReasonMinPolicyTypeAttachmentLimitExceeded is a ConstraintViolationExceptionReason enum value
22046	ConstraintViolationExceptionReasonMinPolicyTypeAttachmentLimitExceeded = "MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED"
22047
22048	// ConstraintViolationExceptionReasonAccountCannotLeaveOrganization is a ConstraintViolationExceptionReason enum value
22049	ConstraintViolationExceptionReasonAccountCannotLeaveOrganization = "ACCOUNT_CANNOT_LEAVE_ORGANIZATION"
22050
22051	// ConstraintViolationExceptionReasonAccountCannotLeaveWithoutEula is a ConstraintViolationExceptionReason enum value
22052	ConstraintViolationExceptionReasonAccountCannotLeaveWithoutEula = "ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA"
22053
22054	// ConstraintViolationExceptionReasonAccountCannotLeaveWithoutPhoneVerification is a ConstraintViolationExceptionReason enum value
22055	ConstraintViolationExceptionReasonAccountCannotLeaveWithoutPhoneVerification = "ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION"
22056
22057	// ConstraintViolationExceptionReasonMasterAccountPaymentInstrumentRequired is a ConstraintViolationExceptionReason enum value
22058	ConstraintViolationExceptionReasonMasterAccountPaymentInstrumentRequired = "MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED"
22059
22060	// ConstraintViolationExceptionReasonMemberAccountPaymentInstrumentRequired is a ConstraintViolationExceptionReason enum value
22061	ConstraintViolationExceptionReasonMemberAccountPaymentInstrumentRequired = "MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED"
22062
22063	// ConstraintViolationExceptionReasonAccountCreationRateLimitExceeded is a ConstraintViolationExceptionReason enum value
22064	ConstraintViolationExceptionReasonAccountCreationRateLimitExceeded = "ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED"
22065
22066	// ConstraintViolationExceptionReasonMasterAccountAddressDoesNotMatchMarketplace is a ConstraintViolationExceptionReason enum value
22067	ConstraintViolationExceptionReasonMasterAccountAddressDoesNotMatchMarketplace = "MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE"
22068
22069	// ConstraintViolationExceptionReasonMasterAccountMissingContactInfo is a ConstraintViolationExceptionReason enum value
22070	ConstraintViolationExceptionReasonMasterAccountMissingContactInfo = "MASTER_ACCOUNT_MISSING_CONTACT_INFO"
22071
22072	// ConstraintViolationExceptionReasonMasterAccountNotGovcloudEnabled is a ConstraintViolationExceptionReason enum value
22073	ConstraintViolationExceptionReasonMasterAccountNotGovcloudEnabled = "MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED"
22074
22075	// ConstraintViolationExceptionReasonOrganizationNotInAllFeaturesMode is a ConstraintViolationExceptionReason enum value
22076	ConstraintViolationExceptionReasonOrganizationNotInAllFeaturesMode = "ORGANIZATION_NOT_IN_ALL_FEATURES_MODE"
22077
22078	// ConstraintViolationExceptionReasonCreateOrganizationInBillingModeUnsupportedRegion is a ConstraintViolationExceptionReason enum value
22079	ConstraintViolationExceptionReasonCreateOrganizationInBillingModeUnsupportedRegion = "CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION"
22080
22081	// ConstraintViolationExceptionReasonEmailVerificationCodeExpired is a ConstraintViolationExceptionReason enum value
22082	ConstraintViolationExceptionReasonEmailVerificationCodeExpired = "EMAIL_VERIFICATION_CODE_EXPIRED"
22083
22084	// ConstraintViolationExceptionReasonWaitPeriodActive is a ConstraintViolationExceptionReason enum value
22085	ConstraintViolationExceptionReasonWaitPeriodActive = "WAIT_PERIOD_ACTIVE"
22086
22087	// ConstraintViolationExceptionReasonMaxTagLimitExceeded is a ConstraintViolationExceptionReason enum value
22088	ConstraintViolationExceptionReasonMaxTagLimitExceeded = "MAX_TAG_LIMIT_EXCEEDED"
22089
22090	// ConstraintViolationExceptionReasonTagPolicyViolation is a ConstraintViolationExceptionReason enum value
22091	ConstraintViolationExceptionReasonTagPolicyViolation = "TAG_POLICY_VIOLATION"
22092
22093	// ConstraintViolationExceptionReasonMaxDelegatedAdministratorsForServiceLimitExceeded is a ConstraintViolationExceptionReason enum value
22094	ConstraintViolationExceptionReasonMaxDelegatedAdministratorsForServiceLimitExceeded = "MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED"
22095
22096	// ConstraintViolationExceptionReasonCannotRegisterMasterAsDelegatedAdministrator is a ConstraintViolationExceptionReason enum value
22097	ConstraintViolationExceptionReasonCannotRegisterMasterAsDelegatedAdministrator = "CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR"
22098
22099	// ConstraintViolationExceptionReasonCannotRemoveDelegatedAdministratorFromOrg is a ConstraintViolationExceptionReason enum value
22100	ConstraintViolationExceptionReasonCannotRemoveDelegatedAdministratorFromOrg = "CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG"
22101
22102	// ConstraintViolationExceptionReasonDelegatedAdministratorExistsForThisService is a ConstraintViolationExceptionReason enum value
22103	ConstraintViolationExceptionReasonDelegatedAdministratorExistsForThisService = "DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE"
22104
22105	// ConstraintViolationExceptionReasonMasterAccountMissingBusinessLicense is a ConstraintViolationExceptionReason enum value
22106	ConstraintViolationExceptionReasonMasterAccountMissingBusinessLicense = "MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE"
22107)
22108
22109const (
22110	// CreateAccountFailureReasonAccountLimitExceeded is a CreateAccountFailureReason enum value
22111	CreateAccountFailureReasonAccountLimitExceeded = "ACCOUNT_LIMIT_EXCEEDED"
22112
22113	// CreateAccountFailureReasonEmailAlreadyExists is a CreateAccountFailureReason enum value
22114	CreateAccountFailureReasonEmailAlreadyExists = "EMAIL_ALREADY_EXISTS"
22115
22116	// CreateAccountFailureReasonInvalidAddress is a CreateAccountFailureReason enum value
22117	CreateAccountFailureReasonInvalidAddress = "INVALID_ADDRESS"
22118
22119	// CreateAccountFailureReasonInvalidEmail is a CreateAccountFailureReason enum value
22120	CreateAccountFailureReasonInvalidEmail = "INVALID_EMAIL"
22121
22122	// CreateAccountFailureReasonConcurrentAccountModification is a CreateAccountFailureReason enum value
22123	CreateAccountFailureReasonConcurrentAccountModification = "CONCURRENT_ACCOUNT_MODIFICATION"
22124
22125	// CreateAccountFailureReasonInternalFailure is a CreateAccountFailureReason enum value
22126	CreateAccountFailureReasonInternalFailure = "INTERNAL_FAILURE"
22127
22128	// CreateAccountFailureReasonGovcloudAccountAlreadyExists is a CreateAccountFailureReason enum value
22129	CreateAccountFailureReasonGovcloudAccountAlreadyExists = "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
22130)
22131
22132const (
22133	// CreateAccountStateInProgress is a CreateAccountState enum value
22134	CreateAccountStateInProgress = "IN_PROGRESS"
22135
22136	// CreateAccountStateSucceeded is a CreateAccountState enum value
22137	CreateAccountStateSucceeded = "SUCCEEDED"
22138
22139	// CreateAccountStateFailed is a CreateAccountState enum value
22140	CreateAccountStateFailed = "FAILED"
22141)
22142
22143const (
22144	// EffectivePolicyTypeTagPolicy is a EffectivePolicyType enum value
22145	EffectivePolicyTypeTagPolicy = "TAG_POLICY"
22146
22147	// EffectivePolicyTypeBackupPolicy is a EffectivePolicyType enum value
22148	EffectivePolicyTypeBackupPolicy = "BACKUP_POLICY"
22149
22150	// EffectivePolicyTypeAiservicesOptOutPolicy is a EffectivePolicyType enum value
22151	EffectivePolicyTypeAiservicesOptOutPolicy = "AISERVICES_OPT_OUT_POLICY"
22152)
22153
22154const (
22155	// HandshakeConstraintViolationExceptionReasonAccountNumberLimitExceeded is a HandshakeConstraintViolationExceptionReason enum value
22156	HandshakeConstraintViolationExceptionReasonAccountNumberLimitExceeded = "ACCOUNT_NUMBER_LIMIT_EXCEEDED"
22157
22158	// HandshakeConstraintViolationExceptionReasonHandshakeRateLimitExceeded is a HandshakeConstraintViolationExceptionReason enum value
22159	HandshakeConstraintViolationExceptionReasonHandshakeRateLimitExceeded = "HANDSHAKE_RATE_LIMIT_EXCEEDED"
22160
22161	// HandshakeConstraintViolationExceptionReasonAlreadyInAnOrganization is a HandshakeConstraintViolationExceptionReason enum value
22162	HandshakeConstraintViolationExceptionReasonAlreadyInAnOrganization = "ALREADY_IN_AN_ORGANIZATION"
22163
22164	// HandshakeConstraintViolationExceptionReasonOrganizationAlreadyHasAllFeatures is a HandshakeConstraintViolationExceptionReason enum value
22165	HandshakeConstraintViolationExceptionReasonOrganizationAlreadyHasAllFeatures = "ORGANIZATION_ALREADY_HAS_ALL_FEATURES"
22166
22167	// HandshakeConstraintViolationExceptionReasonInviteDisabledDuringEnableAllFeatures is a HandshakeConstraintViolationExceptionReason enum value
22168	HandshakeConstraintViolationExceptionReasonInviteDisabledDuringEnableAllFeatures = "INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES"
22169
22170	// HandshakeConstraintViolationExceptionReasonPaymentInstrumentRequired is a HandshakeConstraintViolationExceptionReason enum value
22171	HandshakeConstraintViolationExceptionReasonPaymentInstrumentRequired = "PAYMENT_INSTRUMENT_REQUIRED"
22172
22173	// HandshakeConstraintViolationExceptionReasonOrganizationFromDifferentSellerOfRecord is a HandshakeConstraintViolationExceptionReason enum value
22174	HandshakeConstraintViolationExceptionReasonOrganizationFromDifferentSellerOfRecord = "ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD"
22175
22176	// HandshakeConstraintViolationExceptionReasonOrganizationMembershipChangeRateLimitExceeded is a HandshakeConstraintViolationExceptionReason enum value
22177	HandshakeConstraintViolationExceptionReasonOrganizationMembershipChangeRateLimitExceeded = "ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED"
22178)
22179
22180const (
22181	// HandshakePartyTypeAccount is a HandshakePartyType enum value
22182	HandshakePartyTypeAccount = "ACCOUNT"
22183
22184	// HandshakePartyTypeOrganization is a HandshakePartyType enum value
22185	HandshakePartyTypeOrganization = "ORGANIZATION"
22186
22187	// HandshakePartyTypeEmail is a HandshakePartyType enum value
22188	HandshakePartyTypeEmail = "EMAIL"
22189)
22190
22191const (
22192	// HandshakeResourceTypeAccount is a HandshakeResourceType enum value
22193	HandshakeResourceTypeAccount = "ACCOUNT"
22194
22195	// HandshakeResourceTypeOrganization is a HandshakeResourceType enum value
22196	HandshakeResourceTypeOrganization = "ORGANIZATION"
22197
22198	// HandshakeResourceTypeOrganizationFeatureSet is a HandshakeResourceType enum value
22199	HandshakeResourceTypeOrganizationFeatureSet = "ORGANIZATION_FEATURE_SET"
22200
22201	// HandshakeResourceTypeEmail is a HandshakeResourceType enum value
22202	HandshakeResourceTypeEmail = "EMAIL"
22203
22204	// HandshakeResourceTypeMasterEmail is a HandshakeResourceType enum value
22205	HandshakeResourceTypeMasterEmail = "MASTER_EMAIL"
22206
22207	// HandshakeResourceTypeMasterName is a HandshakeResourceType enum value
22208	HandshakeResourceTypeMasterName = "MASTER_NAME"
22209
22210	// HandshakeResourceTypeNotes is a HandshakeResourceType enum value
22211	HandshakeResourceTypeNotes = "NOTES"
22212
22213	// HandshakeResourceTypeParentHandshake is a HandshakeResourceType enum value
22214	HandshakeResourceTypeParentHandshake = "PARENT_HANDSHAKE"
22215)
22216
22217const (
22218	// HandshakeStateRequested is a HandshakeState enum value
22219	HandshakeStateRequested = "REQUESTED"
22220
22221	// HandshakeStateOpen is a HandshakeState enum value
22222	HandshakeStateOpen = "OPEN"
22223
22224	// HandshakeStateCanceled is a HandshakeState enum value
22225	HandshakeStateCanceled = "CANCELED"
22226
22227	// HandshakeStateAccepted is a HandshakeState enum value
22228	HandshakeStateAccepted = "ACCEPTED"
22229
22230	// HandshakeStateDeclined is a HandshakeState enum value
22231	HandshakeStateDeclined = "DECLINED"
22232
22233	// HandshakeStateExpired is a HandshakeState enum value
22234	HandshakeStateExpired = "EXPIRED"
22235)
22236
22237const (
22238	// IAMUserAccessToBillingAllow is a IAMUserAccessToBilling enum value
22239	IAMUserAccessToBillingAllow = "ALLOW"
22240
22241	// IAMUserAccessToBillingDeny is a IAMUserAccessToBilling enum value
22242	IAMUserAccessToBillingDeny = "DENY"
22243)
22244
22245const (
22246	// InvalidInputExceptionReasonInvalidPartyTypeTarget is a InvalidInputExceptionReason enum value
22247	InvalidInputExceptionReasonInvalidPartyTypeTarget = "INVALID_PARTY_TYPE_TARGET"
22248
22249	// InvalidInputExceptionReasonInvalidSyntaxOrganizationArn is a InvalidInputExceptionReason enum value
22250	InvalidInputExceptionReasonInvalidSyntaxOrganizationArn = "INVALID_SYNTAX_ORGANIZATION_ARN"
22251
22252	// InvalidInputExceptionReasonInvalidSyntaxPolicyId is a InvalidInputExceptionReason enum value
22253	InvalidInputExceptionReasonInvalidSyntaxPolicyId = "INVALID_SYNTAX_POLICY_ID"
22254
22255	// InvalidInputExceptionReasonInvalidEnum is a InvalidInputExceptionReason enum value
22256	InvalidInputExceptionReasonInvalidEnum = "INVALID_ENUM"
22257
22258	// InvalidInputExceptionReasonInvalidEnumPolicyType is a InvalidInputExceptionReason enum value
22259	InvalidInputExceptionReasonInvalidEnumPolicyType = "INVALID_ENUM_POLICY_TYPE"
22260
22261	// InvalidInputExceptionReasonInvalidListMember is a InvalidInputExceptionReason enum value
22262	InvalidInputExceptionReasonInvalidListMember = "INVALID_LIST_MEMBER"
22263
22264	// InvalidInputExceptionReasonMaxLengthExceeded is a InvalidInputExceptionReason enum value
22265	InvalidInputExceptionReasonMaxLengthExceeded = "MAX_LENGTH_EXCEEDED"
22266
22267	// InvalidInputExceptionReasonMaxValueExceeded is a InvalidInputExceptionReason enum value
22268	InvalidInputExceptionReasonMaxValueExceeded = "MAX_VALUE_EXCEEDED"
22269
22270	// InvalidInputExceptionReasonMinLengthExceeded is a InvalidInputExceptionReason enum value
22271	InvalidInputExceptionReasonMinLengthExceeded = "MIN_LENGTH_EXCEEDED"
22272
22273	// InvalidInputExceptionReasonMinValueExceeded is a InvalidInputExceptionReason enum value
22274	InvalidInputExceptionReasonMinValueExceeded = "MIN_VALUE_EXCEEDED"
22275
22276	// InvalidInputExceptionReasonImmutablePolicy is a InvalidInputExceptionReason enum value
22277	InvalidInputExceptionReasonImmutablePolicy = "IMMUTABLE_POLICY"
22278
22279	// InvalidInputExceptionReasonInvalidPattern is a InvalidInputExceptionReason enum value
22280	InvalidInputExceptionReasonInvalidPattern = "INVALID_PATTERN"
22281
22282	// InvalidInputExceptionReasonInvalidPatternTargetId is a InvalidInputExceptionReason enum value
22283	InvalidInputExceptionReasonInvalidPatternTargetId = "INVALID_PATTERN_TARGET_ID"
22284
22285	// InvalidInputExceptionReasonInputRequired is a InvalidInputExceptionReason enum value
22286	InvalidInputExceptionReasonInputRequired = "INPUT_REQUIRED"
22287
22288	// InvalidInputExceptionReasonInvalidNextToken is a InvalidInputExceptionReason enum value
22289	InvalidInputExceptionReasonInvalidNextToken = "INVALID_NEXT_TOKEN"
22290
22291	// InvalidInputExceptionReasonMaxLimitExceededFilter is a InvalidInputExceptionReason enum value
22292	InvalidInputExceptionReasonMaxLimitExceededFilter = "MAX_LIMIT_EXCEEDED_FILTER"
22293
22294	// InvalidInputExceptionReasonMovingAccountBetweenDifferentRoots is a InvalidInputExceptionReason enum value
22295	InvalidInputExceptionReasonMovingAccountBetweenDifferentRoots = "MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS"
22296
22297	// InvalidInputExceptionReasonInvalidFullNameTarget is a InvalidInputExceptionReason enum value
22298	InvalidInputExceptionReasonInvalidFullNameTarget = "INVALID_FULL_NAME_TARGET"
22299
22300	// InvalidInputExceptionReasonUnrecognizedServicePrincipal is a InvalidInputExceptionReason enum value
22301	InvalidInputExceptionReasonUnrecognizedServicePrincipal = "UNRECOGNIZED_SERVICE_PRINCIPAL"
22302
22303	// InvalidInputExceptionReasonInvalidRoleName is a InvalidInputExceptionReason enum value
22304	InvalidInputExceptionReasonInvalidRoleName = "INVALID_ROLE_NAME"
22305
22306	// InvalidInputExceptionReasonInvalidSystemTagsParameter is a InvalidInputExceptionReason enum value
22307	InvalidInputExceptionReasonInvalidSystemTagsParameter = "INVALID_SYSTEM_TAGS_PARAMETER"
22308
22309	// InvalidInputExceptionReasonTargetNotSupported is a InvalidInputExceptionReason enum value
22310	InvalidInputExceptionReasonTargetNotSupported = "TARGET_NOT_SUPPORTED"
22311)
22312
22313const (
22314	// OrganizationFeatureSetAll is a OrganizationFeatureSet enum value
22315	OrganizationFeatureSetAll = "ALL"
22316
22317	// OrganizationFeatureSetConsolidatedBilling is a OrganizationFeatureSet enum value
22318	OrganizationFeatureSetConsolidatedBilling = "CONSOLIDATED_BILLING"
22319)
22320
22321const (
22322	// ParentTypeRoot is a ParentType enum value
22323	ParentTypeRoot = "ROOT"
22324
22325	// ParentTypeOrganizationalUnit is a ParentType enum value
22326	ParentTypeOrganizationalUnit = "ORGANIZATIONAL_UNIT"
22327)
22328
22329const (
22330	// PolicyTypeServiceControlPolicy is a PolicyType enum value
22331	PolicyTypeServiceControlPolicy = "SERVICE_CONTROL_POLICY"
22332
22333	// PolicyTypeTagPolicy is a PolicyType enum value
22334	PolicyTypeTagPolicy = "TAG_POLICY"
22335
22336	// PolicyTypeBackupPolicy is a PolicyType enum value
22337	PolicyTypeBackupPolicy = "BACKUP_POLICY"
22338
22339	// PolicyTypeAiservicesOptOutPolicy is a PolicyType enum value
22340	PolicyTypeAiservicesOptOutPolicy = "AISERVICES_OPT_OUT_POLICY"
22341)
22342
22343const (
22344	// PolicyTypeStatusEnabled is a PolicyTypeStatus enum value
22345	PolicyTypeStatusEnabled = "ENABLED"
22346
22347	// PolicyTypeStatusPendingEnable is a PolicyTypeStatus enum value
22348	PolicyTypeStatusPendingEnable = "PENDING_ENABLE"
22349
22350	// PolicyTypeStatusPendingDisable is a PolicyTypeStatus enum value
22351	PolicyTypeStatusPendingDisable = "PENDING_DISABLE"
22352)
22353
22354const (
22355	// TargetTypeAccount is a TargetType enum value
22356	TargetTypeAccount = "ACCOUNT"
22357
22358	// TargetTypeOrganizationalUnit is a TargetType enum value
22359	TargetTypeOrganizationalUnit = "ORGANIZATIONAL_UNIT"
22360
22361	// TargetTypeRoot is a TargetType enum value
22362	TargetTypeRoot = "ROOT"
22363)
22364