1// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. 2 3package organizations 4 5import ( 6 "fmt" 7 "time" 8 9 "github.com/aws/aws-sdk-go/aws" 10 "github.com/aws/aws-sdk-go/aws/awsutil" 11 "github.com/aws/aws-sdk-go/aws/request" 12 "github.com/aws/aws-sdk-go/private/protocol" 13 "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" 14) 15 16const opAcceptHandshake = "AcceptHandshake" 17 18// AcceptHandshakeRequest generates a "aws/request.Request" representing the 19// client's request for the AcceptHandshake operation. The "output" return 20// value will be populated with the request's response once the request completes 21// successfully. 22// 23// Use "Send" method on the returned Request to send the API call to the service. 24// the "output" return value is not valid until after Send returns without error. 25// 26// See AcceptHandshake for more information on using the AcceptHandshake 27// API call, and error handling. 28// 29// This method is useful when you want to inject custom logic or configuration 30// into the SDK's request lifecycle. Such as custom headers, or retry logic. 31// 32// 33// // Example sending a request using the AcceptHandshakeRequest method. 34// req, resp := client.AcceptHandshakeRequest(params) 35// 36// err := req.Send() 37// if err == nil { // resp is now filled 38// fmt.Println(resp) 39// } 40// 41// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AcceptHandshake 42func (c *Organizations) AcceptHandshakeRequest(input *AcceptHandshakeInput) (req *request.Request, output *AcceptHandshakeOutput) { 43 op := &request.Operation{ 44 Name: opAcceptHandshake, 45 HTTPMethod: "POST", 46 HTTPPath: "/", 47 } 48 49 if input == nil { 50 input = &AcceptHandshakeInput{} 51 } 52 53 output = &AcceptHandshakeOutput{} 54 req = c.newRequest(op, input, output) 55 return 56} 57 58// AcceptHandshake API operation for AWS Organizations. 59// 60// Sends a response to the originator of a handshake agreeing to the action 61// proposed by the handshake request. 62// 63// This operation can be called only by the following principals when they also 64// have the relevant IAM permissions: 65// 66// * Invitation to join or Approve all features request handshakes: only 67// a principal from the member account. The user who calls the API for an 68// invitation to join must have the organizations:AcceptHandshake permission. 69// If you enabled all features in the organization, the user must also have 70// the iam:CreateServiceLinkedRole permission so that AWS Organizations can 71// create the required service-linked role named AWSServiceRoleForOrganizations. 72// For more information, see AWS Organizations and Service-Linked Roles (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integration_services.html#orgs_integration_service-linked-roles) 73// in the AWS Organizations User Guide. 74// 75// * Enable all features final confirmation handshake: only a principal from 76// the master account. For more information about invitations, see Inviting 77// an AWS Account to Join Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_invites.html) 78// in the AWS Organizations User Guide. For more information about requests 79// to enable all features in the organization, see Enabling All Features 80// in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) 81// in the AWS Organizations User Guide. 82// 83// After you accept a handshake, it continues to appear in the results of relevant 84// APIs for only 30 days. After that, it's deleted. 85// 86// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 87// with awserr.Error's Code and Message methods to get detailed information about 88// the error. 89// 90// See the AWS API reference guide for AWS Organizations's 91// API operation AcceptHandshake for usage and error information. 92// 93// Returned Error Types: 94// * AccessDeniedException 95// You don't have permissions to perform the requested operation. The user or 96// role that is making the request must have at least one IAM permissions policy 97// attached that grants the required permissions. For more information, see 98// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 99// in the IAM User Guide. 100// 101// * AWSOrganizationsNotInUseException 102// Your account isn't a member of an organization. To make this request, you 103// must use the credentials of an account that belongs to an organization. 104// 105// * HandshakeConstraintViolationException 106// The requested operation would violate the constraint identified in the reason 107// code. 108// 109// Some of the reasons in the following list might not be applicable to this 110// specific API or operation: 111// 112// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 113// the number of accounts in an organization. Note that deleted and closed 114// accounts still count toward your limit. If you get this exception immediately 115// after creating the organization, wait one hour and try again. If after 116// an hour it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/). 117// 118// * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because 119// the invited account is already a member of an organization. 120// 121// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 122// handshakes that you can send in one day. 123// 124// * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations 125// to join an organization while it's in the process of enabling all features. 126// You can resume inviting accounts after you finalize the process when all 127// accounts have agreed to the change. 128// 129// * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid 130// because the organization has already enabled all features. 131// 132// * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because 133// the account is from a different marketplace than the accounts in the organization. 134// For example, accounts with India addresses must be associated with the 135// AISPL marketplace. All accounts in an organization must be from the same 136// marketplace. 137// 138// * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to 139// change the membership of an account too quickly after its previous change. 140// 141// * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an 142// account that doesn't have a payment instrument, such as a credit card, 143// associated with it. 144// 145// * HandshakeNotFoundException 146// We can't find a handshake with the HandshakeId that you specified. 147// 148// * InvalidHandshakeTransitionException 149// You can't perform the operation on the handshake in its current state. For 150// example, you can't cancel a handshake that was already accepted or accept 151// a handshake that was already declined. 152// 153// * HandshakeAlreadyInStateException 154// The specified handshake is already in the requested state. For example, you 155// can't accept a handshake that was already accepted. 156// 157// * InvalidInputException 158// The requested operation failed because you provided invalid values for one 159// or more of the request parameters. This exception includes a reason that 160// contains additional information about the violated limit: 161// 162// Some of the reasons in the following list might not be applicable to this 163// specific API or operation. 164// 165// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 166// can't be modified. 167// 168// * INPUT_REQUIRED: You must include a value for all required parameters. 169// 170// * INVALID_ENUM: You specified an invalid value. 171// 172// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 173// characters. 174// 175// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 176// at least one invalid value. 177// 178// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 179// from the response to a previous call of the operation. 180// 181// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 182// organization, or email) as a party. 183// 184// * INVALID_PATTERN: You provided a value that doesn't match the required 185// pattern. 186// 187// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 188// match the required pattern. 189// 190// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 191// name can't begin with the reserved prefix AWSServiceRoleFor. 192// 193// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 194// Name (ARN) for the organization. 195// 196// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 197// 198// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 199// tag. You can’t add, edit, or delete system tag keys because they're 200// reserved for AWS use. System tags don’t count against your tags per 201// resource limit. 202// 203// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 204// for the operation. 205// 206// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 207// than allowed. 208// 209// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 210// value than allowed. 211// 212// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 213// than allowed. 214// 215// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 216// value than allowed. 217// 218// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 219// between entities in the same root. 220// 221// * ConcurrentModificationException 222// The target of the operation is currently being modified by a different request. 223// Try again later. 224// 225// * ServiceException 226// AWS Organizations can't complete your request because of an internal service 227// error. Try again later. 228// 229// * TooManyRequestsException 230// You have sent too many requests in too short a period of time. The quota 231// helps protect against denial-of-service attacks. Try again later. 232// 233// For information about quotas that affect AWS Organizations, see Quotas for 234// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 235// the AWS Organizations User Guide. 236// 237// * AccessDeniedForDependencyException 238// The operation that you attempted requires you to have the iam:CreateServiceLinkedRole 239// for organizations.amazonaws.com permission so that AWS Organizations can 240// create the required service-linked role. You don't have that permission. 241// 242// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AcceptHandshake 243func (c *Organizations) AcceptHandshake(input *AcceptHandshakeInput) (*AcceptHandshakeOutput, error) { 244 req, out := c.AcceptHandshakeRequest(input) 245 return out, req.Send() 246} 247 248// AcceptHandshakeWithContext is the same as AcceptHandshake with the addition of 249// the ability to pass a context and additional request options. 250// 251// See AcceptHandshake for details on how to use this API operation. 252// 253// The context must be non-nil and will be used for request cancellation. If 254// the context is nil a panic will occur. In the future the SDK may create 255// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 256// for more information on using Contexts. 257func (c *Organizations) AcceptHandshakeWithContext(ctx aws.Context, input *AcceptHandshakeInput, opts ...request.Option) (*AcceptHandshakeOutput, error) { 258 req, out := c.AcceptHandshakeRequest(input) 259 req.SetContext(ctx) 260 req.ApplyOptions(opts...) 261 return out, req.Send() 262} 263 264const opAttachPolicy = "AttachPolicy" 265 266// AttachPolicyRequest generates a "aws/request.Request" representing the 267// client's request for the AttachPolicy operation. The "output" return 268// value will be populated with the request's response once the request completes 269// successfully. 270// 271// Use "Send" method on the returned Request to send the API call to the service. 272// the "output" return value is not valid until after Send returns without error. 273// 274// See AttachPolicy for more information on using the AttachPolicy 275// API call, and error handling. 276// 277// This method is useful when you want to inject custom logic or configuration 278// into the SDK's request lifecycle. Such as custom headers, or retry logic. 279// 280// 281// // Example sending a request using the AttachPolicyRequest method. 282// req, resp := client.AttachPolicyRequest(params) 283// 284// err := req.Send() 285// if err == nil { // resp is now filled 286// fmt.Println(resp) 287// } 288// 289// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AttachPolicy 290func (c *Organizations) AttachPolicyRequest(input *AttachPolicyInput) (req *request.Request, output *AttachPolicyOutput) { 291 op := &request.Operation{ 292 Name: opAttachPolicy, 293 HTTPMethod: "POST", 294 HTTPPath: "/", 295 } 296 297 if input == nil { 298 input = &AttachPolicyInput{} 299 } 300 301 output = &AttachPolicyOutput{} 302 req = c.newRequest(op, input, output) 303 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 304 return 305} 306 307// AttachPolicy API operation for AWS Organizations. 308// 309// Attaches a policy to a root, an organizational unit (OU), or an individual 310// account. How the policy affects accounts depends on the type of policy. Refer 311// to the AWS Organizations User Guide for information about each policy type: 312// 313// * AISERVICES_OPT_OUT_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html) 314// 315// * BACKUP_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html) 316// 317// * SERVICE_CONTROL_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html) 318// 319// * TAG_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html) 320// 321// This operation can be called only from the organization's master account. 322// 323// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 324// with awserr.Error's Code and Message methods to get detailed information about 325// the error. 326// 327// See the AWS API reference guide for AWS Organizations's 328// API operation AttachPolicy for usage and error information. 329// 330// Returned Error Types: 331// * AccessDeniedException 332// You don't have permissions to perform the requested operation. The user or 333// role that is making the request must have at least one IAM permissions policy 334// attached that grants the required permissions. For more information, see 335// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 336// in the IAM User Guide. 337// 338// * AWSOrganizationsNotInUseException 339// Your account isn't a member of an organization. To make this request, you 340// must use the credentials of an account that belongs to an organization. 341// 342// * ConcurrentModificationException 343// The target of the operation is currently being modified by a different request. 344// Try again later. 345// 346// * ConstraintViolationException 347// Performing this operation violates a minimum or maximum value limit. For 348// example, attempting to remove the last service control policy (SCP) from 349// an OU or root, inviting or creating too many accounts to the organization, 350// or attaching too many policies to an account, OU, or root. This exception 351// includes a reason that contains additional information about the violated 352// limit: 353// 354// Some of the reasons in the following list might not be applicable to this 355// specific API or operation. 356// 357// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master 358// account from the organization. You can't remove the master account. Instead, 359// after you remove all member accounts, delete the organization itself. 360// 361// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 362// from the organization that doesn't yet have enough information to exist 363// as a standalone account. This account requires you to first agree to the 364// AWS Customer Agreement. Follow the steps at Removing a member account 365// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 366// the AWS Organizations User Guide. 367// 368// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 369// an account from the organization that doesn't yet have enough information 370// to exist as a standalone account. This account requires you to first complete 371// phone verification. Follow the steps at Removing a member account from 372// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 373// in the AWS Organizations User Guide. 374// 375// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 376// of accounts that you can create in one day. 377// 378// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 379// the number of accounts in an organization. If you need more accounts, 380// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 381// request an increase in your limit. Or the number of invitations that you 382// tried to send would cause you to exceed the limit of accounts in your 383// organization. Send fewer invitations or contact AWS Support to request 384// an increase in the number of accounts. Deleted and closed accounts still 385// count toward your limit. If you get this exception when running a command 386// immediately after creating the organization, wait one hour and try again. 387// After an hour, if the command continues to fail with this error, contact 388// AWS Support (https://console.aws.amazon.com/support/home#/). 389// 390// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 391// register the master account of the organization as a delegated administrator 392// for an AWS service integrated with Organizations. You can designate only 393// a member account as a delegated administrator. 394// 395// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 396// an account that is registered as a delegated administrator for a service 397// integrated with your organization. To complete this operation, you must 398// first deregister this account as a delegated administrator. 399// 400// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 401// organization in the specified region, you must enable all features mode. 402// 403// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 404// an AWS account as a delegated administrator for an AWS service that already 405// has a delegated administrator. To complete this operation, you must first 406// deregister any existing delegated administrators for this service. 407// 408// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 409// valid for a limited period of time. You must resubmit the request and 410// generate a new verfication code. 411// 412// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 413// handshakes that you can send in one day. 414// 415// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 416// in this organization, you first must migrate the organization's master 417// account to the marketplace that corresponds to the master account's address. 418// For example, accounts with India addresses must be associated with the 419// AISPL marketplace. All accounts in an organization must be associated 420// with the same marketplace. 421// 422// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 423// in China. To create an organization, the master must have an valid business 424// license. For more information, contact customer support. 425// 426// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 427// must first provide a valid contact address and phone number for the master 428// account. Then try the operation again. 429// 430// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 431// master account must have an associated account in the AWS GovCloud (US-West) 432// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 433// in the AWS GovCloud User Guide. 434// 435// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 436// with this master account, you first must associate a valid payment instrument, 437// such as a credit card, with the account. Follow the steps at To leave 438// an organization when all required account information has not yet been 439// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 440// in the AWS Organizations User Guide. 441// 442// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 443// to register more delegated administrators than allowed for the service 444// principal. 445// 446// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 447// number of policies of a certain type that can be attached to an entity 448// at one time. 449// 450// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 451// on this resource. 452// 453// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 454// with this member account, you first must associate a valid payment instrument, 455// such as a credit card, with the account. Follow the steps at To leave 456// an organization when all required account information has not yet been 457// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 458// in the AWS Organizations User Guide. 459// 460// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 461// policy from an entity that would cause the entity to have fewer than the 462// minimum number of policies of a certain type required. 463// 464// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 465// that requires the organization to be configured to support all features. 466// An organization that supports only consolidated billing features can't 467// perform this operation. 468// 469// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 470// too many levels deep. 471// 472// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 473// that you can have in an organization. 474// 475// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 476// is larger than the maximum size. 477// 478// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 479// policies that you can have in an organization. 480// 481// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 482// tags that are not compliant with the tag policy requirements for this 483// account. 484// 485// * DuplicatePolicyAttachmentException 486// The selected policy is already attached to the specified target. 487// 488// * InvalidInputException 489// The requested operation failed because you provided invalid values for one 490// or more of the request parameters. This exception includes a reason that 491// contains additional information about the violated limit: 492// 493// Some of the reasons in the following list might not be applicable to this 494// specific API or operation. 495// 496// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 497// can't be modified. 498// 499// * INPUT_REQUIRED: You must include a value for all required parameters. 500// 501// * INVALID_ENUM: You specified an invalid value. 502// 503// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 504// characters. 505// 506// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 507// at least one invalid value. 508// 509// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 510// from the response to a previous call of the operation. 511// 512// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 513// organization, or email) as a party. 514// 515// * INVALID_PATTERN: You provided a value that doesn't match the required 516// pattern. 517// 518// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 519// match the required pattern. 520// 521// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 522// name can't begin with the reserved prefix AWSServiceRoleFor. 523// 524// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 525// Name (ARN) for the organization. 526// 527// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 528// 529// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 530// tag. You can’t add, edit, or delete system tag keys because they're 531// reserved for AWS use. System tags don’t count against your tags per 532// resource limit. 533// 534// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 535// for the operation. 536// 537// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 538// than allowed. 539// 540// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 541// value than allowed. 542// 543// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 544// than allowed. 545// 546// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 547// value than allowed. 548// 549// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 550// between entities in the same root. 551// 552// * PolicyNotFoundException 553// We can't find a policy with the PolicyId that you specified. 554// 555// * PolicyTypeNotEnabledException 556// The specified policy type isn't currently enabled in this root. You can't 557// attach policies of the specified type to entities in a root until you enable 558// that type in the root. For more information, see Enabling All Features in 559// Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) 560// in the AWS Organizations User Guide. 561// 562// * ServiceException 563// AWS Organizations can't complete your request because of an internal service 564// error. Try again later. 565// 566// * TargetNotFoundException 567// We can't find a root, OU, or account with the TargetId that you specified. 568// 569// * TooManyRequestsException 570// You have sent too many requests in too short a period of time. The quota 571// helps protect against denial-of-service attacks. Try again later. 572// 573// For information about quotas that affect AWS Organizations, see Quotas for 574// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 575// the AWS Organizations User Guide. 576// 577// * UnsupportedAPIEndpointException 578// This action isn't available in the current AWS Region. 579// 580// * PolicyChangesInProgressException 581// Changes to the effective policy are in progress, and its contents can't be 582// returned. Try the operation again later. 583// 584// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AttachPolicy 585func (c *Organizations) AttachPolicy(input *AttachPolicyInput) (*AttachPolicyOutput, error) { 586 req, out := c.AttachPolicyRequest(input) 587 return out, req.Send() 588} 589 590// AttachPolicyWithContext is the same as AttachPolicy with the addition of 591// the ability to pass a context and additional request options. 592// 593// See AttachPolicy for details on how to use this API operation. 594// 595// The context must be non-nil and will be used for request cancellation. If 596// the context is nil a panic will occur. In the future the SDK may create 597// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 598// for more information on using Contexts. 599func (c *Organizations) AttachPolicyWithContext(ctx aws.Context, input *AttachPolicyInput, opts ...request.Option) (*AttachPolicyOutput, error) { 600 req, out := c.AttachPolicyRequest(input) 601 req.SetContext(ctx) 602 req.ApplyOptions(opts...) 603 return out, req.Send() 604} 605 606const opCancelHandshake = "CancelHandshake" 607 608// CancelHandshakeRequest generates a "aws/request.Request" representing the 609// client's request for the CancelHandshake operation. The "output" return 610// value will be populated with the request's response once the request completes 611// successfully. 612// 613// Use "Send" method on the returned Request to send the API call to the service. 614// the "output" return value is not valid until after Send returns without error. 615// 616// See CancelHandshake for more information on using the CancelHandshake 617// API call, and error handling. 618// 619// This method is useful when you want to inject custom logic or configuration 620// into the SDK's request lifecycle. Such as custom headers, or retry logic. 621// 622// 623// // Example sending a request using the CancelHandshakeRequest method. 624// req, resp := client.CancelHandshakeRequest(params) 625// 626// err := req.Send() 627// if err == nil { // resp is now filled 628// fmt.Println(resp) 629// } 630// 631// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CancelHandshake 632func (c *Organizations) CancelHandshakeRequest(input *CancelHandshakeInput) (req *request.Request, output *CancelHandshakeOutput) { 633 op := &request.Operation{ 634 Name: opCancelHandshake, 635 HTTPMethod: "POST", 636 HTTPPath: "/", 637 } 638 639 if input == nil { 640 input = &CancelHandshakeInput{} 641 } 642 643 output = &CancelHandshakeOutput{} 644 req = c.newRequest(op, input, output) 645 return 646} 647 648// CancelHandshake API operation for AWS Organizations. 649// 650// Cancels a handshake. Canceling a handshake sets the handshake state to CANCELED. 651// 652// This operation can be called only from the account that originated the handshake. 653// The recipient of the handshake can't cancel it, but can use DeclineHandshake 654// instead. After a handshake is canceled, the recipient can no longer respond 655// to that handshake. 656// 657// After you cancel a handshake, it continues to appear in the results of relevant 658// APIs for only 30 days. After that, it's deleted. 659// 660// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 661// with awserr.Error's Code and Message methods to get detailed information about 662// the error. 663// 664// See the AWS API reference guide for AWS Organizations's 665// API operation CancelHandshake for usage and error information. 666// 667// Returned Error Types: 668// * AccessDeniedException 669// You don't have permissions to perform the requested operation. The user or 670// role that is making the request must have at least one IAM permissions policy 671// attached that grants the required permissions. For more information, see 672// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 673// in the IAM User Guide. 674// 675// * ConcurrentModificationException 676// The target of the operation is currently being modified by a different request. 677// Try again later. 678// 679// * HandshakeNotFoundException 680// We can't find a handshake with the HandshakeId that you specified. 681// 682// * InvalidHandshakeTransitionException 683// You can't perform the operation on the handshake in its current state. For 684// example, you can't cancel a handshake that was already accepted or accept 685// a handshake that was already declined. 686// 687// * HandshakeAlreadyInStateException 688// The specified handshake is already in the requested state. For example, you 689// can't accept a handshake that was already accepted. 690// 691// * InvalidInputException 692// The requested operation failed because you provided invalid values for one 693// or more of the request parameters. This exception includes a reason that 694// contains additional information about the violated limit: 695// 696// Some of the reasons in the following list might not be applicable to this 697// specific API or operation. 698// 699// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 700// can't be modified. 701// 702// * INPUT_REQUIRED: You must include a value for all required parameters. 703// 704// * INVALID_ENUM: You specified an invalid value. 705// 706// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 707// characters. 708// 709// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 710// at least one invalid value. 711// 712// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 713// from the response to a previous call of the operation. 714// 715// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 716// organization, or email) as a party. 717// 718// * INVALID_PATTERN: You provided a value that doesn't match the required 719// pattern. 720// 721// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 722// match the required pattern. 723// 724// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 725// name can't begin with the reserved prefix AWSServiceRoleFor. 726// 727// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 728// Name (ARN) for the organization. 729// 730// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 731// 732// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 733// tag. You can’t add, edit, or delete system tag keys because they're 734// reserved for AWS use. System tags don’t count against your tags per 735// resource limit. 736// 737// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 738// for the operation. 739// 740// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 741// than allowed. 742// 743// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 744// value than allowed. 745// 746// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 747// than allowed. 748// 749// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 750// value than allowed. 751// 752// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 753// between entities in the same root. 754// 755// * ServiceException 756// AWS Organizations can't complete your request because of an internal service 757// error. Try again later. 758// 759// * TooManyRequestsException 760// You have sent too many requests in too short a period of time. The quota 761// helps protect against denial-of-service attacks. Try again later. 762// 763// For information about quotas that affect AWS Organizations, see Quotas for 764// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 765// the AWS Organizations User Guide. 766// 767// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CancelHandshake 768func (c *Organizations) CancelHandshake(input *CancelHandshakeInput) (*CancelHandshakeOutput, error) { 769 req, out := c.CancelHandshakeRequest(input) 770 return out, req.Send() 771} 772 773// CancelHandshakeWithContext is the same as CancelHandshake with the addition of 774// the ability to pass a context and additional request options. 775// 776// See CancelHandshake for details on how to use this API operation. 777// 778// The context must be non-nil and will be used for request cancellation. If 779// the context is nil a panic will occur. In the future the SDK may create 780// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 781// for more information on using Contexts. 782func (c *Organizations) CancelHandshakeWithContext(ctx aws.Context, input *CancelHandshakeInput, opts ...request.Option) (*CancelHandshakeOutput, error) { 783 req, out := c.CancelHandshakeRequest(input) 784 req.SetContext(ctx) 785 req.ApplyOptions(opts...) 786 return out, req.Send() 787} 788 789const opCreateAccount = "CreateAccount" 790 791// CreateAccountRequest generates a "aws/request.Request" representing the 792// client's request for the CreateAccount operation. The "output" return 793// value will be populated with the request's response once the request completes 794// successfully. 795// 796// Use "Send" method on the returned Request to send the API call to the service. 797// the "output" return value is not valid until after Send returns without error. 798// 799// See CreateAccount for more information on using the CreateAccount 800// API call, and error handling. 801// 802// This method is useful when you want to inject custom logic or configuration 803// into the SDK's request lifecycle. Such as custom headers, or retry logic. 804// 805// 806// // Example sending a request using the CreateAccountRequest method. 807// req, resp := client.CreateAccountRequest(params) 808// 809// err := req.Send() 810// if err == nil { // resp is now filled 811// fmt.Println(resp) 812// } 813// 814// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount 815func (c *Organizations) CreateAccountRequest(input *CreateAccountInput) (req *request.Request, output *CreateAccountOutput) { 816 op := &request.Operation{ 817 Name: opCreateAccount, 818 HTTPMethod: "POST", 819 HTTPPath: "/", 820 } 821 822 if input == nil { 823 input = &CreateAccountInput{} 824 } 825 826 output = &CreateAccountOutput{} 827 req = c.newRequest(op, input, output) 828 return 829} 830 831// CreateAccount API operation for AWS Organizations. 832// 833// Creates an AWS account that is automatically a member of the organization 834// whose credentials made the request. This is an asynchronous request that 835// AWS performs in the background. Because CreateAccount operates asynchronously, 836// it can return a successful completion message even though account initialization 837// might still be in progress. You might need to wait a few minutes before you 838// can successfully access the account. To check the status of the request, 839// do one of the following: 840// 841// * Use the OperationId response element from this operation to provide 842// as a parameter to the DescribeCreateAccountStatus operation. 843// 844// * Check the AWS CloudTrail log for the CreateAccountResult event. For 845// information on using AWS CloudTrail with AWS Organizations, see Monitoring 846// the Activity in Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_monitoring.html) 847// in the AWS Organizations User Guide. 848// 849// The user who calls the API to create an account must have the organizations:CreateAccount 850// permission. If you enabled all features in the organization, AWS Organizations 851// creates the required service-linked role named AWSServiceRoleForOrganizations. 852// For more information, see AWS Organizations and Service-Linked Roles (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs) 853// in the AWS Organizations User Guide. 854// 855// AWS Organizations preconfigures the new member account with a role (named 856// OrganizationAccountAccessRole by default) that grants users in the master 857// account administrator permissions in the new member account. Principals in 858// the master account can assume the role. AWS Organizations clones the company 859// name and address information for the new account from the organization's 860// master account. 861// 862// This operation can be called only from the organization's master account. 863// 864// For more information about creating accounts, see Creating an AWS Account 865// in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html) 866// in the AWS Organizations User Guide. 867// 868// * When you create an account in an organization using the AWS Organizations 869// console, API, or CLI commands, the information required for the account 870// to operate as a standalone account, such as a payment method and signing 871// the end user license agreement (EULA) is not automatically collected. 872// If you must remove an account from your organization later, you can do 873// so only after you provide the missing information. Follow the steps at 874// To leave an organization as a member account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 875// in the AWS Organizations User Guide. 876// 877// * If you get an exception that indicates that you exceeded your account 878// limits for the organization, contact AWS Support (https://console.aws.amazon.com/support/home#/). 879// 880// * If you get an exception that indicates that the operation failed because 881// your organization is still initializing, wait one hour and then try again. 882// If the error persists, contact AWS Support (https://console.aws.amazon.com/support/home#/). 883// 884// * Using CreateAccount to create multiple temporary accounts isn't recommended. 885// You can only close an account from the Billing and Cost Management Console, 886// and you must be signed in as the root user. For information on the requirements 887// and process for closing an account, see Closing an AWS Account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html) 888// in the AWS Organizations User Guide. 889// 890// When you create a member account with this operation, you can choose whether 891// to create the account with the IAM User and Role Access to Billing Information 892// switch enabled. If you enable it, IAM users and roles that have appropriate 893// permissions can view billing information for the account. If you disable 894// it, only the account root user can access billing information. For information 895// about how to disable this switch for an account, see Granting Access to Your 896// Billing Information and Tools (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html). 897// 898// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 899// with awserr.Error's Code and Message methods to get detailed information about 900// the error. 901// 902// See the AWS API reference guide for AWS Organizations's 903// API operation CreateAccount for usage and error information. 904// 905// Returned Error Types: 906// * AccessDeniedException 907// You don't have permissions to perform the requested operation. The user or 908// role that is making the request must have at least one IAM permissions policy 909// attached that grants the required permissions. For more information, see 910// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 911// in the IAM User Guide. 912// 913// * AWSOrganizationsNotInUseException 914// Your account isn't a member of an organization. To make this request, you 915// must use the credentials of an account that belongs to an organization. 916// 917// * ConcurrentModificationException 918// The target of the operation is currently being modified by a different request. 919// Try again later. 920// 921// * ConstraintViolationException 922// Performing this operation violates a minimum or maximum value limit. For 923// example, attempting to remove the last service control policy (SCP) from 924// an OU or root, inviting or creating too many accounts to the organization, 925// or attaching too many policies to an account, OU, or root. This exception 926// includes a reason that contains additional information about the violated 927// limit: 928// 929// Some of the reasons in the following list might not be applicable to this 930// specific API or operation. 931// 932// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master 933// account from the organization. You can't remove the master account. Instead, 934// after you remove all member accounts, delete the organization itself. 935// 936// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 937// from the organization that doesn't yet have enough information to exist 938// as a standalone account. This account requires you to first agree to the 939// AWS Customer Agreement. Follow the steps at Removing a member account 940// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 941// the AWS Organizations User Guide. 942// 943// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 944// an account from the organization that doesn't yet have enough information 945// to exist as a standalone account. This account requires you to first complete 946// phone verification. Follow the steps at Removing a member account from 947// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 948// in the AWS Organizations User Guide. 949// 950// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 951// of accounts that you can create in one day. 952// 953// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 954// the number of accounts in an organization. If you need more accounts, 955// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 956// request an increase in your limit. Or the number of invitations that you 957// tried to send would cause you to exceed the limit of accounts in your 958// organization. Send fewer invitations or contact AWS Support to request 959// an increase in the number of accounts. Deleted and closed accounts still 960// count toward your limit. If you get this exception when running a command 961// immediately after creating the organization, wait one hour and try again. 962// After an hour, if the command continues to fail with this error, contact 963// AWS Support (https://console.aws.amazon.com/support/home#/). 964// 965// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 966// register the master account of the organization as a delegated administrator 967// for an AWS service integrated with Organizations. You can designate only 968// a member account as a delegated administrator. 969// 970// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 971// an account that is registered as a delegated administrator for a service 972// integrated with your organization. To complete this operation, you must 973// first deregister this account as a delegated administrator. 974// 975// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 976// organization in the specified region, you must enable all features mode. 977// 978// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 979// an AWS account as a delegated administrator for an AWS service that already 980// has a delegated administrator. To complete this operation, you must first 981// deregister any existing delegated administrators for this service. 982// 983// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 984// valid for a limited period of time. You must resubmit the request and 985// generate a new verfication code. 986// 987// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 988// handshakes that you can send in one day. 989// 990// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 991// in this organization, you first must migrate the organization's master 992// account to the marketplace that corresponds to the master account's address. 993// For example, accounts with India addresses must be associated with the 994// AISPL marketplace. All accounts in an organization must be associated 995// with the same marketplace. 996// 997// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 998// in China. To create an organization, the master must have an valid business 999// license. For more information, contact customer support. 1000// 1001// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 1002// must first provide a valid contact address and phone number for the master 1003// account. Then try the operation again. 1004// 1005// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 1006// master account must have an associated account in the AWS GovCloud (US-West) 1007// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 1008// in the AWS GovCloud User Guide. 1009// 1010// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 1011// with this master account, you first must associate a valid payment instrument, 1012// such as a credit card, with the account. Follow the steps at To leave 1013// an organization when all required account information has not yet been 1014// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1015// in the AWS Organizations User Guide. 1016// 1017// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 1018// to register more delegated administrators than allowed for the service 1019// principal. 1020// 1021// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 1022// number of policies of a certain type that can be attached to an entity 1023// at one time. 1024// 1025// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 1026// on this resource. 1027// 1028// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 1029// with this member account, you first must associate a valid payment instrument, 1030// such as a credit card, with the account. Follow the steps at To leave 1031// an organization when all required account information has not yet been 1032// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1033// in the AWS Organizations User Guide. 1034// 1035// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 1036// policy from an entity that would cause the entity to have fewer than the 1037// minimum number of policies of a certain type required. 1038// 1039// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 1040// that requires the organization to be configured to support all features. 1041// An organization that supports only consolidated billing features can't 1042// perform this operation. 1043// 1044// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 1045// too many levels deep. 1046// 1047// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 1048// that you can have in an organization. 1049// 1050// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 1051// is larger than the maximum size. 1052// 1053// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 1054// policies that you can have in an organization. 1055// 1056// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 1057// tags that are not compliant with the tag policy requirements for this 1058// account. 1059// 1060// * InvalidInputException 1061// The requested operation failed because you provided invalid values for one 1062// or more of the request parameters. This exception includes a reason that 1063// contains additional information about the violated limit: 1064// 1065// Some of the reasons in the following list might not be applicable to this 1066// specific API or operation. 1067// 1068// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 1069// can't be modified. 1070// 1071// * INPUT_REQUIRED: You must include a value for all required parameters. 1072// 1073// * INVALID_ENUM: You specified an invalid value. 1074// 1075// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 1076// characters. 1077// 1078// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 1079// at least one invalid value. 1080// 1081// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 1082// from the response to a previous call of the operation. 1083// 1084// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 1085// organization, or email) as a party. 1086// 1087// * INVALID_PATTERN: You provided a value that doesn't match the required 1088// pattern. 1089// 1090// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 1091// match the required pattern. 1092// 1093// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 1094// name can't begin with the reserved prefix AWSServiceRoleFor. 1095// 1096// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 1097// Name (ARN) for the organization. 1098// 1099// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 1100// 1101// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 1102// tag. You can’t add, edit, or delete system tag keys because they're 1103// reserved for AWS use. System tags don’t count against your tags per 1104// resource limit. 1105// 1106// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 1107// for the operation. 1108// 1109// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 1110// than allowed. 1111// 1112// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 1113// value than allowed. 1114// 1115// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 1116// than allowed. 1117// 1118// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 1119// value than allowed. 1120// 1121// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 1122// between entities in the same root. 1123// 1124// * FinalizingOrganizationException 1125// AWS Organizations couldn't perform the operation because your organization 1126// hasn't finished initializing. This can take up to an hour. Try again later. 1127// If after one hour you continue to receive this error, contact AWS Support 1128// (https://console.aws.amazon.com/support/home#/). 1129// 1130// * ServiceException 1131// AWS Organizations can't complete your request because of an internal service 1132// error. Try again later. 1133// 1134// * TooManyRequestsException 1135// You have sent too many requests in too short a period of time. The quota 1136// helps protect against denial-of-service attacks. Try again later. 1137// 1138// For information about quotas that affect AWS Organizations, see Quotas for 1139// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 1140// the AWS Organizations User Guide. 1141// 1142// * UnsupportedAPIEndpointException 1143// This action isn't available in the current AWS Region. 1144// 1145// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount 1146func (c *Organizations) CreateAccount(input *CreateAccountInput) (*CreateAccountOutput, error) { 1147 req, out := c.CreateAccountRequest(input) 1148 return out, req.Send() 1149} 1150 1151// CreateAccountWithContext is the same as CreateAccount with the addition of 1152// the ability to pass a context and additional request options. 1153// 1154// See CreateAccount for details on how to use this API operation. 1155// 1156// The context must be non-nil and will be used for request cancellation. If 1157// the context is nil a panic will occur. In the future the SDK may create 1158// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1159// for more information on using Contexts. 1160func (c *Organizations) CreateAccountWithContext(ctx aws.Context, input *CreateAccountInput, opts ...request.Option) (*CreateAccountOutput, error) { 1161 req, out := c.CreateAccountRequest(input) 1162 req.SetContext(ctx) 1163 req.ApplyOptions(opts...) 1164 return out, req.Send() 1165} 1166 1167const opCreateGovCloudAccount = "CreateGovCloudAccount" 1168 1169// CreateGovCloudAccountRequest generates a "aws/request.Request" representing the 1170// client's request for the CreateGovCloudAccount operation. The "output" return 1171// value will be populated with the request's response once the request completes 1172// successfully. 1173// 1174// Use "Send" method on the returned Request to send the API call to the service. 1175// the "output" return value is not valid until after Send returns without error. 1176// 1177// See CreateGovCloudAccount for more information on using the CreateGovCloudAccount 1178// API call, and error handling. 1179// 1180// This method is useful when you want to inject custom logic or configuration 1181// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1182// 1183// 1184// // Example sending a request using the CreateGovCloudAccountRequest method. 1185// req, resp := client.CreateGovCloudAccountRequest(params) 1186// 1187// err := req.Send() 1188// if err == nil { // resp is now filled 1189// fmt.Println(resp) 1190// } 1191// 1192// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccount 1193func (c *Organizations) CreateGovCloudAccountRequest(input *CreateGovCloudAccountInput) (req *request.Request, output *CreateGovCloudAccountOutput) { 1194 op := &request.Operation{ 1195 Name: opCreateGovCloudAccount, 1196 HTTPMethod: "POST", 1197 HTTPPath: "/", 1198 } 1199 1200 if input == nil { 1201 input = &CreateGovCloudAccountInput{} 1202 } 1203 1204 output = &CreateGovCloudAccountOutput{} 1205 req = c.newRequest(op, input, output) 1206 return 1207} 1208 1209// CreateGovCloudAccount API operation for AWS Organizations. 1210// 1211// This action is available if all of the following are true: 1212// 1213// * You're authorized to create accounts in the AWS GovCloud (US) Region. 1214// For more information on the AWS GovCloud (US) Region, see the AWS GovCloud 1215// User Guide. (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/welcome.html) 1216// 1217// * You already have an account in the AWS GovCloud (US) Region that is 1218// associated with your master account in the commercial Region. 1219// 1220// * You call this action from the master account of your organization in 1221// the commercial Region. 1222// 1223// * You have the organizations:CreateGovCloudAccount permission. AWS Organizations 1224// creates the required service-linked role named AWSServiceRoleForOrganizations. 1225// For more information, see AWS Organizations and Service-Linked Roles (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs) 1226// in the AWS Organizations User Guide. 1227// 1228// AWS automatically enables AWS CloudTrail for AWS GovCloud (US) accounts, 1229// but you should also do the following: 1230// 1231// * Verify that AWS CloudTrail is enabled to store logs. 1232// 1233// * Create an S3 bucket for AWS CloudTrail log storage. For more information, 1234// see Verifying AWS CloudTrail Is Enabled (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/verifying-cloudtrail.html) 1235// in the AWS GovCloud User Guide. 1236// 1237// You call this action from the master account of your organization in the 1238// commercial Region to create a standalone AWS account in the AWS GovCloud 1239// (US) Region. After the account is created, the master account of an organization 1240// in the AWS GovCloud (US) Region can invite it to that organization. For more 1241// information on inviting standalone accounts in the AWS GovCloud (US) to join 1242// an organization, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 1243// in the AWS GovCloud User Guide. 1244// 1245// Calling CreateGovCloudAccount is an asynchronous request that AWS performs 1246// in the background. Because CreateGovCloudAccount operates asynchronously, 1247// it can return a successful completion message even though account initialization 1248// might still be in progress. You might need to wait a few minutes before you 1249// can successfully access the account. To check the status of the request, 1250// do one of the following: 1251// 1252// * Use the OperationId response element from this operation to provide 1253// as a parameter to the DescribeCreateAccountStatus operation. 1254// 1255// * Check the AWS CloudTrail log for the CreateAccountResult event. For 1256// information on using AWS CloudTrail with Organizations, see Monitoring 1257// the Activity in Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_monitoring.html) 1258// in the AWS Organizations User Guide. 1259// 1260// When you call the CreateGovCloudAccount action, you create two accounts: 1261// a standalone account in the AWS GovCloud (US) Region and an associated account 1262// in the commercial Region for billing and support purposes. The account in 1263// the commercial Region is automatically a member of the organization whose 1264// credentials made the request. Both accounts are associated with the same 1265// email address. 1266// 1267// A role is created in the new account in the commercial Region that allows 1268// the master account in the organization in the commercial Region to assume 1269// it. An AWS GovCloud (US) account is then created and associated with the 1270// commercial account that you just created. A role is created in the new AWS 1271// GovCloud (US) account that can be assumed by the AWS GovCloud (US) account 1272// that is associated with the master account of the commercial organization. 1273// For more information and to view a diagram that explains how account access 1274// works, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 1275// in the AWS GovCloud User Guide. 1276// 1277// For more information about creating accounts, see Creating an AWS Account 1278// in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html) 1279// in the AWS Organizations User Guide. 1280// 1281// * When you create an account in an organization using the AWS Organizations 1282// console, API, or CLI commands, the information required for the account 1283// to operate as a standalone account is not automatically collected. This 1284// includes a payment method and signing the end user license agreement (EULA). 1285// If you must remove an account from your organization later, you can do 1286// so only after you provide the missing information. Follow the steps at 1287// To leave an organization as a member account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1288// in the AWS Organizations User Guide. 1289// 1290// * If you get an exception that indicates that you exceeded your account 1291// limits for the organization, contact AWS Support (https://console.aws.amazon.com/support/home#/). 1292// 1293// * If you get an exception that indicates that the operation failed because 1294// your organization is still initializing, wait one hour and then try again. 1295// If the error persists, contact AWS Support (https://console.aws.amazon.com/support/home#/). 1296// 1297// * Using CreateGovCloudAccount to create multiple temporary accounts isn't 1298// recommended. You can only close an account from the AWS Billing and Cost 1299// Management console, and you must be signed in as the root user. For information 1300// on the requirements and process for closing an account, see Closing an 1301// AWS Account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html) 1302// in the AWS Organizations User Guide. 1303// 1304// When you create a member account with this operation, you can choose whether 1305// to create the account with the IAM User and Role Access to Billing Information 1306// switch enabled. If you enable it, IAM users and roles that have appropriate 1307// permissions can view billing information for the account. If you disable 1308// it, only the account root user can access billing information. For information 1309// about how to disable this switch for an account, see Granting Access to Your 1310// Billing Information and Tools (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html). 1311// 1312// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1313// with awserr.Error's Code and Message methods to get detailed information about 1314// the error. 1315// 1316// See the AWS API reference guide for AWS Organizations's 1317// API operation CreateGovCloudAccount for usage and error information. 1318// 1319// Returned Error Types: 1320// * AccessDeniedException 1321// You don't have permissions to perform the requested operation. The user or 1322// role that is making the request must have at least one IAM permissions policy 1323// attached that grants the required permissions. For more information, see 1324// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 1325// in the IAM User Guide. 1326// 1327// * AWSOrganizationsNotInUseException 1328// Your account isn't a member of an organization. To make this request, you 1329// must use the credentials of an account that belongs to an organization. 1330// 1331// * ConcurrentModificationException 1332// The target of the operation is currently being modified by a different request. 1333// Try again later. 1334// 1335// * ConstraintViolationException 1336// Performing this operation violates a minimum or maximum value limit. For 1337// example, attempting to remove the last service control policy (SCP) from 1338// an OU or root, inviting or creating too many accounts to the organization, 1339// or attaching too many policies to an account, OU, or root. This exception 1340// includes a reason that contains additional information about the violated 1341// limit: 1342// 1343// Some of the reasons in the following list might not be applicable to this 1344// specific API or operation. 1345// 1346// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master 1347// account from the organization. You can't remove the master account. Instead, 1348// after you remove all member accounts, delete the organization itself. 1349// 1350// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 1351// from the organization that doesn't yet have enough information to exist 1352// as a standalone account. This account requires you to first agree to the 1353// AWS Customer Agreement. Follow the steps at Removing a member account 1354// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 1355// the AWS Organizations User Guide. 1356// 1357// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 1358// an account from the organization that doesn't yet have enough information 1359// to exist as a standalone account. This account requires you to first complete 1360// phone verification. Follow the steps at Removing a member account from 1361// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 1362// in the AWS Organizations User Guide. 1363// 1364// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 1365// of accounts that you can create in one day. 1366// 1367// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 1368// the number of accounts in an organization. If you need more accounts, 1369// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 1370// request an increase in your limit. Or the number of invitations that you 1371// tried to send would cause you to exceed the limit of accounts in your 1372// organization. Send fewer invitations or contact AWS Support to request 1373// an increase in the number of accounts. Deleted and closed accounts still 1374// count toward your limit. If you get this exception when running a command 1375// immediately after creating the organization, wait one hour and try again. 1376// After an hour, if the command continues to fail with this error, contact 1377// AWS Support (https://console.aws.amazon.com/support/home#/). 1378// 1379// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 1380// register the master account of the organization as a delegated administrator 1381// for an AWS service integrated with Organizations. You can designate only 1382// a member account as a delegated administrator. 1383// 1384// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 1385// an account that is registered as a delegated administrator for a service 1386// integrated with your organization. To complete this operation, you must 1387// first deregister this account as a delegated administrator. 1388// 1389// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 1390// organization in the specified region, you must enable all features mode. 1391// 1392// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 1393// an AWS account as a delegated administrator for an AWS service that already 1394// has a delegated administrator. To complete this operation, you must first 1395// deregister any existing delegated administrators for this service. 1396// 1397// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 1398// valid for a limited period of time. You must resubmit the request and 1399// generate a new verfication code. 1400// 1401// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 1402// handshakes that you can send in one day. 1403// 1404// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 1405// in this organization, you first must migrate the organization's master 1406// account to the marketplace that corresponds to the master account's address. 1407// For example, accounts with India addresses must be associated with the 1408// AISPL marketplace. All accounts in an organization must be associated 1409// with the same marketplace. 1410// 1411// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 1412// in China. To create an organization, the master must have an valid business 1413// license. For more information, contact customer support. 1414// 1415// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 1416// must first provide a valid contact address and phone number for the master 1417// account. Then try the operation again. 1418// 1419// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 1420// master account must have an associated account in the AWS GovCloud (US-West) 1421// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 1422// in the AWS GovCloud User Guide. 1423// 1424// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 1425// with this master account, you first must associate a valid payment instrument, 1426// such as a credit card, with the account. Follow the steps at To leave 1427// an organization when all required account information has not yet been 1428// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1429// in the AWS Organizations User Guide. 1430// 1431// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 1432// to register more delegated administrators than allowed for the service 1433// principal. 1434// 1435// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 1436// number of policies of a certain type that can be attached to an entity 1437// at one time. 1438// 1439// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 1440// on this resource. 1441// 1442// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 1443// with this member account, you first must associate a valid payment instrument, 1444// such as a credit card, with the account. Follow the steps at To leave 1445// an organization when all required account information has not yet been 1446// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1447// in the AWS Organizations User Guide. 1448// 1449// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 1450// policy from an entity that would cause the entity to have fewer than the 1451// minimum number of policies of a certain type required. 1452// 1453// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 1454// that requires the organization to be configured to support all features. 1455// An organization that supports only consolidated billing features can't 1456// perform this operation. 1457// 1458// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 1459// too many levels deep. 1460// 1461// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 1462// that you can have in an organization. 1463// 1464// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 1465// is larger than the maximum size. 1466// 1467// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 1468// policies that you can have in an organization. 1469// 1470// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 1471// tags that are not compliant with the tag policy requirements for this 1472// account. 1473// 1474// * InvalidInputException 1475// The requested operation failed because you provided invalid values for one 1476// or more of the request parameters. This exception includes a reason that 1477// contains additional information about the violated limit: 1478// 1479// Some of the reasons in the following list might not be applicable to this 1480// specific API or operation. 1481// 1482// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 1483// can't be modified. 1484// 1485// * INPUT_REQUIRED: You must include a value for all required parameters. 1486// 1487// * INVALID_ENUM: You specified an invalid value. 1488// 1489// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 1490// characters. 1491// 1492// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 1493// at least one invalid value. 1494// 1495// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 1496// from the response to a previous call of the operation. 1497// 1498// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 1499// organization, or email) as a party. 1500// 1501// * INVALID_PATTERN: You provided a value that doesn't match the required 1502// pattern. 1503// 1504// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 1505// match the required pattern. 1506// 1507// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 1508// name can't begin with the reserved prefix AWSServiceRoleFor. 1509// 1510// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 1511// Name (ARN) for the organization. 1512// 1513// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 1514// 1515// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 1516// tag. You can’t add, edit, or delete system tag keys because they're 1517// reserved for AWS use. System tags don’t count against your tags per 1518// resource limit. 1519// 1520// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 1521// for the operation. 1522// 1523// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 1524// than allowed. 1525// 1526// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 1527// value than allowed. 1528// 1529// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 1530// than allowed. 1531// 1532// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 1533// value than allowed. 1534// 1535// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 1536// between entities in the same root. 1537// 1538// * FinalizingOrganizationException 1539// AWS Organizations couldn't perform the operation because your organization 1540// hasn't finished initializing. This can take up to an hour. Try again later. 1541// If after one hour you continue to receive this error, contact AWS Support 1542// (https://console.aws.amazon.com/support/home#/). 1543// 1544// * ServiceException 1545// AWS Organizations can't complete your request because of an internal service 1546// error. Try again later. 1547// 1548// * TooManyRequestsException 1549// You have sent too many requests in too short a period of time. The quota 1550// helps protect against denial-of-service attacks. Try again later. 1551// 1552// For information about quotas that affect AWS Organizations, see Quotas for 1553// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 1554// the AWS Organizations User Guide. 1555// 1556// * UnsupportedAPIEndpointException 1557// This action isn't available in the current AWS Region. 1558// 1559// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccount 1560func (c *Organizations) CreateGovCloudAccount(input *CreateGovCloudAccountInput) (*CreateGovCloudAccountOutput, error) { 1561 req, out := c.CreateGovCloudAccountRequest(input) 1562 return out, req.Send() 1563} 1564 1565// CreateGovCloudAccountWithContext is the same as CreateGovCloudAccount with the addition of 1566// the ability to pass a context and additional request options. 1567// 1568// See CreateGovCloudAccount for details on how to use this API operation. 1569// 1570// The context must be non-nil and will be used for request cancellation. If 1571// the context is nil a panic will occur. In the future the SDK may create 1572// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1573// for more information on using Contexts. 1574func (c *Organizations) CreateGovCloudAccountWithContext(ctx aws.Context, input *CreateGovCloudAccountInput, opts ...request.Option) (*CreateGovCloudAccountOutput, error) { 1575 req, out := c.CreateGovCloudAccountRequest(input) 1576 req.SetContext(ctx) 1577 req.ApplyOptions(opts...) 1578 return out, req.Send() 1579} 1580 1581const opCreateOrganization = "CreateOrganization" 1582 1583// CreateOrganizationRequest generates a "aws/request.Request" representing the 1584// client's request for the CreateOrganization operation. The "output" return 1585// value will be populated with the request's response once the request completes 1586// successfully. 1587// 1588// Use "Send" method on the returned Request to send the API call to the service. 1589// the "output" return value is not valid until after Send returns without error. 1590// 1591// See CreateOrganization for more information on using the CreateOrganization 1592// API call, and error handling. 1593// 1594// This method is useful when you want to inject custom logic or configuration 1595// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1596// 1597// 1598// // Example sending a request using the CreateOrganizationRequest method. 1599// req, resp := client.CreateOrganizationRequest(params) 1600// 1601// err := req.Send() 1602// if err == nil { // resp is now filled 1603// fmt.Println(resp) 1604// } 1605// 1606// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganization 1607func (c *Organizations) CreateOrganizationRequest(input *CreateOrganizationInput) (req *request.Request, output *CreateOrganizationOutput) { 1608 op := &request.Operation{ 1609 Name: opCreateOrganization, 1610 HTTPMethod: "POST", 1611 HTTPPath: "/", 1612 } 1613 1614 if input == nil { 1615 input = &CreateOrganizationInput{} 1616 } 1617 1618 output = &CreateOrganizationOutput{} 1619 req = c.newRequest(op, input, output) 1620 return 1621} 1622 1623// CreateOrganization API operation for AWS Organizations. 1624// 1625// Creates an AWS organization. The account whose user is calling the CreateOrganization 1626// operation automatically becomes the master account (https://docs.aws.amazon.com/IAM/latest/UserGuide/orgs_getting-started_concepts.html#account) 1627// of the new organization. 1628// 1629// This operation must be called using credentials from the account that is 1630// to become the new organization's master account. The principal must also 1631// have the relevant IAM permissions. 1632// 1633// By default (or if you set the FeatureSet parameter to ALL), the new organization 1634// is created with all features enabled and service control policies automatically 1635// enabled in the root. If you instead choose to create the organization supporting 1636// only the consolidated billing features by setting the FeatureSet parameter 1637// to CONSOLIDATED_BILLING", no policy types are enabled by default, and you 1638// can't use organization policies 1639// 1640// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1641// with awserr.Error's Code and Message methods to get detailed information about 1642// the error. 1643// 1644// See the AWS API reference guide for AWS Organizations's 1645// API operation CreateOrganization for usage and error information. 1646// 1647// Returned Error Types: 1648// * AccessDeniedException 1649// You don't have permissions to perform the requested operation. The user or 1650// role that is making the request must have at least one IAM permissions policy 1651// attached that grants the required permissions. For more information, see 1652// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 1653// in the IAM User Guide. 1654// 1655// * AlreadyInOrganizationException 1656// This account is already a member of an organization. An account can belong 1657// to only one organization at a time. 1658// 1659// * ConcurrentModificationException 1660// The target of the operation is currently being modified by a different request. 1661// Try again later. 1662// 1663// * ConstraintViolationException 1664// Performing this operation violates a minimum or maximum value limit. For 1665// example, attempting to remove the last service control policy (SCP) from 1666// an OU or root, inviting or creating too many accounts to the organization, 1667// or attaching too many policies to an account, OU, or root. This exception 1668// includes a reason that contains additional information about the violated 1669// limit: 1670// 1671// Some of the reasons in the following list might not be applicable to this 1672// specific API or operation. 1673// 1674// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master 1675// account from the organization. You can't remove the master account. Instead, 1676// after you remove all member accounts, delete the organization itself. 1677// 1678// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 1679// from the organization that doesn't yet have enough information to exist 1680// as a standalone account. This account requires you to first agree to the 1681// AWS Customer Agreement. Follow the steps at Removing a member account 1682// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 1683// the AWS Organizations User Guide. 1684// 1685// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 1686// an account from the organization that doesn't yet have enough information 1687// to exist as a standalone account. This account requires you to first complete 1688// phone verification. Follow the steps at Removing a member account from 1689// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 1690// in the AWS Organizations User Guide. 1691// 1692// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 1693// of accounts that you can create in one day. 1694// 1695// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 1696// the number of accounts in an organization. If you need more accounts, 1697// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 1698// request an increase in your limit. Or the number of invitations that you 1699// tried to send would cause you to exceed the limit of accounts in your 1700// organization. Send fewer invitations or contact AWS Support to request 1701// an increase in the number of accounts. Deleted and closed accounts still 1702// count toward your limit. If you get this exception when running a command 1703// immediately after creating the organization, wait one hour and try again. 1704// After an hour, if the command continues to fail with this error, contact 1705// AWS Support (https://console.aws.amazon.com/support/home#/). 1706// 1707// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 1708// register the master account of the organization as a delegated administrator 1709// for an AWS service integrated with Organizations. You can designate only 1710// a member account as a delegated administrator. 1711// 1712// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 1713// an account that is registered as a delegated administrator for a service 1714// integrated with your organization. To complete this operation, you must 1715// first deregister this account as a delegated administrator. 1716// 1717// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 1718// organization in the specified region, you must enable all features mode. 1719// 1720// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 1721// an AWS account as a delegated administrator for an AWS service that already 1722// has a delegated administrator. To complete this operation, you must first 1723// deregister any existing delegated administrators for this service. 1724// 1725// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 1726// valid for a limited period of time. You must resubmit the request and 1727// generate a new verfication code. 1728// 1729// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 1730// handshakes that you can send in one day. 1731// 1732// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 1733// in this organization, you first must migrate the organization's master 1734// account to the marketplace that corresponds to the master account's address. 1735// For example, accounts with India addresses must be associated with the 1736// AISPL marketplace. All accounts in an organization must be associated 1737// with the same marketplace. 1738// 1739// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 1740// in China. To create an organization, the master must have an valid business 1741// license. For more information, contact customer support. 1742// 1743// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 1744// must first provide a valid contact address and phone number for the master 1745// account. Then try the operation again. 1746// 1747// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 1748// master account must have an associated account in the AWS GovCloud (US-West) 1749// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 1750// in the AWS GovCloud User Guide. 1751// 1752// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 1753// with this master account, you first must associate a valid payment instrument, 1754// such as a credit card, with the account. Follow the steps at To leave 1755// an organization when all required account information has not yet been 1756// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1757// in the AWS Organizations User Guide. 1758// 1759// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 1760// to register more delegated administrators than allowed for the service 1761// principal. 1762// 1763// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 1764// number of policies of a certain type that can be attached to an entity 1765// at one time. 1766// 1767// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 1768// on this resource. 1769// 1770// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 1771// with this member account, you first must associate a valid payment instrument, 1772// such as a credit card, with the account. Follow the steps at To leave 1773// an organization when all required account information has not yet been 1774// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1775// in the AWS Organizations User Guide. 1776// 1777// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 1778// policy from an entity that would cause the entity to have fewer than the 1779// minimum number of policies of a certain type required. 1780// 1781// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 1782// that requires the organization to be configured to support all features. 1783// An organization that supports only consolidated billing features can't 1784// perform this operation. 1785// 1786// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 1787// too many levels deep. 1788// 1789// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 1790// that you can have in an organization. 1791// 1792// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 1793// is larger than the maximum size. 1794// 1795// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 1796// policies that you can have in an organization. 1797// 1798// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 1799// tags that are not compliant with the tag policy requirements for this 1800// account. 1801// 1802// * InvalidInputException 1803// The requested operation failed because you provided invalid values for one 1804// or more of the request parameters. This exception includes a reason that 1805// contains additional information about the violated limit: 1806// 1807// Some of the reasons in the following list might not be applicable to this 1808// specific API or operation. 1809// 1810// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 1811// can't be modified. 1812// 1813// * INPUT_REQUIRED: You must include a value for all required parameters. 1814// 1815// * INVALID_ENUM: You specified an invalid value. 1816// 1817// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 1818// characters. 1819// 1820// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 1821// at least one invalid value. 1822// 1823// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 1824// from the response to a previous call of the operation. 1825// 1826// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 1827// organization, or email) as a party. 1828// 1829// * INVALID_PATTERN: You provided a value that doesn't match the required 1830// pattern. 1831// 1832// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 1833// match the required pattern. 1834// 1835// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 1836// name can't begin with the reserved prefix AWSServiceRoleFor. 1837// 1838// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 1839// Name (ARN) for the organization. 1840// 1841// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 1842// 1843// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 1844// tag. You can’t add, edit, or delete system tag keys because they're 1845// reserved for AWS use. System tags don’t count against your tags per 1846// resource limit. 1847// 1848// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 1849// for the operation. 1850// 1851// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 1852// than allowed. 1853// 1854// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 1855// value than allowed. 1856// 1857// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 1858// than allowed. 1859// 1860// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 1861// value than allowed. 1862// 1863// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 1864// between entities in the same root. 1865// 1866// * ServiceException 1867// AWS Organizations can't complete your request because of an internal service 1868// error. Try again later. 1869// 1870// * TooManyRequestsException 1871// You have sent too many requests in too short a period of time. The quota 1872// helps protect against denial-of-service attacks. Try again later. 1873// 1874// For information about quotas that affect AWS Organizations, see Quotas for 1875// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 1876// the AWS Organizations User Guide. 1877// 1878// * AccessDeniedForDependencyException 1879// The operation that you attempted requires you to have the iam:CreateServiceLinkedRole 1880// for organizations.amazonaws.com permission so that AWS Organizations can 1881// create the required service-linked role. You don't have that permission. 1882// 1883// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganization 1884func (c *Organizations) CreateOrganization(input *CreateOrganizationInput) (*CreateOrganizationOutput, error) { 1885 req, out := c.CreateOrganizationRequest(input) 1886 return out, req.Send() 1887} 1888 1889// CreateOrganizationWithContext is the same as CreateOrganization with the addition of 1890// the ability to pass a context and additional request options. 1891// 1892// See CreateOrganization for details on how to use this API operation. 1893// 1894// The context must be non-nil and will be used for request cancellation. If 1895// the context is nil a panic will occur. In the future the SDK may create 1896// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1897// for more information on using Contexts. 1898func (c *Organizations) CreateOrganizationWithContext(ctx aws.Context, input *CreateOrganizationInput, opts ...request.Option) (*CreateOrganizationOutput, error) { 1899 req, out := c.CreateOrganizationRequest(input) 1900 req.SetContext(ctx) 1901 req.ApplyOptions(opts...) 1902 return out, req.Send() 1903} 1904 1905const opCreateOrganizationalUnit = "CreateOrganizationalUnit" 1906 1907// CreateOrganizationalUnitRequest generates a "aws/request.Request" representing the 1908// client's request for the CreateOrganizationalUnit operation. The "output" return 1909// value will be populated with the request's response once the request completes 1910// successfully. 1911// 1912// Use "Send" method on the returned Request to send the API call to the service. 1913// the "output" return value is not valid until after Send returns without error. 1914// 1915// See CreateOrganizationalUnit for more information on using the CreateOrganizationalUnit 1916// API call, and error handling. 1917// 1918// This method is useful when you want to inject custom logic or configuration 1919// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1920// 1921// 1922// // Example sending a request using the CreateOrganizationalUnitRequest method. 1923// req, resp := client.CreateOrganizationalUnitRequest(params) 1924// 1925// err := req.Send() 1926// if err == nil { // resp is now filled 1927// fmt.Println(resp) 1928// } 1929// 1930// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationalUnit 1931func (c *Organizations) CreateOrganizationalUnitRequest(input *CreateOrganizationalUnitInput) (req *request.Request, output *CreateOrganizationalUnitOutput) { 1932 op := &request.Operation{ 1933 Name: opCreateOrganizationalUnit, 1934 HTTPMethod: "POST", 1935 HTTPPath: "/", 1936 } 1937 1938 if input == nil { 1939 input = &CreateOrganizationalUnitInput{} 1940 } 1941 1942 output = &CreateOrganizationalUnitOutput{} 1943 req = c.newRequest(op, input, output) 1944 return 1945} 1946 1947// CreateOrganizationalUnit API operation for AWS Organizations. 1948// 1949// Creates an organizational unit (OU) within a root or parent OU. An OU is 1950// a container for accounts that enables you to organize your accounts to apply 1951// policies according to your business requirements. The number of levels deep 1952// that you can nest OUs is dependent upon the policy types enabled for that 1953// root. For service control policies, the limit is five. 1954// 1955// For more information about OUs, see Managing Organizational Units (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_ous.html) 1956// in the AWS Organizations User Guide. 1957// 1958// This operation can be called only from the organization's master account. 1959// 1960// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1961// with awserr.Error's Code and Message methods to get detailed information about 1962// the error. 1963// 1964// See the AWS API reference guide for AWS Organizations's 1965// API operation CreateOrganizationalUnit for usage and error information. 1966// 1967// Returned Error Types: 1968// * AccessDeniedException 1969// You don't have permissions to perform the requested operation. The user or 1970// role that is making the request must have at least one IAM permissions policy 1971// attached that grants the required permissions. For more information, see 1972// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 1973// in the IAM User Guide. 1974// 1975// * AWSOrganizationsNotInUseException 1976// Your account isn't a member of an organization. To make this request, you 1977// must use the credentials of an account that belongs to an organization. 1978// 1979// * ConcurrentModificationException 1980// The target of the operation is currently being modified by a different request. 1981// Try again later. 1982// 1983// * ConstraintViolationException 1984// Performing this operation violates a minimum or maximum value limit. For 1985// example, attempting to remove the last service control policy (SCP) from 1986// an OU or root, inviting or creating too many accounts to the organization, 1987// or attaching too many policies to an account, OU, or root. This exception 1988// includes a reason that contains additional information about the violated 1989// limit: 1990// 1991// Some of the reasons in the following list might not be applicable to this 1992// specific API or operation. 1993// 1994// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master 1995// account from the organization. You can't remove the master account. Instead, 1996// after you remove all member accounts, delete the organization itself. 1997// 1998// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 1999// from the organization that doesn't yet have enough information to exist 2000// as a standalone account. This account requires you to first agree to the 2001// AWS Customer Agreement. Follow the steps at Removing a member account 2002// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 2003// the AWS Organizations User Guide. 2004// 2005// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 2006// an account from the organization that doesn't yet have enough information 2007// to exist as a standalone account. This account requires you to first complete 2008// phone verification. Follow the steps at Removing a member account from 2009// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 2010// in the AWS Organizations User Guide. 2011// 2012// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 2013// of accounts that you can create in one day. 2014// 2015// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 2016// the number of accounts in an organization. If you need more accounts, 2017// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 2018// request an increase in your limit. Or the number of invitations that you 2019// tried to send would cause you to exceed the limit of accounts in your 2020// organization. Send fewer invitations or contact AWS Support to request 2021// an increase in the number of accounts. Deleted and closed accounts still 2022// count toward your limit. If you get this exception when running a command 2023// immediately after creating the organization, wait one hour and try again. 2024// After an hour, if the command continues to fail with this error, contact 2025// AWS Support (https://console.aws.amazon.com/support/home#/). 2026// 2027// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 2028// register the master account of the organization as a delegated administrator 2029// for an AWS service integrated with Organizations. You can designate only 2030// a member account as a delegated administrator. 2031// 2032// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 2033// an account that is registered as a delegated administrator for a service 2034// integrated with your organization. To complete this operation, you must 2035// first deregister this account as a delegated administrator. 2036// 2037// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 2038// organization in the specified region, you must enable all features mode. 2039// 2040// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 2041// an AWS account as a delegated administrator for an AWS service that already 2042// has a delegated administrator. To complete this operation, you must first 2043// deregister any existing delegated administrators for this service. 2044// 2045// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 2046// valid for a limited period of time. You must resubmit the request and 2047// generate a new verfication code. 2048// 2049// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 2050// handshakes that you can send in one day. 2051// 2052// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 2053// in this organization, you first must migrate the organization's master 2054// account to the marketplace that corresponds to the master account's address. 2055// For example, accounts with India addresses must be associated with the 2056// AISPL marketplace. All accounts in an organization must be associated 2057// with the same marketplace. 2058// 2059// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 2060// in China. To create an organization, the master must have an valid business 2061// license. For more information, contact customer support. 2062// 2063// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 2064// must first provide a valid contact address and phone number for the master 2065// account. Then try the operation again. 2066// 2067// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 2068// master account must have an associated account in the AWS GovCloud (US-West) 2069// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 2070// in the AWS GovCloud User Guide. 2071// 2072// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 2073// with this master account, you first must associate a valid payment instrument, 2074// such as a credit card, with the account. Follow the steps at To leave 2075// an organization when all required account information has not yet been 2076// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 2077// in the AWS Organizations User Guide. 2078// 2079// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 2080// to register more delegated administrators than allowed for the service 2081// principal. 2082// 2083// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 2084// number of policies of a certain type that can be attached to an entity 2085// at one time. 2086// 2087// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 2088// on this resource. 2089// 2090// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 2091// with this member account, you first must associate a valid payment instrument, 2092// such as a credit card, with the account. Follow the steps at To leave 2093// an organization when all required account information has not yet been 2094// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 2095// in the AWS Organizations User Guide. 2096// 2097// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 2098// policy from an entity that would cause the entity to have fewer than the 2099// minimum number of policies of a certain type required. 2100// 2101// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 2102// that requires the organization to be configured to support all features. 2103// An organization that supports only consolidated billing features can't 2104// perform this operation. 2105// 2106// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 2107// too many levels deep. 2108// 2109// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 2110// that you can have in an organization. 2111// 2112// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 2113// is larger than the maximum size. 2114// 2115// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 2116// policies that you can have in an organization. 2117// 2118// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 2119// tags that are not compliant with the tag policy requirements for this 2120// account. 2121// 2122// * DuplicateOrganizationalUnitException 2123// An OU with the same name already exists. 2124// 2125// * InvalidInputException 2126// The requested operation failed because you provided invalid values for one 2127// or more of the request parameters. This exception includes a reason that 2128// contains additional information about the violated limit: 2129// 2130// Some of the reasons in the following list might not be applicable to this 2131// specific API or operation. 2132// 2133// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 2134// can't be modified. 2135// 2136// * INPUT_REQUIRED: You must include a value for all required parameters. 2137// 2138// * INVALID_ENUM: You specified an invalid value. 2139// 2140// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 2141// characters. 2142// 2143// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 2144// at least one invalid value. 2145// 2146// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 2147// from the response to a previous call of the operation. 2148// 2149// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 2150// organization, or email) as a party. 2151// 2152// * INVALID_PATTERN: You provided a value that doesn't match the required 2153// pattern. 2154// 2155// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 2156// match the required pattern. 2157// 2158// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 2159// name can't begin with the reserved prefix AWSServiceRoleFor. 2160// 2161// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 2162// Name (ARN) for the organization. 2163// 2164// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 2165// 2166// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 2167// tag. You can’t add, edit, or delete system tag keys because they're 2168// reserved for AWS use. System tags don’t count against your tags per 2169// resource limit. 2170// 2171// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 2172// for the operation. 2173// 2174// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 2175// than allowed. 2176// 2177// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 2178// value than allowed. 2179// 2180// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 2181// than allowed. 2182// 2183// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 2184// value than allowed. 2185// 2186// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 2187// between entities in the same root. 2188// 2189// * ParentNotFoundException 2190// We can't find a root or OU with the ParentId that you specified. 2191// 2192// * ServiceException 2193// AWS Organizations can't complete your request because of an internal service 2194// error. Try again later. 2195// 2196// * TooManyRequestsException 2197// You have sent too many requests in too short a period of time. The quota 2198// helps protect against denial-of-service attacks. Try again later. 2199// 2200// For information about quotas that affect AWS Organizations, see Quotas for 2201// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 2202// the AWS Organizations User Guide. 2203// 2204// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationalUnit 2205func (c *Organizations) CreateOrganizationalUnit(input *CreateOrganizationalUnitInput) (*CreateOrganizationalUnitOutput, error) { 2206 req, out := c.CreateOrganizationalUnitRequest(input) 2207 return out, req.Send() 2208} 2209 2210// CreateOrganizationalUnitWithContext is the same as CreateOrganizationalUnit with the addition of 2211// the ability to pass a context and additional request options. 2212// 2213// See CreateOrganizationalUnit for details on how to use this API operation. 2214// 2215// The context must be non-nil and will be used for request cancellation. If 2216// the context is nil a panic will occur. In the future the SDK may create 2217// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2218// for more information on using Contexts. 2219func (c *Organizations) CreateOrganizationalUnitWithContext(ctx aws.Context, input *CreateOrganizationalUnitInput, opts ...request.Option) (*CreateOrganizationalUnitOutput, error) { 2220 req, out := c.CreateOrganizationalUnitRequest(input) 2221 req.SetContext(ctx) 2222 req.ApplyOptions(opts...) 2223 return out, req.Send() 2224} 2225 2226const opCreatePolicy = "CreatePolicy" 2227 2228// CreatePolicyRequest generates a "aws/request.Request" representing the 2229// client's request for the CreatePolicy operation. The "output" return 2230// value will be populated with the request's response once the request completes 2231// successfully. 2232// 2233// Use "Send" method on the returned Request to send the API call to the service. 2234// the "output" return value is not valid until after Send returns without error. 2235// 2236// See CreatePolicy for more information on using the CreatePolicy 2237// API call, and error handling. 2238// 2239// This method is useful when you want to inject custom logic or configuration 2240// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2241// 2242// 2243// // Example sending a request using the CreatePolicyRequest method. 2244// req, resp := client.CreatePolicyRequest(params) 2245// 2246// err := req.Send() 2247// if err == nil { // resp is now filled 2248// fmt.Println(resp) 2249// } 2250// 2251// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicy 2252func (c *Organizations) CreatePolicyRequest(input *CreatePolicyInput) (req *request.Request, output *CreatePolicyOutput) { 2253 op := &request.Operation{ 2254 Name: opCreatePolicy, 2255 HTTPMethod: "POST", 2256 HTTPPath: "/", 2257 } 2258 2259 if input == nil { 2260 input = &CreatePolicyInput{} 2261 } 2262 2263 output = &CreatePolicyOutput{} 2264 req = c.newRequest(op, input, output) 2265 return 2266} 2267 2268// CreatePolicy API operation for AWS Organizations. 2269// 2270// Creates a policy of a specified type that you can attach to a root, an organizational 2271// unit (OU), or an individual AWS account. 2272// 2273// For more information about policies and their use, see Managing Organization 2274// Policies (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html). 2275// 2276// This operation can be called only from the organization's master account. 2277// 2278// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2279// with awserr.Error's Code and Message methods to get detailed information about 2280// the error. 2281// 2282// See the AWS API reference guide for AWS Organizations's 2283// API operation CreatePolicy for usage and error information. 2284// 2285// Returned Error Types: 2286// * AccessDeniedException 2287// You don't have permissions to perform the requested operation. The user or 2288// role that is making the request must have at least one IAM permissions policy 2289// attached that grants the required permissions. For more information, see 2290// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 2291// in the IAM User Guide. 2292// 2293// * AWSOrganizationsNotInUseException 2294// Your account isn't a member of an organization. To make this request, you 2295// must use the credentials of an account that belongs to an organization. 2296// 2297// * ConcurrentModificationException 2298// The target of the operation is currently being modified by a different request. 2299// Try again later. 2300// 2301// * ConstraintViolationException 2302// Performing this operation violates a minimum or maximum value limit. For 2303// example, attempting to remove the last service control policy (SCP) from 2304// an OU or root, inviting or creating too many accounts to the organization, 2305// or attaching too many policies to an account, OU, or root. This exception 2306// includes a reason that contains additional information about the violated 2307// limit: 2308// 2309// Some of the reasons in the following list might not be applicable to this 2310// specific API or operation. 2311// 2312// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master 2313// account from the organization. You can't remove the master account. Instead, 2314// after you remove all member accounts, delete the organization itself. 2315// 2316// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 2317// from the organization that doesn't yet have enough information to exist 2318// as a standalone account. This account requires you to first agree to the 2319// AWS Customer Agreement. Follow the steps at Removing a member account 2320// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 2321// the AWS Organizations User Guide. 2322// 2323// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 2324// an account from the organization that doesn't yet have enough information 2325// to exist as a standalone account. This account requires you to first complete 2326// phone verification. Follow the steps at Removing a member account from 2327// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 2328// in the AWS Organizations User Guide. 2329// 2330// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 2331// of accounts that you can create in one day. 2332// 2333// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 2334// the number of accounts in an organization. If you need more accounts, 2335// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 2336// request an increase in your limit. Or the number of invitations that you 2337// tried to send would cause you to exceed the limit of accounts in your 2338// organization. Send fewer invitations or contact AWS Support to request 2339// an increase in the number of accounts. Deleted and closed accounts still 2340// count toward your limit. If you get this exception when running a command 2341// immediately after creating the organization, wait one hour and try again. 2342// After an hour, if the command continues to fail with this error, contact 2343// AWS Support (https://console.aws.amazon.com/support/home#/). 2344// 2345// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 2346// register the master account of the organization as a delegated administrator 2347// for an AWS service integrated with Organizations. You can designate only 2348// a member account as a delegated administrator. 2349// 2350// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 2351// an account that is registered as a delegated administrator for a service 2352// integrated with your organization. To complete this operation, you must 2353// first deregister this account as a delegated administrator. 2354// 2355// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 2356// organization in the specified region, you must enable all features mode. 2357// 2358// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 2359// an AWS account as a delegated administrator for an AWS service that already 2360// has a delegated administrator. To complete this operation, you must first 2361// deregister any existing delegated administrators for this service. 2362// 2363// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 2364// valid for a limited period of time. You must resubmit the request and 2365// generate a new verfication code. 2366// 2367// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 2368// handshakes that you can send in one day. 2369// 2370// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 2371// in this organization, you first must migrate the organization's master 2372// account to the marketplace that corresponds to the master account's address. 2373// For example, accounts with India addresses must be associated with the 2374// AISPL marketplace. All accounts in an organization must be associated 2375// with the same marketplace. 2376// 2377// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 2378// in China. To create an organization, the master must have an valid business 2379// license. For more information, contact customer support. 2380// 2381// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 2382// must first provide a valid contact address and phone number for the master 2383// account. Then try the operation again. 2384// 2385// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 2386// master account must have an associated account in the AWS GovCloud (US-West) 2387// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 2388// in the AWS GovCloud User Guide. 2389// 2390// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 2391// with this master account, you first must associate a valid payment instrument, 2392// such as a credit card, with the account. Follow the steps at To leave 2393// an organization when all required account information has not yet been 2394// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 2395// in the AWS Organizations User Guide. 2396// 2397// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 2398// to register more delegated administrators than allowed for the service 2399// principal. 2400// 2401// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 2402// number of policies of a certain type that can be attached to an entity 2403// at one time. 2404// 2405// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 2406// on this resource. 2407// 2408// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 2409// with this member account, you first must associate a valid payment instrument, 2410// such as a credit card, with the account. Follow the steps at To leave 2411// an organization when all required account information has not yet been 2412// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 2413// in the AWS Organizations User Guide. 2414// 2415// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 2416// policy from an entity that would cause the entity to have fewer than the 2417// minimum number of policies of a certain type required. 2418// 2419// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 2420// that requires the organization to be configured to support all features. 2421// An organization that supports only consolidated billing features can't 2422// perform this operation. 2423// 2424// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 2425// too many levels deep. 2426// 2427// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 2428// that you can have in an organization. 2429// 2430// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 2431// is larger than the maximum size. 2432// 2433// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 2434// policies that you can have in an organization. 2435// 2436// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 2437// tags that are not compliant with the tag policy requirements for this 2438// account. 2439// 2440// * DuplicatePolicyException 2441// A policy with the same name already exists. 2442// 2443// * InvalidInputException 2444// The requested operation failed because you provided invalid values for one 2445// or more of the request parameters. This exception includes a reason that 2446// contains additional information about the violated limit: 2447// 2448// Some of the reasons in the following list might not be applicable to this 2449// specific API or operation. 2450// 2451// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 2452// can't be modified. 2453// 2454// * INPUT_REQUIRED: You must include a value for all required parameters. 2455// 2456// * INVALID_ENUM: You specified an invalid value. 2457// 2458// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 2459// characters. 2460// 2461// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 2462// at least one invalid value. 2463// 2464// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 2465// from the response to a previous call of the operation. 2466// 2467// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 2468// organization, or email) as a party. 2469// 2470// * INVALID_PATTERN: You provided a value that doesn't match the required 2471// pattern. 2472// 2473// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 2474// match the required pattern. 2475// 2476// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 2477// name can't begin with the reserved prefix AWSServiceRoleFor. 2478// 2479// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 2480// Name (ARN) for the organization. 2481// 2482// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 2483// 2484// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 2485// tag. You can’t add, edit, or delete system tag keys because they're 2486// reserved for AWS use. System tags don’t count against your tags per 2487// resource limit. 2488// 2489// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 2490// for the operation. 2491// 2492// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 2493// than allowed. 2494// 2495// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 2496// value than allowed. 2497// 2498// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 2499// than allowed. 2500// 2501// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 2502// value than allowed. 2503// 2504// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 2505// between entities in the same root. 2506// 2507// * MalformedPolicyDocumentException 2508// The provided policy document doesn't meet the requirements of the specified 2509// policy type. For example, the syntax might be incorrect. For details about 2510// service control policy syntax, see Service Control Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html) 2511// in the AWS Organizations User Guide. 2512// 2513// * PolicyTypeNotAvailableForOrganizationException 2514// You can't use the specified policy type with the feature set currently enabled 2515// for this organization. For example, you can enable SCPs only after you enable 2516// all features in the organization. For more information, see Managing AWS 2517// Organizations Policies (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root)in 2518// the AWS Organizations User Guide. 2519// 2520// * ServiceException 2521// AWS Organizations can't complete your request because of an internal service 2522// error. Try again later. 2523// 2524// * TooManyRequestsException 2525// You have sent too many requests in too short a period of time. The quota 2526// helps protect against denial-of-service attacks. Try again later. 2527// 2528// For information about quotas that affect AWS Organizations, see Quotas for 2529// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 2530// the AWS Organizations User Guide. 2531// 2532// * UnsupportedAPIEndpointException 2533// This action isn't available in the current AWS Region. 2534// 2535// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicy 2536func (c *Organizations) CreatePolicy(input *CreatePolicyInput) (*CreatePolicyOutput, error) { 2537 req, out := c.CreatePolicyRequest(input) 2538 return out, req.Send() 2539} 2540 2541// CreatePolicyWithContext is the same as CreatePolicy with the addition of 2542// the ability to pass a context and additional request options. 2543// 2544// See CreatePolicy for details on how to use this API operation. 2545// 2546// The context must be non-nil and will be used for request cancellation. If 2547// the context is nil a panic will occur. In the future the SDK may create 2548// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2549// for more information on using Contexts. 2550func (c *Organizations) CreatePolicyWithContext(ctx aws.Context, input *CreatePolicyInput, opts ...request.Option) (*CreatePolicyOutput, error) { 2551 req, out := c.CreatePolicyRequest(input) 2552 req.SetContext(ctx) 2553 req.ApplyOptions(opts...) 2554 return out, req.Send() 2555} 2556 2557const opDeclineHandshake = "DeclineHandshake" 2558 2559// DeclineHandshakeRequest generates a "aws/request.Request" representing the 2560// client's request for the DeclineHandshake operation. The "output" return 2561// value will be populated with the request's response once the request completes 2562// successfully. 2563// 2564// Use "Send" method on the returned Request to send the API call to the service. 2565// the "output" return value is not valid until after Send returns without error. 2566// 2567// See DeclineHandshake for more information on using the DeclineHandshake 2568// API call, and error handling. 2569// 2570// This method is useful when you want to inject custom logic or configuration 2571// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2572// 2573// 2574// // Example sending a request using the DeclineHandshakeRequest method. 2575// req, resp := client.DeclineHandshakeRequest(params) 2576// 2577// err := req.Send() 2578// if err == nil { // resp is now filled 2579// fmt.Println(resp) 2580// } 2581// 2582// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeclineHandshake 2583func (c *Organizations) DeclineHandshakeRequest(input *DeclineHandshakeInput) (req *request.Request, output *DeclineHandshakeOutput) { 2584 op := &request.Operation{ 2585 Name: opDeclineHandshake, 2586 HTTPMethod: "POST", 2587 HTTPPath: "/", 2588 } 2589 2590 if input == nil { 2591 input = &DeclineHandshakeInput{} 2592 } 2593 2594 output = &DeclineHandshakeOutput{} 2595 req = c.newRequest(op, input, output) 2596 return 2597} 2598 2599// DeclineHandshake API operation for AWS Organizations. 2600// 2601// Declines a handshake request. This sets the handshake state to DECLINED and 2602// effectively deactivates the request. 2603// 2604// This operation can be called only from the account that received the handshake. 2605// The originator of the handshake can use CancelHandshake instead. The originator 2606// can't reactivate a declined request, but can reinitiate the process with 2607// a new handshake request. 2608// 2609// After you decline a handshake, it continues to appear in the results of relevant 2610// APIs for only 30 days. After that, it's deleted. 2611// 2612// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2613// with awserr.Error's Code and Message methods to get detailed information about 2614// the error. 2615// 2616// See the AWS API reference guide for AWS Organizations's 2617// API operation DeclineHandshake for usage and error information. 2618// 2619// Returned Error Types: 2620// * AccessDeniedException 2621// You don't have permissions to perform the requested operation. The user or 2622// role that is making the request must have at least one IAM permissions policy 2623// attached that grants the required permissions. For more information, see 2624// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 2625// in the IAM User Guide. 2626// 2627// * ConcurrentModificationException 2628// The target of the operation is currently being modified by a different request. 2629// Try again later. 2630// 2631// * HandshakeNotFoundException 2632// We can't find a handshake with the HandshakeId that you specified. 2633// 2634// * InvalidHandshakeTransitionException 2635// You can't perform the operation on the handshake in its current state. For 2636// example, you can't cancel a handshake that was already accepted or accept 2637// a handshake that was already declined. 2638// 2639// * HandshakeAlreadyInStateException 2640// The specified handshake is already in the requested state. For example, you 2641// can't accept a handshake that was already accepted. 2642// 2643// * InvalidInputException 2644// The requested operation failed because you provided invalid values for one 2645// or more of the request parameters. This exception includes a reason that 2646// contains additional information about the violated limit: 2647// 2648// Some of the reasons in the following list might not be applicable to this 2649// specific API or operation. 2650// 2651// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 2652// can't be modified. 2653// 2654// * INPUT_REQUIRED: You must include a value for all required parameters. 2655// 2656// * INVALID_ENUM: You specified an invalid value. 2657// 2658// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 2659// characters. 2660// 2661// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 2662// at least one invalid value. 2663// 2664// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 2665// from the response to a previous call of the operation. 2666// 2667// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 2668// organization, or email) as a party. 2669// 2670// * INVALID_PATTERN: You provided a value that doesn't match the required 2671// pattern. 2672// 2673// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 2674// match the required pattern. 2675// 2676// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 2677// name can't begin with the reserved prefix AWSServiceRoleFor. 2678// 2679// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 2680// Name (ARN) for the organization. 2681// 2682// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 2683// 2684// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 2685// tag. You can’t add, edit, or delete system tag keys because they're 2686// reserved for AWS use. System tags don’t count against your tags per 2687// resource limit. 2688// 2689// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 2690// for the operation. 2691// 2692// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 2693// than allowed. 2694// 2695// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 2696// value than allowed. 2697// 2698// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 2699// than allowed. 2700// 2701// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 2702// value than allowed. 2703// 2704// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 2705// between entities in the same root. 2706// 2707// * ServiceException 2708// AWS Organizations can't complete your request because of an internal service 2709// error. Try again later. 2710// 2711// * TooManyRequestsException 2712// You have sent too many requests in too short a period of time. The quota 2713// helps protect against denial-of-service attacks. Try again later. 2714// 2715// For information about quotas that affect AWS Organizations, see Quotas for 2716// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 2717// the AWS Organizations User Guide. 2718// 2719// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeclineHandshake 2720func (c *Organizations) DeclineHandshake(input *DeclineHandshakeInput) (*DeclineHandshakeOutput, error) { 2721 req, out := c.DeclineHandshakeRequest(input) 2722 return out, req.Send() 2723} 2724 2725// DeclineHandshakeWithContext is the same as DeclineHandshake with the addition of 2726// the ability to pass a context and additional request options. 2727// 2728// See DeclineHandshake for details on how to use this API operation. 2729// 2730// The context must be non-nil and will be used for request cancellation. If 2731// the context is nil a panic will occur. In the future the SDK may create 2732// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2733// for more information on using Contexts. 2734func (c *Organizations) DeclineHandshakeWithContext(ctx aws.Context, input *DeclineHandshakeInput, opts ...request.Option) (*DeclineHandshakeOutput, error) { 2735 req, out := c.DeclineHandshakeRequest(input) 2736 req.SetContext(ctx) 2737 req.ApplyOptions(opts...) 2738 return out, req.Send() 2739} 2740 2741const opDeleteOrganization = "DeleteOrganization" 2742 2743// DeleteOrganizationRequest generates a "aws/request.Request" representing the 2744// client's request for the DeleteOrganization operation. The "output" return 2745// value will be populated with the request's response once the request completes 2746// successfully. 2747// 2748// Use "Send" method on the returned Request to send the API call to the service. 2749// the "output" return value is not valid until after Send returns without error. 2750// 2751// See DeleteOrganization for more information on using the DeleteOrganization 2752// API call, and error handling. 2753// 2754// This method is useful when you want to inject custom logic or configuration 2755// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2756// 2757// 2758// // Example sending a request using the DeleteOrganizationRequest method. 2759// req, resp := client.DeleteOrganizationRequest(params) 2760// 2761// err := req.Send() 2762// if err == nil { // resp is now filled 2763// fmt.Println(resp) 2764// } 2765// 2766// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganization 2767func (c *Organizations) DeleteOrganizationRequest(input *DeleteOrganizationInput) (req *request.Request, output *DeleteOrganizationOutput) { 2768 op := &request.Operation{ 2769 Name: opDeleteOrganization, 2770 HTTPMethod: "POST", 2771 HTTPPath: "/", 2772 } 2773 2774 if input == nil { 2775 input = &DeleteOrganizationInput{} 2776 } 2777 2778 output = &DeleteOrganizationOutput{} 2779 req = c.newRequest(op, input, output) 2780 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2781 return 2782} 2783 2784// DeleteOrganization API operation for AWS Organizations. 2785// 2786// Deletes the organization. You can delete an organization only by using credentials 2787// from the master account. The organization must be empty of member accounts. 2788// 2789// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2790// with awserr.Error's Code and Message methods to get detailed information about 2791// the error. 2792// 2793// See the AWS API reference guide for AWS Organizations's 2794// API operation DeleteOrganization for usage and error information. 2795// 2796// Returned Error Types: 2797// * AccessDeniedException 2798// You don't have permissions to perform the requested operation. The user or 2799// role that is making the request must have at least one IAM permissions policy 2800// attached that grants the required permissions. For more information, see 2801// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 2802// in the IAM User Guide. 2803// 2804// * AWSOrganizationsNotInUseException 2805// Your account isn't a member of an organization. To make this request, you 2806// must use the credentials of an account that belongs to an organization. 2807// 2808// * ConcurrentModificationException 2809// The target of the operation is currently being modified by a different request. 2810// Try again later. 2811// 2812// * InvalidInputException 2813// The requested operation failed because you provided invalid values for one 2814// or more of the request parameters. This exception includes a reason that 2815// contains additional information about the violated limit: 2816// 2817// Some of the reasons in the following list might not be applicable to this 2818// specific API or operation. 2819// 2820// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 2821// can't be modified. 2822// 2823// * INPUT_REQUIRED: You must include a value for all required parameters. 2824// 2825// * INVALID_ENUM: You specified an invalid value. 2826// 2827// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 2828// characters. 2829// 2830// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 2831// at least one invalid value. 2832// 2833// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 2834// from the response to a previous call of the operation. 2835// 2836// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 2837// organization, or email) as a party. 2838// 2839// * INVALID_PATTERN: You provided a value that doesn't match the required 2840// pattern. 2841// 2842// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 2843// match the required pattern. 2844// 2845// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 2846// name can't begin with the reserved prefix AWSServiceRoleFor. 2847// 2848// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 2849// Name (ARN) for the organization. 2850// 2851// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 2852// 2853// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 2854// tag. You can’t add, edit, or delete system tag keys because they're 2855// reserved for AWS use. System tags don’t count against your tags per 2856// resource limit. 2857// 2858// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 2859// for the operation. 2860// 2861// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 2862// than allowed. 2863// 2864// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 2865// value than allowed. 2866// 2867// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 2868// than allowed. 2869// 2870// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 2871// value than allowed. 2872// 2873// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 2874// between entities in the same root. 2875// 2876// * OrganizationNotEmptyException 2877// The organization isn't empty. To delete an organization, you must first remove 2878// all accounts except the master account, delete all OUs, and delete all policies. 2879// 2880// * ServiceException 2881// AWS Organizations can't complete your request because of an internal service 2882// error. Try again later. 2883// 2884// * TooManyRequestsException 2885// You have sent too many requests in too short a period of time. The quota 2886// helps protect against denial-of-service attacks. Try again later. 2887// 2888// For information about quotas that affect AWS Organizations, see Quotas for 2889// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 2890// the AWS Organizations User Guide. 2891// 2892// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganization 2893func (c *Organizations) DeleteOrganization(input *DeleteOrganizationInput) (*DeleteOrganizationOutput, error) { 2894 req, out := c.DeleteOrganizationRequest(input) 2895 return out, req.Send() 2896} 2897 2898// DeleteOrganizationWithContext is the same as DeleteOrganization with the addition of 2899// the ability to pass a context and additional request options. 2900// 2901// See DeleteOrganization for details on how to use this API operation. 2902// 2903// The context must be non-nil and will be used for request cancellation. If 2904// the context is nil a panic will occur. In the future the SDK may create 2905// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2906// for more information on using Contexts. 2907func (c *Organizations) DeleteOrganizationWithContext(ctx aws.Context, input *DeleteOrganizationInput, opts ...request.Option) (*DeleteOrganizationOutput, error) { 2908 req, out := c.DeleteOrganizationRequest(input) 2909 req.SetContext(ctx) 2910 req.ApplyOptions(opts...) 2911 return out, req.Send() 2912} 2913 2914const opDeleteOrganizationalUnit = "DeleteOrganizationalUnit" 2915 2916// DeleteOrganizationalUnitRequest generates a "aws/request.Request" representing the 2917// client's request for the DeleteOrganizationalUnit operation. The "output" return 2918// value will be populated with the request's response once the request completes 2919// successfully. 2920// 2921// Use "Send" method on the returned Request to send the API call to the service. 2922// the "output" return value is not valid until after Send returns without error. 2923// 2924// See DeleteOrganizationalUnit for more information on using the DeleteOrganizationalUnit 2925// API call, and error handling. 2926// 2927// This method is useful when you want to inject custom logic or configuration 2928// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2929// 2930// 2931// // Example sending a request using the DeleteOrganizationalUnitRequest method. 2932// req, resp := client.DeleteOrganizationalUnitRequest(params) 2933// 2934// err := req.Send() 2935// if err == nil { // resp is now filled 2936// fmt.Println(resp) 2937// } 2938// 2939// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganizationalUnit 2940func (c *Organizations) DeleteOrganizationalUnitRequest(input *DeleteOrganizationalUnitInput) (req *request.Request, output *DeleteOrganizationalUnitOutput) { 2941 op := &request.Operation{ 2942 Name: opDeleteOrganizationalUnit, 2943 HTTPMethod: "POST", 2944 HTTPPath: "/", 2945 } 2946 2947 if input == nil { 2948 input = &DeleteOrganizationalUnitInput{} 2949 } 2950 2951 output = &DeleteOrganizationalUnitOutput{} 2952 req = c.newRequest(op, input, output) 2953 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2954 return 2955} 2956 2957// DeleteOrganizationalUnit API operation for AWS Organizations. 2958// 2959// Deletes an organizational unit (OU) from a root or another OU. You must first 2960// remove all accounts and child OUs from the OU that you want to delete. 2961// 2962// This operation can be called only from the organization's master account. 2963// 2964// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2965// with awserr.Error's Code and Message methods to get detailed information about 2966// the error. 2967// 2968// See the AWS API reference guide for AWS Organizations's 2969// API operation DeleteOrganizationalUnit for usage and error information. 2970// 2971// Returned Error Types: 2972// * AccessDeniedException 2973// You don't have permissions to perform the requested operation. The user or 2974// role that is making the request must have at least one IAM permissions policy 2975// attached that grants the required permissions. For more information, see 2976// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 2977// in the IAM User Guide. 2978// 2979// * AWSOrganizationsNotInUseException 2980// Your account isn't a member of an organization. To make this request, you 2981// must use the credentials of an account that belongs to an organization. 2982// 2983// * ConcurrentModificationException 2984// The target of the operation is currently being modified by a different request. 2985// Try again later. 2986// 2987// * InvalidInputException 2988// The requested operation failed because you provided invalid values for one 2989// or more of the request parameters. This exception includes a reason that 2990// contains additional information about the violated limit: 2991// 2992// Some of the reasons in the following list might not be applicable to this 2993// specific API or operation. 2994// 2995// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 2996// can't be modified. 2997// 2998// * INPUT_REQUIRED: You must include a value for all required parameters. 2999// 3000// * INVALID_ENUM: You specified an invalid value. 3001// 3002// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 3003// characters. 3004// 3005// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 3006// at least one invalid value. 3007// 3008// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 3009// from the response to a previous call of the operation. 3010// 3011// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 3012// organization, or email) as a party. 3013// 3014// * INVALID_PATTERN: You provided a value that doesn't match the required 3015// pattern. 3016// 3017// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 3018// match the required pattern. 3019// 3020// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 3021// name can't begin with the reserved prefix AWSServiceRoleFor. 3022// 3023// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 3024// Name (ARN) for the organization. 3025// 3026// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 3027// 3028// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 3029// tag. You can’t add, edit, or delete system tag keys because they're 3030// reserved for AWS use. System tags don’t count against your tags per 3031// resource limit. 3032// 3033// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 3034// for the operation. 3035// 3036// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 3037// than allowed. 3038// 3039// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 3040// value than allowed. 3041// 3042// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 3043// than allowed. 3044// 3045// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 3046// value than allowed. 3047// 3048// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 3049// between entities in the same root. 3050// 3051// * OrganizationalUnitNotEmptyException 3052// The specified OU is not empty. Move all accounts to another root or to other 3053// OUs, remove all child OUs, and try the operation again. 3054// 3055// * OrganizationalUnitNotFoundException 3056// We can't find an OU with the OrganizationalUnitId that you specified. 3057// 3058// * ServiceException 3059// AWS Organizations can't complete your request because of an internal service 3060// error. Try again later. 3061// 3062// * TooManyRequestsException 3063// You have sent too many requests in too short a period of time. The quota 3064// helps protect against denial-of-service attacks. Try again later. 3065// 3066// For information about quotas that affect AWS Organizations, see Quotas for 3067// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 3068// the AWS Organizations User Guide. 3069// 3070// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganizationalUnit 3071func (c *Organizations) DeleteOrganizationalUnit(input *DeleteOrganizationalUnitInput) (*DeleteOrganizationalUnitOutput, error) { 3072 req, out := c.DeleteOrganizationalUnitRequest(input) 3073 return out, req.Send() 3074} 3075 3076// DeleteOrganizationalUnitWithContext is the same as DeleteOrganizationalUnit with the addition of 3077// the ability to pass a context and additional request options. 3078// 3079// See DeleteOrganizationalUnit for details on how to use this API operation. 3080// 3081// The context must be non-nil and will be used for request cancellation. If 3082// the context is nil a panic will occur. In the future the SDK may create 3083// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3084// for more information on using Contexts. 3085func (c *Organizations) DeleteOrganizationalUnitWithContext(ctx aws.Context, input *DeleteOrganizationalUnitInput, opts ...request.Option) (*DeleteOrganizationalUnitOutput, error) { 3086 req, out := c.DeleteOrganizationalUnitRequest(input) 3087 req.SetContext(ctx) 3088 req.ApplyOptions(opts...) 3089 return out, req.Send() 3090} 3091 3092const opDeletePolicy = "DeletePolicy" 3093 3094// DeletePolicyRequest generates a "aws/request.Request" representing the 3095// client's request for the DeletePolicy operation. The "output" return 3096// value will be populated with the request's response once the request completes 3097// successfully. 3098// 3099// Use "Send" method on the returned Request to send the API call to the service. 3100// the "output" return value is not valid until after Send returns without error. 3101// 3102// See DeletePolicy for more information on using the DeletePolicy 3103// API call, and error handling. 3104// 3105// This method is useful when you want to inject custom logic or configuration 3106// into the SDK's request lifecycle. Such as custom headers, or retry logic. 3107// 3108// 3109// // Example sending a request using the DeletePolicyRequest method. 3110// req, resp := client.DeletePolicyRequest(params) 3111// 3112// err := req.Send() 3113// if err == nil { // resp is now filled 3114// fmt.Println(resp) 3115// } 3116// 3117// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeletePolicy 3118func (c *Organizations) DeletePolicyRequest(input *DeletePolicyInput) (req *request.Request, output *DeletePolicyOutput) { 3119 op := &request.Operation{ 3120 Name: opDeletePolicy, 3121 HTTPMethod: "POST", 3122 HTTPPath: "/", 3123 } 3124 3125 if input == nil { 3126 input = &DeletePolicyInput{} 3127 } 3128 3129 output = &DeletePolicyOutput{} 3130 req = c.newRequest(op, input, output) 3131 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 3132 return 3133} 3134 3135// DeletePolicy API operation for AWS Organizations. 3136// 3137// Deletes the specified policy from your organization. Before you perform this 3138// operation, you must first detach the policy from all organizational units 3139// (OUs), roots, and accounts. 3140// 3141// This operation can be called only from the organization's master account. 3142// 3143// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 3144// with awserr.Error's Code and Message methods to get detailed information about 3145// the error. 3146// 3147// See the AWS API reference guide for AWS Organizations's 3148// API operation DeletePolicy for usage and error information. 3149// 3150// Returned Error Types: 3151// * AccessDeniedException 3152// You don't have permissions to perform the requested operation. The user or 3153// role that is making the request must have at least one IAM permissions policy 3154// attached that grants the required permissions. For more information, see 3155// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 3156// in the IAM User Guide. 3157// 3158// * AWSOrganizationsNotInUseException 3159// Your account isn't a member of an organization. To make this request, you 3160// must use the credentials of an account that belongs to an organization. 3161// 3162// * ConcurrentModificationException 3163// The target of the operation is currently being modified by a different request. 3164// Try again later. 3165// 3166// * InvalidInputException 3167// The requested operation failed because you provided invalid values for one 3168// or more of the request parameters. This exception includes a reason that 3169// contains additional information about the violated limit: 3170// 3171// Some of the reasons in the following list might not be applicable to this 3172// specific API or operation. 3173// 3174// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 3175// can't be modified. 3176// 3177// * INPUT_REQUIRED: You must include a value for all required parameters. 3178// 3179// * INVALID_ENUM: You specified an invalid value. 3180// 3181// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 3182// characters. 3183// 3184// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 3185// at least one invalid value. 3186// 3187// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 3188// from the response to a previous call of the operation. 3189// 3190// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 3191// organization, or email) as a party. 3192// 3193// * INVALID_PATTERN: You provided a value that doesn't match the required 3194// pattern. 3195// 3196// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 3197// match the required pattern. 3198// 3199// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 3200// name can't begin with the reserved prefix AWSServiceRoleFor. 3201// 3202// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 3203// Name (ARN) for the organization. 3204// 3205// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 3206// 3207// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 3208// tag. You can’t add, edit, or delete system tag keys because they're 3209// reserved for AWS use. System tags don’t count against your tags per 3210// resource limit. 3211// 3212// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 3213// for the operation. 3214// 3215// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 3216// than allowed. 3217// 3218// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 3219// value than allowed. 3220// 3221// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 3222// than allowed. 3223// 3224// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 3225// value than allowed. 3226// 3227// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 3228// between entities in the same root. 3229// 3230// * PolicyInUseException 3231// The policy is attached to one or more entities. You must detach it from all 3232// roots, OUs, and accounts before performing this operation. 3233// 3234// * PolicyNotFoundException 3235// We can't find a policy with the PolicyId that you specified. 3236// 3237// * ServiceException 3238// AWS Organizations can't complete your request because of an internal service 3239// error. Try again later. 3240// 3241// * TooManyRequestsException 3242// You have sent too many requests in too short a period of time. The quota 3243// helps protect against denial-of-service attacks. Try again later. 3244// 3245// For information about quotas that affect AWS Organizations, see Quotas for 3246// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 3247// the AWS Organizations User Guide. 3248// 3249// * UnsupportedAPIEndpointException 3250// This action isn't available in the current AWS Region. 3251// 3252// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeletePolicy 3253func (c *Organizations) DeletePolicy(input *DeletePolicyInput) (*DeletePolicyOutput, error) { 3254 req, out := c.DeletePolicyRequest(input) 3255 return out, req.Send() 3256} 3257 3258// DeletePolicyWithContext is the same as DeletePolicy with the addition of 3259// the ability to pass a context and additional request options. 3260// 3261// See DeletePolicy for details on how to use this API operation. 3262// 3263// The context must be non-nil and will be used for request cancellation. If 3264// the context is nil a panic will occur. In the future the SDK may create 3265// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3266// for more information on using Contexts. 3267func (c *Organizations) DeletePolicyWithContext(ctx aws.Context, input *DeletePolicyInput, opts ...request.Option) (*DeletePolicyOutput, error) { 3268 req, out := c.DeletePolicyRequest(input) 3269 req.SetContext(ctx) 3270 req.ApplyOptions(opts...) 3271 return out, req.Send() 3272} 3273 3274const opDeregisterDelegatedAdministrator = "DeregisterDelegatedAdministrator" 3275 3276// DeregisterDelegatedAdministratorRequest generates a "aws/request.Request" representing the 3277// client's request for the DeregisterDelegatedAdministrator operation. The "output" return 3278// value will be populated with the request's response once the request completes 3279// successfully. 3280// 3281// Use "Send" method on the returned Request to send the API call to the service. 3282// the "output" return value is not valid until after Send returns without error. 3283// 3284// See DeregisterDelegatedAdministrator for more information on using the DeregisterDelegatedAdministrator 3285// API call, and error handling. 3286// 3287// This method is useful when you want to inject custom logic or configuration 3288// into the SDK's request lifecycle. Such as custom headers, or retry logic. 3289// 3290// 3291// // Example sending a request using the DeregisterDelegatedAdministratorRequest method. 3292// req, resp := client.DeregisterDelegatedAdministratorRequest(params) 3293// 3294// err := req.Send() 3295// if err == nil { // resp is now filled 3296// fmt.Println(resp) 3297// } 3298// 3299// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeregisterDelegatedAdministrator 3300func (c *Organizations) DeregisterDelegatedAdministratorRequest(input *DeregisterDelegatedAdministratorInput) (req *request.Request, output *DeregisterDelegatedAdministratorOutput) { 3301 op := &request.Operation{ 3302 Name: opDeregisterDelegatedAdministrator, 3303 HTTPMethod: "POST", 3304 HTTPPath: "/", 3305 } 3306 3307 if input == nil { 3308 input = &DeregisterDelegatedAdministratorInput{} 3309 } 3310 3311 output = &DeregisterDelegatedAdministratorOutput{} 3312 req = c.newRequest(op, input, output) 3313 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 3314 return 3315} 3316 3317// DeregisterDelegatedAdministrator API operation for AWS Organizations. 3318// 3319// Removes the specified member AWS account as a delegated administrator for 3320// the specified AWS service. 3321// 3322// Deregistering a delegated administrator can have unintended impacts on the 3323// functionality of the enabled AWS service. See the documentation for the enabled 3324// service before you deregister a delegated administrator so that you understand 3325// any potential impacts. 3326// 3327// You can run this action only for AWS services that support this feature. 3328// For a current list of services that support it, see the column Supports Delegated 3329// Administrator in the table at AWS Services that you can use with AWS Organizations 3330// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrated-services-list.html) 3331// in the AWS Organizations User Guide. 3332// 3333// This operation can be called only from the organization's master account. 3334// 3335// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 3336// with awserr.Error's Code and Message methods to get detailed information about 3337// the error. 3338// 3339// See the AWS API reference guide for AWS Organizations's 3340// API operation DeregisterDelegatedAdministrator for usage and error information. 3341// 3342// Returned Error Types: 3343// * AccessDeniedException 3344// You don't have permissions to perform the requested operation. The user or 3345// role that is making the request must have at least one IAM permissions policy 3346// attached that grants the required permissions. For more information, see 3347// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 3348// in the IAM User Guide. 3349// 3350// * AccountNotFoundException 3351// We can't find an AWS account with the AccountId that you specified, or the 3352// account whose credentials you used to make this request isn't a member of 3353// an organization. 3354// 3355// * AccountNotRegisteredException 3356// The specified account is not a delegated administrator for this AWS service. 3357// 3358// * AWSOrganizationsNotInUseException 3359// Your account isn't a member of an organization. To make this request, you 3360// must use the credentials of an account that belongs to an organization. 3361// 3362// * ConcurrentModificationException 3363// The target of the operation is currently being modified by a different request. 3364// Try again later. 3365// 3366// * ConstraintViolationException 3367// Performing this operation violates a minimum or maximum value limit. For 3368// example, attempting to remove the last service control policy (SCP) from 3369// an OU or root, inviting or creating too many accounts to the organization, 3370// or attaching too many policies to an account, OU, or root. This exception 3371// includes a reason that contains additional information about the violated 3372// limit: 3373// 3374// Some of the reasons in the following list might not be applicable to this 3375// specific API or operation. 3376// 3377// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master 3378// account from the organization. You can't remove the master account. Instead, 3379// after you remove all member accounts, delete the organization itself. 3380// 3381// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 3382// from the organization that doesn't yet have enough information to exist 3383// as a standalone account. This account requires you to first agree to the 3384// AWS Customer Agreement. Follow the steps at Removing a member account 3385// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 3386// the AWS Organizations User Guide. 3387// 3388// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 3389// an account from the organization that doesn't yet have enough information 3390// to exist as a standalone account. This account requires you to first complete 3391// phone verification. Follow the steps at Removing a member account from 3392// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 3393// in the AWS Organizations User Guide. 3394// 3395// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 3396// of accounts that you can create in one day. 3397// 3398// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 3399// the number of accounts in an organization. If you need more accounts, 3400// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 3401// request an increase in your limit. Or the number of invitations that you 3402// tried to send would cause you to exceed the limit of accounts in your 3403// organization. Send fewer invitations or contact AWS Support to request 3404// an increase in the number of accounts. Deleted and closed accounts still 3405// count toward your limit. If you get this exception when running a command 3406// immediately after creating the organization, wait one hour and try again. 3407// After an hour, if the command continues to fail with this error, contact 3408// AWS Support (https://console.aws.amazon.com/support/home#/). 3409// 3410// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 3411// register the master account of the organization as a delegated administrator 3412// for an AWS service integrated with Organizations. You can designate only 3413// a member account as a delegated administrator. 3414// 3415// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 3416// an account that is registered as a delegated administrator for a service 3417// integrated with your organization. To complete this operation, you must 3418// first deregister this account as a delegated administrator. 3419// 3420// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 3421// organization in the specified region, you must enable all features mode. 3422// 3423// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 3424// an AWS account as a delegated administrator for an AWS service that already 3425// has a delegated administrator. To complete this operation, you must first 3426// deregister any existing delegated administrators for this service. 3427// 3428// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 3429// valid for a limited period of time. You must resubmit the request and 3430// generate a new verfication code. 3431// 3432// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 3433// handshakes that you can send in one day. 3434// 3435// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 3436// in this organization, you first must migrate the organization's master 3437// account to the marketplace that corresponds to the master account's address. 3438// For example, accounts with India addresses must be associated with the 3439// AISPL marketplace. All accounts in an organization must be associated 3440// with the same marketplace. 3441// 3442// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 3443// in China. To create an organization, the master must have an valid business 3444// license. For more information, contact customer support. 3445// 3446// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 3447// must first provide a valid contact address and phone number for the master 3448// account. Then try the operation again. 3449// 3450// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 3451// master account must have an associated account in the AWS GovCloud (US-West) 3452// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 3453// in the AWS GovCloud User Guide. 3454// 3455// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 3456// with this master account, you first must associate a valid payment instrument, 3457// such as a credit card, with the account. Follow the steps at To leave 3458// an organization when all required account information has not yet been 3459// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 3460// in the AWS Organizations User Guide. 3461// 3462// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 3463// to register more delegated administrators than allowed for the service 3464// principal. 3465// 3466// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 3467// number of policies of a certain type that can be attached to an entity 3468// at one time. 3469// 3470// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 3471// on this resource. 3472// 3473// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 3474// with this member account, you first must associate a valid payment instrument, 3475// such as a credit card, with the account. Follow the steps at To leave 3476// an organization when all required account information has not yet been 3477// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 3478// in the AWS Organizations User Guide. 3479// 3480// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 3481// policy from an entity that would cause the entity to have fewer than the 3482// minimum number of policies of a certain type required. 3483// 3484// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 3485// that requires the organization to be configured to support all features. 3486// An organization that supports only consolidated billing features can't 3487// perform this operation. 3488// 3489// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 3490// too many levels deep. 3491// 3492// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 3493// that you can have in an organization. 3494// 3495// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 3496// is larger than the maximum size. 3497// 3498// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 3499// policies that you can have in an organization. 3500// 3501// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 3502// tags that are not compliant with the tag policy requirements for this 3503// account. 3504// 3505// * InvalidInputException 3506// The requested operation failed because you provided invalid values for one 3507// or more of the request parameters. This exception includes a reason that 3508// contains additional information about the violated limit: 3509// 3510// Some of the reasons in the following list might not be applicable to this 3511// specific API or operation. 3512// 3513// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 3514// can't be modified. 3515// 3516// * INPUT_REQUIRED: You must include a value for all required parameters. 3517// 3518// * INVALID_ENUM: You specified an invalid value. 3519// 3520// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 3521// characters. 3522// 3523// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 3524// at least one invalid value. 3525// 3526// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 3527// from the response to a previous call of the operation. 3528// 3529// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 3530// organization, or email) as a party. 3531// 3532// * INVALID_PATTERN: You provided a value that doesn't match the required 3533// pattern. 3534// 3535// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 3536// match the required pattern. 3537// 3538// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 3539// name can't begin with the reserved prefix AWSServiceRoleFor. 3540// 3541// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 3542// Name (ARN) for the organization. 3543// 3544// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 3545// 3546// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 3547// tag. You can’t add, edit, or delete system tag keys because they're 3548// reserved for AWS use. System tags don’t count against your tags per 3549// resource limit. 3550// 3551// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 3552// for the operation. 3553// 3554// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 3555// than allowed. 3556// 3557// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 3558// value than allowed. 3559// 3560// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 3561// than allowed. 3562// 3563// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 3564// value than allowed. 3565// 3566// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 3567// between entities in the same root. 3568// 3569// * TooManyRequestsException 3570// You have sent too many requests in too short a period of time. The quota 3571// helps protect against denial-of-service attacks. Try again later. 3572// 3573// For information about quotas that affect AWS Organizations, see Quotas for 3574// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 3575// the AWS Organizations User Guide. 3576// 3577// * ServiceException 3578// AWS Organizations can't complete your request because of an internal service 3579// error. Try again later. 3580// 3581// * UnsupportedAPIEndpointException 3582// This action isn't available in the current AWS Region. 3583// 3584// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeregisterDelegatedAdministrator 3585func (c *Organizations) DeregisterDelegatedAdministrator(input *DeregisterDelegatedAdministratorInput) (*DeregisterDelegatedAdministratorOutput, error) { 3586 req, out := c.DeregisterDelegatedAdministratorRequest(input) 3587 return out, req.Send() 3588} 3589 3590// DeregisterDelegatedAdministratorWithContext is the same as DeregisterDelegatedAdministrator with the addition of 3591// the ability to pass a context and additional request options. 3592// 3593// See DeregisterDelegatedAdministrator for details on how to use this API operation. 3594// 3595// The context must be non-nil and will be used for request cancellation. If 3596// the context is nil a panic will occur. In the future the SDK may create 3597// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3598// for more information on using Contexts. 3599func (c *Organizations) DeregisterDelegatedAdministratorWithContext(ctx aws.Context, input *DeregisterDelegatedAdministratorInput, opts ...request.Option) (*DeregisterDelegatedAdministratorOutput, error) { 3600 req, out := c.DeregisterDelegatedAdministratorRequest(input) 3601 req.SetContext(ctx) 3602 req.ApplyOptions(opts...) 3603 return out, req.Send() 3604} 3605 3606const opDescribeAccount = "DescribeAccount" 3607 3608// DescribeAccountRequest generates a "aws/request.Request" representing the 3609// client's request for the DescribeAccount operation. The "output" return 3610// value will be populated with the request's response once the request completes 3611// successfully. 3612// 3613// Use "Send" method on the returned Request to send the API call to the service. 3614// the "output" return value is not valid until after Send returns without error. 3615// 3616// See DescribeAccount for more information on using the DescribeAccount 3617// API call, and error handling. 3618// 3619// This method is useful when you want to inject custom logic or configuration 3620// into the SDK's request lifecycle. Such as custom headers, or retry logic. 3621// 3622// 3623// // Example sending a request using the DescribeAccountRequest method. 3624// req, resp := client.DescribeAccountRequest(params) 3625// 3626// err := req.Send() 3627// if err == nil { // resp is now filled 3628// fmt.Println(resp) 3629// } 3630// 3631// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeAccount 3632func (c *Organizations) DescribeAccountRequest(input *DescribeAccountInput) (req *request.Request, output *DescribeAccountOutput) { 3633 op := &request.Operation{ 3634 Name: opDescribeAccount, 3635 HTTPMethod: "POST", 3636 HTTPPath: "/", 3637 } 3638 3639 if input == nil { 3640 input = &DescribeAccountInput{} 3641 } 3642 3643 output = &DescribeAccountOutput{} 3644 req = c.newRequest(op, input, output) 3645 return 3646} 3647 3648// DescribeAccount API operation for AWS Organizations. 3649// 3650// Retrieves AWS Organizations-related information about the specified account. 3651// 3652// This operation can be called only from the organization's master account 3653// or by a member account that is a delegated administrator for an AWS service. 3654// 3655// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 3656// with awserr.Error's Code and Message methods to get detailed information about 3657// the error. 3658// 3659// See the AWS API reference guide for AWS Organizations's 3660// API operation DescribeAccount for usage and error information. 3661// 3662// Returned Error Types: 3663// * AccessDeniedException 3664// You don't have permissions to perform the requested operation. The user or 3665// role that is making the request must have at least one IAM permissions policy 3666// attached that grants the required permissions. For more information, see 3667// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 3668// in the IAM User Guide. 3669// 3670// * AccountNotFoundException 3671// We can't find an AWS account with the AccountId that you specified, or the 3672// account whose credentials you used to make this request isn't a member of 3673// an organization. 3674// 3675// * AWSOrganizationsNotInUseException 3676// Your account isn't a member of an organization. To make this request, you 3677// must use the credentials of an account that belongs to an organization. 3678// 3679// * InvalidInputException 3680// The requested operation failed because you provided invalid values for one 3681// or more of the request parameters. This exception includes a reason that 3682// contains additional information about the violated limit: 3683// 3684// Some of the reasons in the following list might not be applicable to this 3685// specific API or operation. 3686// 3687// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 3688// can't be modified. 3689// 3690// * INPUT_REQUIRED: You must include a value for all required parameters. 3691// 3692// * INVALID_ENUM: You specified an invalid value. 3693// 3694// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 3695// characters. 3696// 3697// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 3698// at least one invalid value. 3699// 3700// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 3701// from the response to a previous call of the operation. 3702// 3703// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 3704// organization, or email) as a party. 3705// 3706// * INVALID_PATTERN: You provided a value that doesn't match the required 3707// pattern. 3708// 3709// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 3710// match the required pattern. 3711// 3712// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 3713// name can't begin with the reserved prefix AWSServiceRoleFor. 3714// 3715// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 3716// Name (ARN) for the organization. 3717// 3718// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 3719// 3720// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 3721// tag. You can’t add, edit, or delete system tag keys because they're 3722// reserved for AWS use. System tags don’t count against your tags per 3723// resource limit. 3724// 3725// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 3726// for the operation. 3727// 3728// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 3729// than allowed. 3730// 3731// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 3732// value than allowed. 3733// 3734// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 3735// than allowed. 3736// 3737// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 3738// value than allowed. 3739// 3740// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 3741// between entities in the same root. 3742// 3743// * ServiceException 3744// AWS Organizations can't complete your request because of an internal service 3745// error. Try again later. 3746// 3747// * TooManyRequestsException 3748// You have sent too many requests in too short a period of time. The quota 3749// helps protect against denial-of-service attacks. Try again later. 3750// 3751// For information about quotas that affect AWS Organizations, see Quotas for 3752// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 3753// the AWS Organizations User Guide. 3754// 3755// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeAccount 3756func (c *Organizations) DescribeAccount(input *DescribeAccountInput) (*DescribeAccountOutput, error) { 3757 req, out := c.DescribeAccountRequest(input) 3758 return out, req.Send() 3759} 3760 3761// DescribeAccountWithContext is the same as DescribeAccount with the addition of 3762// the ability to pass a context and additional request options. 3763// 3764// See DescribeAccount for details on how to use this API operation. 3765// 3766// The context must be non-nil and will be used for request cancellation. If 3767// the context is nil a panic will occur. In the future the SDK may create 3768// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3769// for more information on using Contexts. 3770func (c *Organizations) DescribeAccountWithContext(ctx aws.Context, input *DescribeAccountInput, opts ...request.Option) (*DescribeAccountOutput, error) { 3771 req, out := c.DescribeAccountRequest(input) 3772 req.SetContext(ctx) 3773 req.ApplyOptions(opts...) 3774 return out, req.Send() 3775} 3776 3777const opDescribeCreateAccountStatus = "DescribeCreateAccountStatus" 3778 3779// DescribeCreateAccountStatusRequest generates a "aws/request.Request" representing the 3780// client's request for the DescribeCreateAccountStatus operation. The "output" return 3781// value will be populated with the request's response once the request completes 3782// successfully. 3783// 3784// Use "Send" method on the returned Request to send the API call to the service. 3785// the "output" return value is not valid until after Send returns without error. 3786// 3787// See DescribeCreateAccountStatus for more information on using the DescribeCreateAccountStatus 3788// API call, and error handling. 3789// 3790// This method is useful when you want to inject custom logic or configuration 3791// into the SDK's request lifecycle. Such as custom headers, or retry logic. 3792// 3793// 3794// // Example sending a request using the DescribeCreateAccountStatusRequest method. 3795// req, resp := client.DescribeCreateAccountStatusRequest(params) 3796// 3797// err := req.Send() 3798// if err == nil { // resp is now filled 3799// fmt.Println(resp) 3800// } 3801// 3802// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus 3803func (c *Organizations) DescribeCreateAccountStatusRequest(input *DescribeCreateAccountStatusInput) (req *request.Request, output *DescribeCreateAccountStatusOutput) { 3804 op := &request.Operation{ 3805 Name: opDescribeCreateAccountStatus, 3806 HTTPMethod: "POST", 3807 HTTPPath: "/", 3808 } 3809 3810 if input == nil { 3811 input = &DescribeCreateAccountStatusInput{} 3812 } 3813 3814 output = &DescribeCreateAccountStatusOutput{} 3815 req = c.newRequest(op, input, output) 3816 return 3817} 3818 3819// DescribeCreateAccountStatus API operation for AWS Organizations. 3820// 3821// Retrieves the current status of an asynchronous request to create an account. 3822// 3823// This operation can be called only from the organization's master account 3824// or by a member account that is a delegated administrator for an AWS service. 3825// 3826// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 3827// with awserr.Error's Code and Message methods to get detailed information about 3828// the error. 3829// 3830// See the AWS API reference guide for AWS Organizations's 3831// API operation DescribeCreateAccountStatus for usage and error information. 3832// 3833// Returned Error Types: 3834// * AccessDeniedException 3835// You don't have permissions to perform the requested operation. The user or 3836// role that is making the request must have at least one IAM permissions policy 3837// attached that grants the required permissions. For more information, see 3838// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 3839// in the IAM User Guide. 3840// 3841// * AWSOrganizationsNotInUseException 3842// Your account isn't a member of an organization. To make this request, you 3843// must use the credentials of an account that belongs to an organization. 3844// 3845// * CreateAccountStatusNotFoundException 3846// We can't find an create account request with the CreateAccountRequestId that 3847// you specified. 3848// 3849// * InvalidInputException 3850// The requested operation failed because you provided invalid values for one 3851// or more of the request parameters. This exception includes a reason that 3852// contains additional information about the violated limit: 3853// 3854// Some of the reasons in the following list might not be applicable to this 3855// specific API or operation. 3856// 3857// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 3858// can't be modified. 3859// 3860// * INPUT_REQUIRED: You must include a value for all required parameters. 3861// 3862// * INVALID_ENUM: You specified an invalid value. 3863// 3864// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 3865// characters. 3866// 3867// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 3868// at least one invalid value. 3869// 3870// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 3871// from the response to a previous call of the operation. 3872// 3873// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 3874// organization, or email) as a party. 3875// 3876// * INVALID_PATTERN: You provided a value that doesn't match the required 3877// pattern. 3878// 3879// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 3880// match the required pattern. 3881// 3882// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 3883// name can't begin with the reserved prefix AWSServiceRoleFor. 3884// 3885// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 3886// Name (ARN) for the organization. 3887// 3888// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 3889// 3890// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 3891// tag. You can’t add, edit, or delete system tag keys because they're 3892// reserved for AWS use. System tags don’t count against your tags per 3893// resource limit. 3894// 3895// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 3896// for the operation. 3897// 3898// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 3899// than allowed. 3900// 3901// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 3902// value than allowed. 3903// 3904// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 3905// than allowed. 3906// 3907// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 3908// value than allowed. 3909// 3910// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 3911// between entities in the same root. 3912// 3913// * ServiceException 3914// AWS Organizations can't complete your request because of an internal service 3915// error. Try again later. 3916// 3917// * TooManyRequestsException 3918// You have sent too many requests in too short a period of time. The quota 3919// helps protect against denial-of-service attacks. Try again later. 3920// 3921// For information about quotas that affect AWS Organizations, see Quotas for 3922// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 3923// the AWS Organizations User Guide. 3924// 3925// * UnsupportedAPIEndpointException 3926// This action isn't available in the current AWS Region. 3927// 3928// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus 3929func (c *Organizations) DescribeCreateAccountStatus(input *DescribeCreateAccountStatusInput) (*DescribeCreateAccountStatusOutput, error) { 3930 req, out := c.DescribeCreateAccountStatusRequest(input) 3931 return out, req.Send() 3932} 3933 3934// DescribeCreateAccountStatusWithContext is the same as DescribeCreateAccountStatus with the addition of 3935// the ability to pass a context and additional request options. 3936// 3937// See DescribeCreateAccountStatus for details on how to use this API operation. 3938// 3939// The context must be non-nil and will be used for request cancellation. If 3940// the context is nil a panic will occur. In the future the SDK may create 3941// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3942// for more information on using Contexts. 3943func (c *Organizations) DescribeCreateAccountStatusWithContext(ctx aws.Context, input *DescribeCreateAccountStatusInput, opts ...request.Option) (*DescribeCreateAccountStatusOutput, error) { 3944 req, out := c.DescribeCreateAccountStatusRequest(input) 3945 req.SetContext(ctx) 3946 req.ApplyOptions(opts...) 3947 return out, req.Send() 3948} 3949 3950const opDescribeEffectivePolicy = "DescribeEffectivePolicy" 3951 3952// DescribeEffectivePolicyRequest generates a "aws/request.Request" representing the 3953// client's request for the DescribeEffectivePolicy operation. The "output" return 3954// value will be populated with the request's response once the request completes 3955// successfully. 3956// 3957// Use "Send" method on the returned Request to send the API call to the service. 3958// the "output" return value is not valid until after Send returns without error. 3959// 3960// See DescribeEffectivePolicy for more information on using the DescribeEffectivePolicy 3961// API call, and error handling. 3962// 3963// This method is useful when you want to inject custom logic or configuration 3964// into the SDK's request lifecycle. Such as custom headers, or retry logic. 3965// 3966// 3967// // Example sending a request using the DescribeEffectivePolicyRequest method. 3968// req, resp := client.DescribeEffectivePolicyRequest(params) 3969// 3970// err := req.Send() 3971// if err == nil { // resp is now filled 3972// fmt.Println(resp) 3973// } 3974// 3975// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeEffectivePolicy 3976func (c *Organizations) DescribeEffectivePolicyRequest(input *DescribeEffectivePolicyInput) (req *request.Request, output *DescribeEffectivePolicyOutput) { 3977 op := &request.Operation{ 3978 Name: opDescribeEffectivePolicy, 3979 HTTPMethod: "POST", 3980 HTTPPath: "/", 3981 } 3982 3983 if input == nil { 3984 input = &DescribeEffectivePolicyInput{} 3985 } 3986 3987 output = &DescribeEffectivePolicyOutput{} 3988 req = c.newRequest(op, input, output) 3989 return 3990} 3991 3992// DescribeEffectivePolicy API operation for AWS Organizations. 3993// 3994// Returns the contents of the effective policy for specified policy type and 3995// account. The effective policy is the aggregation of any policies of the specified 3996// type that the account inherits, plus any policy of that type that is directly 3997// attached to the account. 3998// 3999// This operation applies only to policy types other than service control policies 4000// (SCPs). 4001// 4002// For more information about policy inheritance, see How Policy Inheritance 4003// Works (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies-inheritance.html) 4004// in the AWS Organizations User Guide. 4005// 4006// This operation can be called only from the organization's master account 4007// or by a member account that is a delegated administrator for an AWS service. 4008// 4009// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4010// with awserr.Error's Code and Message methods to get detailed information about 4011// the error. 4012// 4013// See the AWS API reference guide for AWS Organizations's 4014// API operation DescribeEffectivePolicy for usage and error information. 4015// 4016// Returned Error Types: 4017// * AccessDeniedException 4018// You don't have permissions to perform the requested operation. The user or 4019// role that is making the request must have at least one IAM permissions policy 4020// attached that grants the required permissions. For more information, see 4021// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 4022// in the IAM User Guide. 4023// 4024// * AWSOrganizationsNotInUseException 4025// Your account isn't a member of an organization. To make this request, you 4026// must use the credentials of an account that belongs to an organization. 4027// 4028// * ConstraintViolationException 4029// Performing this operation violates a minimum or maximum value limit. For 4030// example, attempting to remove the last service control policy (SCP) from 4031// an OU or root, inviting or creating too many accounts to the organization, 4032// or attaching too many policies to an account, OU, or root. This exception 4033// includes a reason that contains additional information about the violated 4034// limit: 4035// 4036// Some of the reasons in the following list might not be applicable to this 4037// specific API or operation. 4038// 4039// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master 4040// account from the organization. You can't remove the master account. Instead, 4041// after you remove all member accounts, delete the organization itself. 4042// 4043// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 4044// from the organization that doesn't yet have enough information to exist 4045// as a standalone account. This account requires you to first agree to the 4046// AWS Customer Agreement. Follow the steps at Removing a member account 4047// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 4048// the AWS Organizations User Guide. 4049// 4050// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 4051// an account from the organization that doesn't yet have enough information 4052// to exist as a standalone account. This account requires you to first complete 4053// phone verification. Follow the steps at Removing a member account from 4054// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 4055// in the AWS Organizations User Guide. 4056// 4057// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 4058// of accounts that you can create in one day. 4059// 4060// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 4061// the number of accounts in an organization. If you need more accounts, 4062// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 4063// request an increase in your limit. Or the number of invitations that you 4064// tried to send would cause you to exceed the limit of accounts in your 4065// organization. Send fewer invitations or contact AWS Support to request 4066// an increase in the number of accounts. Deleted and closed accounts still 4067// count toward your limit. If you get this exception when running a command 4068// immediately after creating the organization, wait one hour and try again. 4069// After an hour, if the command continues to fail with this error, contact 4070// AWS Support (https://console.aws.amazon.com/support/home#/). 4071// 4072// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 4073// register the master account of the organization as a delegated administrator 4074// for an AWS service integrated with Organizations. You can designate only 4075// a member account as a delegated administrator. 4076// 4077// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 4078// an account that is registered as a delegated administrator for a service 4079// integrated with your organization. To complete this operation, you must 4080// first deregister this account as a delegated administrator. 4081// 4082// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 4083// organization in the specified region, you must enable all features mode. 4084// 4085// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 4086// an AWS account as a delegated administrator for an AWS service that already 4087// has a delegated administrator. To complete this operation, you must first 4088// deregister any existing delegated administrators for this service. 4089// 4090// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 4091// valid for a limited period of time. You must resubmit the request and 4092// generate a new verfication code. 4093// 4094// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 4095// handshakes that you can send in one day. 4096// 4097// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 4098// in this organization, you first must migrate the organization's master 4099// account to the marketplace that corresponds to the master account's address. 4100// For example, accounts with India addresses must be associated with the 4101// AISPL marketplace. All accounts in an organization must be associated 4102// with the same marketplace. 4103// 4104// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 4105// in China. To create an organization, the master must have an valid business 4106// license. For more information, contact customer support. 4107// 4108// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 4109// must first provide a valid contact address and phone number for the master 4110// account. Then try the operation again. 4111// 4112// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 4113// master account must have an associated account in the AWS GovCloud (US-West) 4114// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 4115// in the AWS GovCloud User Guide. 4116// 4117// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 4118// with this master account, you first must associate a valid payment instrument, 4119// such as a credit card, with the account. Follow the steps at To leave 4120// an organization when all required account information has not yet been 4121// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 4122// in the AWS Organizations User Guide. 4123// 4124// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 4125// to register more delegated administrators than allowed for the service 4126// principal. 4127// 4128// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 4129// number of policies of a certain type that can be attached to an entity 4130// at one time. 4131// 4132// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 4133// on this resource. 4134// 4135// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 4136// with this member account, you first must associate a valid payment instrument, 4137// such as a credit card, with the account. Follow the steps at To leave 4138// an organization when all required account information has not yet been 4139// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 4140// in the AWS Organizations User Guide. 4141// 4142// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 4143// policy from an entity that would cause the entity to have fewer than the 4144// minimum number of policies of a certain type required. 4145// 4146// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 4147// that requires the organization to be configured to support all features. 4148// An organization that supports only consolidated billing features can't 4149// perform this operation. 4150// 4151// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 4152// too many levels deep. 4153// 4154// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 4155// that you can have in an organization. 4156// 4157// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 4158// is larger than the maximum size. 4159// 4160// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 4161// policies that you can have in an organization. 4162// 4163// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 4164// tags that are not compliant with the tag policy requirements for this 4165// account. 4166// 4167// * ServiceException 4168// AWS Organizations can't complete your request because of an internal service 4169// error. Try again later. 4170// 4171// * TooManyRequestsException 4172// You have sent too many requests in too short a period of time. The quota 4173// helps protect against denial-of-service attacks. Try again later. 4174// 4175// For information about quotas that affect AWS Organizations, see Quotas for 4176// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 4177// the AWS Organizations User Guide. 4178// 4179// * TargetNotFoundException 4180// We can't find a root, OU, or account with the TargetId that you specified. 4181// 4182// * EffectivePolicyNotFoundException 4183// If you ran this action on the master account, this policy type is not enabled. 4184// If you ran the action on a member account, the account doesn't have an effective 4185// policy of this type. Contact the administrator of your organization about 4186// attaching a policy of this type to the account. 4187// 4188// * InvalidInputException 4189// The requested operation failed because you provided invalid values for one 4190// or more of the request parameters. This exception includes a reason that 4191// contains additional information about the violated limit: 4192// 4193// Some of the reasons in the following list might not be applicable to this 4194// specific API or operation. 4195// 4196// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 4197// can't be modified. 4198// 4199// * INPUT_REQUIRED: You must include a value for all required parameters. 4200// 4201// * INVALID_ENUM: You specified an invalid value. 4202// 4203// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 4204// characters. 4205// 4206// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 4207// at least one invalid value. 4208// 4209// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 4210// from the response to a previous call of the operation. 4211// 4212// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 4213// organization, or email) as a party. 4214// 4215// * INVALID_PATTERN: You provided a value that doesn't match the required 4216// pattern. 4217// 4218// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 4219// match the required pattern. 4220// 4221// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 4222// name can't begin with the reserved prefix AWSServiceRoleFor. 4223// 4224// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 4225// Name (ARN) for the organization. 4226// 4227// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 4228// 4229// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 4230// tag. You can’t add, edit, or delete system tag keys because they're 4231// reserved for AWS use. System tags don’t count against your tags per 4232// resource limit. 4233// 4234// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 4235// for the operation. 4236// 4237// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 4238// than allowed. 4239// 4240// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 4241// value than allowed. 4242// 4243// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 4244// than allowed. 4245// 4246// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 4247// value than allowed. 4248// 4249// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 4250// between entities in the same root. 4251// 4252// * UnsupportedAPIEndpointException 4253// This action isn't available in the current AWS Region. 4254// 4255// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeEffectivePolicy 4256func (c *Organizations) DescribeEffectivePolicy(input *DescribeEffectivePolicyInput) (*DescribeEffectivePolicyOutput, error) { 4257 req, out := c.DescribeEffectivePolicyRequest(input) 4258 return out, req.Send() 4259} 4260 4261// DescribeEffectivePolicyWithContext is the same as DescribeEffectivePolicy with the addition of 4262// the ability to pass a context and additional request options. 4263// 4264// See DescribeEffectivePolicy for details on how to use this API operation. 4265// 4266// The context must be non-nil and will be used for request cancellation. If 4267// the context is nil a panic will occur. In the future the SDK may create 4268// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 4269// for more information on using Contexts. 4270func (c *Organizations) DescribeEffectivePolicyWithContext(ctx aws.Context, input *DescribeEffectivePolicyInput, opts ...request.Option) (*DescribeEffectivePolicyOutput, error) { 4271 req, out := c.DescribeEffectivePolicyRequest(input) 4272 req.SetContext(ctx) 4273 req.ApplyOptions(opts...) 4274 return out, req.Send() 4275} 4276 4277const opDescribeHandshake = "DescribeHandshake" 4278 4279// DescribeHandshakeRequest generates a "aws/request.Request" representing the 4280// client's request for the DescribeHandshake operation. The "output" return 4281// value will be populated with the request's response once the request completes 4282// successfully. 4283// 4284// Use "Send" method on the returned Request to send the API call to the service. 4285// the "output" return value is not valid until after Send returns without error. 4286// 4287// See DescribeHandshake for more information on using the DescribeHandshake 4288// API call, and error handling. 4289// 4290// This method is useful when you want to inject custom logic or configuration 4291// into the SDK's request lifecycle. Such as custom headers, or retry logic. 4292// 4293// 4294// // Example sending a request using the DescribeHandshakeRequest method. 4295// req, resp := client.DescribeHandshakeRequest(params) 4296// 4297// err := req.Send() 4298// if err == nil { // resp is now filled 4299// fmt.Println(resp) 4300// } 4301// 4302// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeHandshake 4303func (c *Organizations) DescribeHandshakeRequest(input *DescribeHandshakeInput) (req *request.Request, output *DescribeHandshakeOutput) { 4304 op := &request.Operation{ 4305 Name: opDescribeHandshake, 4306 HTTPMethod: "POST", 4307 HTTPPath: "/", 4308 } 4309 4310 if input == nil { 4311 input = &DescribeHandshakeInput{} 4312 } 4313 4314 output = &DescribeHandshakeOutput{} 4315 req = c.newRequest(op, input, output) 4316 return 4317} 4318 4319// DescribeHandshake API operation for AWS Organizations. 4320// 4321// Retrieves information about a previously requested handshake. The handshake 4322// ID comes from the response to the original InviteAccountToOrganization operation 4323// that generated the handshake. 4324// 4325// You can access handshakes that are ACCEPTED, DECLINED, or CANCELED for only 4326// 30 days after they change to that state. They're then deleted and no longer 4327// accessible. 4328// 4329// This operation can be called from any account in the organization. 4330// 4331// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4332// with awserr.Error's Code and Message methods to get detailed information about 4333// the error. 4334// 4335// See the AWS API reference guide for AWS Organizations's 4336// API operation DescribeHandshake for usage and error information. 4337// 4338// Returned Error Types: 4339// * AccessDeniedException 4340// You don't have permissions to perform the requested operation. The user or 4341// role that is making the request must have at least one IAM permissions policy 4342// attached that grants the required permissions. For more information, see 4343// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 4344// in the IAM User Guide. 4345// 4346// * ConcurrentModificationException 4347// The target of the operation is currently being modified by a different request. 4348// Try again later. 4349// 4350// * HandshakeNotFoundException 4351// We can't find a handshake with the HandshakeId that you specified. 4352// 4353// * InvalidInputException 4354// The requested operation failed because you provided invalid values for one 4355// or more of the request parameters. This exception includes a reason that 4356// contains additional information about the violated limit: 4357// 4358// Some of the reasons in the following list might not be applicable to this 4359// specific API or operation. 4360// 4361// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 4362// can't be modified. 4363// 4364// * INPUT_REQUIRED: You must include a value for all required parameters. 4365// 4366// * INVALID_ENUM: You specified an invalid value. 4367// 4368// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 4369// characters. 4370// 4371// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 4372// at least one invalid value. 4373// 4374// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 4375// from the response to a previous call of the operation. 4376// 4377// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 4378// organization, or email) as a party. 4379// 4380// * INVALID_PATTERN: You provided a value that doesn't match the required 4381// pattern. 4382// 4383// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 4384// match the required pattern. 4385// 4386// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 4387// name can't begin with the reserved prefix AWSServiceRoleFor. 4388// 4389// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 4390// Name (ARN) for the organization. 4391// 4392// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 4393// 4394// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 4395// tag. You can’t add, edit, or delete system tag keys because they're 4396// reserved for AWS use. System tags don’t count against your tags per 4397// resource limit. 4398// 4399// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 4400// for the operation. 4401// 4402// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 4403// than allowed. 4404// 4405// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 4406// value than allowed. 4407// 4408// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 4409// than allowed. 4410// 4411// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 4412// value than allowed. 4413// 4414// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 4415// between entities in the same root. 4416// 4417// * ServiceException 4418// AWS Organizations can't complete your request because of an internal service 4419// error. Try again later. 4420// 4421// * TooManyRequestsException 4422// You have sent too many requests in too short a period of time. The quota 4423// helps protect against denial-of-service attacks. Try again later. 4424// 4425// For information about quotas that affect AWS Organizations, see Quotas for 4426// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 4427// the AWS Organizations User Guide. 4428// 4429// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeHandshake 4430func (c *Organizations) DescribeHandshake(input *DescribeHandshakeInput) (*DescribeHandshakeOutput, error) { 4431 req, out := c.DescribeHandshakeRequest(input) 4432 return out, req.Send() 4433} 4434 4435// DescribeHandshakeWithContext is the same as DescribeHandshake with the addition of 4436// the ability to pass a context and additional request options. 4437// 4438// See DescribeHandshake for details on how to use this API operation. 4439// 4440// The context must be non-nil and will be used for request cancellation. If 4441// the context is nil a panic will occur. In the future the SDK may create 4442// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 4443// for more information on using Contexts. 4444func (c *Organizations) DescribeHandshakeWithContext(ctx aws.Context, input *DescribeHandshakeInput, opts ...request.Option) (*DescribeHandshakeOutput, error) { 4445 req, out := c.DescribeHandshakeRequest(input) 4446 req.SetContext(ctx) 4447 req.ApplyOptions(opts...) 4448 return out, req.Send() 4449} 4450 4451const opDescribeOrganization = "DescribeOrganization" 4452 4453// DescribeOrganizationRequest generates a "aws/request.Request" representing the 4454// client's request for the DescribeOrganization operation. The "output" return 4455// value will be populated with the request's response once the request completes 4456// successfully. 4457// 4458// Use "Send" method on the returned Request to send the API call to the service. 4459// the "output" return value is not valid until after Send returns without error. 4460// 4461// See DescribeOrganization for more information on using the DescribeOrganization 4462// API call, and error handling. 4463// 4464// This method is useful when you want to inject custom logic or configuration 4465// into the SDK's request lifecycle. Such as custom headers, or retry logic. 4466// 4467// 4468// // Example sending a request using the DescribeOrganizationRequest method. 4469// req, resp := client.DescribeOrganizationRequest(params) 4470// 4471// err := req.Send() 4472// if err == nil { // resp is now filled 4473// fmt.Println(resp) 4474// } 4475// 4476// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganization 4477func (c *Organizations) DescribeOrganizationRequest(input *DescribeOrganizationInput) (req *request.Request, output *DescribeOrganizationOutput) { 4478 op := &request.Operation{ 4479 Name: opDescribeOrganization, 4480 HTTPMethod: "POST", 4481 HTTPPath: "/", 4482 } 4483 4484 if input == nil { 4485 input = &DescribeOrganizationInput{} 4486 } 4487 4488 output = &DescribeOrganizationOutput{} 4489 req = c.newRequest(op, input, output) 4490 return 4491} 4492 4493// DescribeOrganization API operation for AWS Organizations. 4494// 4495// Retrieves information about the organization that the user's account belongs 4496// to. 4497// 4498// This operation can be called from any account in the organization. 4499// 4500// Even if a policy type is shown as available in the organization, you can 4501// disable it separately at the root level with DisablePolicyType. Use ListRoots 4502// to see the status of policy types for a specified root. 4503// 4504// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4505// with awserr.Error's Code and Message methods to get detailed information about 4506// the error. 4507// 4508// See the AWS API reference guide for AWS Organizations's 4509// API operation DescribeOrganization for usage and error information. 4510// 4511// Returned Error Types: 4512// * AccessDeniedException 4513// You don't have permissions to perform the requested operation. The user or 4514// role that is making the request must have at least one IAM permissions policy 4515// attached that grants the required permissions. For more information, see 4516// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 4517// in the IAM User Guide. 4518// 4519// * AWSOrganizationsNotInUseException 4520// Your account isn't a member of an organization. To make this request, you 4521// must use the credentials of an account that belongs to an organization. 4522// 4523// * ConcurrentModificationException 4524// The target of the operation is currently being modified by a different request. 4525// Try again later. 4526// 4527// * ServiceException 4528// AWS Organizations can't complete your request because of an internal service 4529// error. Try again later. 4530// 4531// * TooManyRequestsException 4532// You have sent too many requests in too short a period of time. The quota 4533// helps protect against denial-of-service attacks. Try again later. 4534// 4535// For information about quotas that affect AWS Organizations, see Quotas for 4536// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 4537// the AWS Organizations User Guide. 4538// 4539// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganization 4540func (c *Organizations) DescribeOrganization(input *DescribeOrganizationInput) (*DescribeOrganizationOutput, error) { 4541 req, out := c.DescribeOrganizationRequest(input) 4542 return out, req.Send() 4543} 4544 4545// DescribeOrganizationWithContext is the same as DescribeOrganization with the addition of 4546// the ability to pass a context and additional request options. 4547// 4548// See DescribeOrganization for details on how to use this API operation. 4549// 4550// The context must be non-nil and will be used for request cancellation. If 4551// the context is nil a panic will occur. In the future the SDK may create 4552// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 4553// for more information on using Contexts. 4554func (c *Organizations) DescribeOrganizationWithContext(ctx aws.Context, input *DescribeOrganizationInput, opts ...request.Option) (*DescribeOrganizationOutput, error) { 4555 req, out := c.DescribeOrganizationRequest(input) 4556 req.SetContext(ctx) 4557 req.ApplyOptions(opts...) 4558 return out, req.Send() 4559} 4560 4561const opDescribeOrganizationalUnit = "DescribeOrganizationalUnit" 4562 4563// DescribeOrganizationalUnitRequest generates a "aws/request.Request" representing the 4564// client's request for the DescribeOrganizationalUnit operation. The "output" return 4565// value will be populated with the request's response once the request completes 4566// successfully. 4567// 4568// Use "Send" method on the returned Request to send the API call to the service. 4569// the "output" return value is not valid until after Send returns without error. 4570// 4571// See DescribeOrganizationalUnit for more information on using the DescribeOrganizationalUnit 4572// API call, and error handling. 4573// 4574// This method is useful when you want to inject custom logic or configuration 4575// into the SDK's request lifecycle. Such as custom headers, or retry logic. 4576// 4577// 4578// // Example sending a request using the DescribeOrganizationalUnitRequest method. 4579// req, resp := client.DescribeOrganizationalUnitRequest(params) 4580// 4581// err := req.Send() 4582// if err == nil { // resp is now filled 4583// fmt.Println(resp) 4584// } 4585// 4586// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationalUnit 4587func (c *Organizations) DescribeOrganizationalUnitRequest(input *DescribeOrganizationalUnitInput) (req *request.Request, output *DescribeOrganizationalUnitOutput) { 4588 op := &request.Operation{ 4589 Name: opDescribeOrganizationalUnit, 4590 HTTPMethod: "POST", 4591 HTTPPath: "/", 4592 } 4593 4594 if input == nil { 4595 input = &DescribeOrganizationalUnitInput{} 4596 } 4597 4598 output = &DescribeOrganizationalUnitOutput{} 4599 req = c.newRequest(op, input, output) 4600 return 4601} 4602 4603// DescribeOrganizationalUnit API operation for AWS Organizations. 4604// 4605// Retrieves information about an organizational unit (OU). 4606// 4607// This operation can be called only from the organization's master account 4608// or by a member account that is a delegated administrator for an AWS service. 4609// 4610// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4611// with awserr.Error's Code and Message methods to get detailed information about 4612// the error. 4613// 4614// See the AWS API reference guide for AWS Organizations's 4615// API operation DescribeOrganizationalUnit for usage and error information. 4616// 4617// Returned Error Types: 4618// * AccessDeniedException 4619// You don't have permissions to perform the requested operation. The user or 4620// role that is making the request must have at least one IAM permissions policy 4621// attached that grants the required permissions. For more information, see 4622// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 4623// in the IAM User Guide. 4624// 4625// * AWSOrganizationsNotInUseException 4626// Your account isn't a member of an organization. To make this request, you 4627// must use the credentials of an account that belongs to an organization. 4628// 4629// * InvalidInputException 4630// The requested operation failed because you provided invalid values for one 4631// or more of the request parameters. This exception includes a reason that 4632// contains additional information about the violated limit: 4633// 4634// Some of the reasons in the following list might not be applicable to this 4635// specific API or operation. 4636// 4637// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 4638// can't be modified. 4639// 4640// * INPUT_REQUIRED: You must include a value for all required parameters. 4641// 4642// * INVALID_ENUM: You specified an invalid value. 4643// 4644// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 4645// characters. 4646// 4647// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 4648// at least one invalid value. 4649// 4650// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 4651// from the response to a previous call of the operation. 4652// 4653// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 4654// organization, or email) as a party. 4655// 4656// * INVALID_PATTERN: You provided a value that doesn't match the required 4657// pattern. 4658// 4659// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 4660// match the required pattern. 4661// 4662// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 4663// name can't begin with the reserved prefix AWSServiceRoleFor. 4664// 4665// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 4666// Name (ARN) for the organization. 4667// 4668// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 4669// 4670// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 4671// tag. You can’t add, edit, or delete system tag keys because they're 4672// reserved for AWS use. System tags don’t count against your tags per 4673// resource limit. 4674// 4675// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 4676// for the operation. 4677// 4678// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 4679// than allowed. 4680// 4681// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 4682// value than allowed. 4683// 4684// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 4685// than allowed. 4686// 4687// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 4688// value than allowed. 4689// 4690// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 4691// between entities in the same root. 4692// 4693// * OrganizationalUnitNotFoundException 4694// We can't find an OU with the OrganizationalUnitId that you specified. 4695// 4696// * ServiceException 4697// AWS Organizations can't complete your request because of an internal service 4698// error. Try again later. 4699// 4700// * TooManyRequestsException 4701// You have sent too many requests in too short a period of time. The quota 4702// helps protect against denial-of-service attacks. Try again later. 4703// 4704// For information about quotas that affect AWS Organizations, see Quotas for 4705// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 4706// the AWS Organizations User Guide. 4707// 4708// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationalUnit 4709func (c *Organizations) DescribeOrganizationalUnit(input *DescribeOrganizationalUnitInput) (*DescribeOrganizationalUnitOutput, error) { 4710 req, out := c.DescribeOrganizationalUnitRequest(input) 4711 return out, req.Send() 4712} 4713 4714// DescribeOrganizationalUnitWithContext is the same as DescribeOrganizationalUnit with the addition of 4715// the ability to pass a context and additional request options. 4716// 4717// See DescribeOrganizationalUnit for details on how to use this API operation. 4718// 4719// The context must be non-nil and will be used for request cancellation. If 4720// the context is nil a panic will occur. In the future the SDK may create 4721// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 4722// for more information on using Contexts. 4723func (c *Organizations) DescribeOrganizationalUnitWithContext(ctx aws.Context, input *DescribeOrganizationalUnitInput, opts ...request.Option) (*DescribeOrganizationalUnitOutput, error) { 4724 req, out := c.DescribeOrganizationalUnitRequest(input) 4725 req.SetContext(ctx) 4726 req.ApplyOptions(opts...) 4727 return out, req.Send() 4728} 4729 4730const opDescribePolicy = "DescribePolicy" 4731 4732// DescribePolicyRequest generates a "aws/request.Request" representing the 4733// client's request for the DescribePolicy operation. The "output" return 4734// value will be populated with the request's response once the request completes 4735// successfully. 4736// 4737// Use "Send" method on the returned Request to send the API call to the service. 4738// the "output" return value is not valid until after Send returns without error. 4739// 4740// See DescribePolicy for more information on using the DescribePolicy 4741// API call, and error handling. 4742// 4743// This method is useful when you want to inject custom logic or configuration 4744// into the SDK's request lifecycle. Such as custom headers, or retry logic. 4745// 4746// 4747// // Example sending a request using the DescribePolicyRequest method. 4748// req, resp := client.DescribePolicyRequest(params) 4749// 4750// err := req.Send() 4751// if err == nil { // resp is now filled 4752// fmt.Println(resp) 4753// } 4754// 4755// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribePolicy 4756func (c *Organizations) DescribePolicyRequest(input *DescribePolicyInput) (req *request.Request, output *DescribePolicyOutput) { 4757 op := &request.Operation{ 4758 Name: opDescribePolicy, 4759 HTTPMethod: "POST", 4760 HTTPPath: "/", 4761 } 4762 4763 if input == nil { 4764 input = &DescribePolicyInput{} 4765 } 4766 4767 output = &DescribePolicyOutput{} 4768 req = c.newRequest(op, input, output) 4769 return 4770} 4771 4772// DescribePolicy API operation for AWS Organizations. 4773// 4774// Retrieves information about a policy. 4775// 4776// This operation can be called only from the organization's master account 4777// or by a member account that is a delegated administrator for an AWS service. 4778// 4779// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4780// with awserr.Error's Code and Message methods to get detailed information about 4781// the error. 4782// 4783// See the AWS API reference guide for AWS Organizations's 4784// API operation DescribePolicy for usage and error information. 4785// 4786// Returned Error Types: 4787// * AccessDeniedException 4788// You don't have permissions to perform the requested operation. The user or 4789// role that is making the request must have at least one IAM permissions policy 4790// attached that grants the required permissions. For more information, see 4791// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 4792// in the IAM User Guide. 4793// 4794// * AWSOrganizationsNotInUseException 4795// Your account isn't a member of an organization. To make this request, you 4796// must use the credentials of an account that belongs to an organization. 4797// 4798// * InvalidInputException 4799// The requested operation failed because you provided invalid values for one 4800// or more of the request parameters. This exception includes a reason that 4801// contains additional information about the violated limit: 4802// 4803// Some of the reasons in the following list might not be applicable to this 4804// specific API or operation. 4805// 4806// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 4807// can't be modified. 4808// 4809// * INPUT_REQUIRED: You must include a value for all required parameters. 4810// 4811// * INVALID_ENUM: You specified an invalid value. 4812// 4813// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 4814// characters. 4815// 4816// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 4817// at least one invalid value. 4818// 4819// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 4820// from the response to a previous call of the operation. 4821// 4822// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 4823// organization, or email) as a party. 4824// 4825// * INVALID_PATTERN: You provided a value that doesn't match the required 4826// pattern. 4827// 4828// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 4829// match the required pattern. 4830// 4831// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 4832// name can't begin with the reserved prefix AWSServiceRoleFor. 4833// 4834// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 4835// Name (ARN) for the organization. 4836// 4837// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 4838// 4839// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 4840// tag. You can’t add, edit, or delete system tag keys because they're 4841// reserved for AWS use. System tags don’t count against your tags per 4842// resource limit. 4843// 4844// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 4845// for the operation. 4846// 4847// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 4848// than allowed. 4849// 4850// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 4851// value than allowed. 4852// 4853// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 4854// than allowed. 4855// 4856// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 4857// value than allowed. 4858// 4859// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 4860// between entities in the same root. 4861// 4862// * PolicyNotFoundException 4863// We can't find a policy with the PolicyId that you specified. 4864// 4865// * ServiceException 4866// AWS Organizations can't complete your request because of an internal service 4867// error. Try again later. 4868// 4869// * TooManyRequestsException 4870// You have sent too many requests in too short a period of time. The quota 4871// helps protect against denial-of-service attacks. Try again later. 4872// 4873// For information about quotas that affect AWS Organizations, see Quotas for 4874// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 4875// the AWS Organizations User Guide. 4876// 4877// * UnsupportedAPIEndpointException 4878// This action isn't available in the current AWS Region. 4879// 4880// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribePolicy 4881func (c *Organizations) DescribePolicy(input *DescribePolicyInput) (*DescribePolicyOutput, error) { 4882 req, out := c.DescribePolicyRequest(input) 4883 return out, req.Send() 4884} 4885 4886// DescribePolicyWithContext is the same as DescribePolicy with the addition of 4887// the ability to pass a context and additional request options. 4888// 4889// See DescribePolicy for details on how to use this API operation. 4890// 4891// The context must be non-nil and will be used for request cancellation. If 4892// the context is nil a panic will occur. In the future the SDK may create 4893// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 4894// for more information on using Contexts. 4895func (c *Organizations) DescribePolicyWithContext(ctx aws.Context, input *DescribePolicyInput, opts ...request.Option) (*DescribePolicyOutput, error) { 4896 req, out := c.DescribePolicyRequest(input) 4897 req.SetContext(ctx) 4898 req.ApplyOptions(opts...) 4899 return out, req.Send() 4900} 4901 4902const opDetachPolicy = "DetachPolicy" 4903 4904// DetachPolicyRequest generates a "aws/request.Request" representing the 4905// client's request for the DetachPolicy operation. The "output" return 4906// value will be populated with the request's response once the request completes 4907// successfully. 4908// 4909// Use "Send" method on the returned Request to send the API call to the service. 4910// the "output" return value is not valid until after Send returns without error. 4911// 4912// See DetachPolicy for more information on using the DetachPolicy 4913// API call, and error handling. 4914// 4915// This method is useful when you want to inject custom logic or configuration 4916// into the SDK's request lifecycle. Such as custom headers, or retry logic. 4917// 4918// 4919// // Example sending a request using the DetachPolicyRequest method. 4920// req, resp := client.DetachPolicyRequest(params) 4921// 4922// err := req.Send() 4923// if err == nil { // resp is now filled 4924// fmt.Println(resp) 4925// } 4926// 4927// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DetachPolicy 4928func (c *Organizations) DetachPolicyRequest(input *DetachPolicyInput) (req *request.Request, output *DetachPolicyOutput) { 4929 op := &request.Operation{ 4930 Name: opDetachPolicy, 4931 HTTPMethod: "POST", 4932 HTTPPath: "/", 4933 } 4934 4935 if input == nil { 4936 input = &DetachPolicyInput{} 4937 } 4938 4939 output = &DetachPolicyOutput{} 4940 req = c.newRequest(op, input, output) 4941 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 4942 return 4943} 4944 4945// DetachPolicy API operation for AWS Organizations. 4946// 4947// Detaches a policy from a target root, organizational unit (OU), or account. 4948// 4949// If the policy being detached is a service control policy (SCP), the changes 4950// to permissions for AWS Identity and Access Management (IAM) users and roles 4951// in affected accounts are immediate. 4952// 4953// Every root, OU, and account must have at least one SCP attached. If you want 4954// to replace the default FullAWSAccess policy with an SCP that limits the permissions 4955// that can be delegated, you must attach the replacement SCP before you can 4956// remove the default SCP. This is the authorization strategy of an "allow list 4957// (https://docs.aws.amazon.com/organizations/latest/userguide/SCP_strategies.html#orgs_policies_allowlist)". 4958// If you instead attach a second SCP and leave the FullAWSAccess SCP still 4959// attached, and specify "Effect": "Deny" in the second SCP to override the 4960// "Effect": "Allow" in the FullAWSAccess policy (or any other attached SCP), 4961// you're using the authorization strategy of a "deny list (https://docs.aws.amazon.com/organizations/latest/userguide/SCP_strategies.html#orgs_policies_denylist)". 4962// 4963// This operation can be called only from the organization's master account. 4964// 4965// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4966// with awserr.Error's Code and Message methods to get detailed information about 4967// the error. 4968// 4969// See the AWS API reference guide for AWS Organizations's 4970// API operation DetachPolicy for usage and error information. 4971// 4972// Returned Error Types: 4973// * AccessDeniedException 4974// You don't have permissions to perform the requested operation. The user or 4975// role that is making the request must have at least one IAM permissions policy 4976// attached that grants the required permissions. For more information, see 4977// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 4978// in the IAM User Guide. 4979// 4980// * AWSOrganizationsNotInUseException 4981// Your account isn't a member of an organization. To make this request, you 4982// must use the credentials of an account that belongs to an organization. 4983// 4984// * ConcurrentModificationException 4985// The target of the operation is currently being modified by a different request. 4986// Try again later. 4987// 4988// * ConstraintViolationException 4989// Performing this operation violates a minimum or maximum value limit. For 4990// example, attempting to remove the last service control policy (SCP) from 4991// an OU or root, inviting or creating too many accounts to the organization, 4992// or attaching too many policies to an account, OU, or root. This exception 4993// includes a reason that contains additional information about the violated 4994// limit: 4995// 4996// Some of the reasons in the following list might not be applicable to this 4997// specific API or operation. 4998// 4999// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master 5000// account from the organization. You can't remove the master account. Instead, 5001// after you remove all member accounts, delete the organization itself. 5002// 5003// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 5004// from the organization that doesn't yet have enough information to exist 5005// as a standalone account. This account requires you to first agree to the 5006// AWS Customer Agreement. Follow the steps at Removing a member account 5007// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 5008// the AWS Organizations User Guide. 5009// 5010// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 5011// an account from the organization that doesn't yet have enough information 5012// to exist as a standalone account. This account requires you to first complete 5013// phone verification. Follow the steps at Removing a member account from 5014// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 5015// in the AWS Organizations User Guide. 5016// 5017// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 5018// of accounts that you can create in one day. 5019// 5020// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 5021// the number of accounts in an organization. If you need more accounts, 5022// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 5023// request an increase in your limit. Or the number of invitations that you 5024// tried to send would cause you to exceed the limit of accounts in your 5025// organization. Send fewer invitations or contact AWS Support to request 5026// an increase in the number of accounts. Deleted and closed accounts still 5027// count toward your limit. If you get this exception when running a command 5028// immediately after creating the organization, wait one hour and try again. 5029// After an hour, if the command continues to fail with this error, contact 5030// AWS Support (https://console.aws.amazon.com/support/home#/). 5031// 5032// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 5033// register the master account of the organization as a delegated administrator 5034// for an AWS service integrated with Organizations. You can designate only 5035// a member account as a delegated administrator. 5036// 5037// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 5038// an account that is registered as a delegated administrator for a service 5039// integrated with your organization. To complete this operation, you must 5040// first deregister this account as a delegated administrator. 5041// 5042// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 5043// organization in the specified region, you must enable all features mode. 5044// 5045// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 5046// an AWS account as a delegated administrator for an AWS service that already 5047// has a delegated administrator. To complete this operation, you must first 5048// deregister any existing delegated administrators for this service. 5049// 5050// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 5051// valid for a limited period of time. You must resubmit the request and 5052// generate a new verfication code. 5053// 5054// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 5055// handshakes that you can send in one day. 5056// 5057// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 5058// in this organization, you first must migrate the organization's master 5059// account to the marketplace that corresponds to the master account's address. 5060// For example, accounts with India addresses must be associated with the 5061// AISPL marketplace. All accounts in an organization must be associated 5062// with the same marketplace. 5063// 5064// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 5065// in China. To create an organization, the master must have an valid business 5066// license. For more information, contact customer support. 5067// 5068// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 5069// must first provide a valid contact address and phone number for the master 5070// account. Then try the operation again. 5071// 5072// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 5073// master account must have an associated account in the AWS GovCloud (US-West) 5074// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 5075// in the AWS GovCloud User Guide. 5076// 5077// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 5078// with this master account, you first must associate a valid payment instrument, 5079// such as a credit card, with the account. Follow the steps at To leave 5080// an organization when all required account information has not yet been 5081// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 5082// in the AWS Organizations User Guide. 5083// 5084// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 5085// to register more delegated administrators than allowed for the service 5086// principal. 5087// 5088// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 5089// number of policies of a certain type that can be attached to an entity 5090// at one time. 5091// 5092// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 5093// on this resource. 5094// 5095// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 5096// with this member account, you first must associate a valid payment instrument, 5097// such as a credit card, with the account. Follow the steps at To leave 5098// an organization when all required account information has not yet been 5099// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 5100// in the AWS Organizations User Guide. 5101// 5102// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 5103// policy from an entity that would cause the entity to have fewer than the 5104// minimum number of policies of a certain type required. 5105// 5106// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 5107// that requires the organization to be configured to support all features. 5108// An organization that supports only consolidated billing features can't 5109// perform this operation. 5110// 5111// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 5112// too many levels deep. 5113// 5114// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 5115// that you can have in an organization. 5116// 5117// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 5118// is larger than the maximum size. 5119// 5120// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 5121// policies that you can have in an organization. 5122// 5123// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 5124// tags that are not compliant with the tag policy requirements for this 5125// account. 5126// 5127// * InvalidInputException 5128// The requested operation failed because you provided invalid values for one 5129// or more of the request parameters. This exception includes a reason that 5130// contains additional information about the violated limit: 5131// 5132// Some of the reasons in the following list might not be applicable to this 5133// specific API or operation. 5134// 5135// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 5136// can't be modified. 5137// 5138// * INPUT_REQUIRED: You must include a value for all required parameters. 5139// 5140// * INVALID_ENUM: You specified an invalid value. 5141// 5142// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 5143// characters. 5144// 5145// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 5146// at least one invalid value. 5147// 5148// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 5149// from the response to a previous call of the operation. 5150// 5151// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 5152// organization, or email) as a party. 5153// 5154// * INVALID_PATTERN: You provided a value that doesn't match the required 5155// pattern. 5156// 5157// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 5158// match the required pattern. 5159// 5160// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 5161// name can't begin with the reserved prefix AWSServiceRoleFor. 5162// 5163// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 5164// Name (ARN) for the organization. 5165// 5166// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 5167// 5168// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 5169// tag. You can’t add, edit, or delete system tag keys because they're 5170// reserved for AWS use. System tags don’t count against your tags per 5171// resource limit. 5172// 5173// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 5174// for the operation. 5175// 5176// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 5177// than allowed. 5178// 5179// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 5180// value than allowed. 5181// 5182// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 5183// than allowed. 5184// 5185// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 5186// value than allowed. 5187// 5188// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 5189// between entities in the same root. 5190// 5191// * PolicyNotAttachedException 5192// The policy isn't attached to the specified target in the specified root. 5193// 5194// * PolicyNotFoundException 5195// We can't find a policy with the PolicyId that you specified. 5196// 5197// * ServiceException 5198// AWS Organizations can't complete your request because of an internal service 5199// error. Try again later. 5200// 5201// * TargetNotFoundException 5202// We can't find a root, OU, or account with the TargetId that you specified. 5203// 5204// * TooManyRequestsException 5205// You have sent too many requests in too short a period of time. The quota 5206// helps protect against denial-of-service attacks. Try again later. 5207// 5208// For information about quotas that affect AWS Organizations, see Quotas for 5209// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 5210// the AWS Organizations User Guide. 5211// 5212// * UnsupportedAPIEndpointException 5213// This action isn't available in the current AWS Region. 5214// 5215// * PolicyChangesInProgressException 5216// Changes to the effective policy are in progress, and its contents can't be 5217// returned. Try the operation again later. 5218// 5219// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DetachPolicy 5220func (c *Organizations) DetachPolicy(input *DetachPolicyInput) (*DetachPolicyOutput, error) { 5221 req, out := c.DetachPolicyRequest(input) 5222 return out, req.Send() 5223} 5224 5225// DetachPolicyWithContext is the same as DetachPolicy with the addition of 5226// the ability to pass a context and additional request options. 5227// 5228// See DetachPolicy for details on how to use this API operation. 5229// 5230// The context must be non-nil and will be used for request cancellation. If 5231// the context is nil a panic will occur. In the future the SDK may create 5232// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 5233// for more information on using Contexts. 5234func (c *Organizations) DetachPolicyWithContext(ctx aws.Context, input *DetachPolicyInput, opts ...request.Option) (*DetachPolicyOutput, error) { 5235 req, out := c.DetachPolicyRequest(input) 5236 req.SetContext(ctx) 5237 req.ApplyOptions(opts...) 5238 return out, req.Send() 5239} 5240 5241const opDisableAWSServiceAccess = "DisableAWSServiceAccess" 5242 5243// DisableAWSServiceAccessRequest generates a "aws/request.Request" representing the 5244// client's request for the DisableAWSServiceAccess operation. The "output" return 5245// value will be populated with the request's response once the request completes 5246// successfully. 5247// 5248// Use "Send" method on the returned Request to send the API call to the service. 5249// the "output" return value is not valid until after Send returns without error. 5250// 5251// See DisableAWSServiceAccess for more information on using the DisableAWSServiceAccess 5252// API call, and error handling. 5253// 5254// This method is useful when you want to inject custom logic or configuration 5255// into the SDK's request lifecycle. Such as custom headers, or retry logic. 5256// 5257// 5258// // Example sending a request using the DisableAWSServiceAccessRequest method. 5259// req, resp := client.DisableAWSServiceAccessRequest(params) 5260// 5261// err := req.Send() 5262// if err == nil { // resp is now filled 5263// fmt.Println(resp) 5264// } 5265// 5266// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisableAWSServiceAccess 5267func (c *Organizations) DisableAWSServiceAccessRequest(input *DisableAWSServiceAccessInput) (req *request.Request, output *DisableAWSServiceAccessOutput) { 5268 op := &request.Operation{ 5269 Name: opDisableAWSServiceAccess, 5270 HTTPMethod: "POST", 5271 HTTPPath: "/", 5272 } 5273 5274 if input == nil { 5275 input = &DisableAWSServiceAccessInput{} 5276 } 5277 5278 output = &DisableAWSServiceAccessOutput{} 5279 req = c.newRequest(op, input, output) 5280 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 5281 return 5282} 5283 5284// DisableAWSServiceAccess API operation for AWS Organizations. 5285// 5286// Disables the integration of an AWS service (the service that is specified 5287// by ServicePrincipal) with AWS Organizations. When you disable integration, 5288// the specified service no longer can create a service-linked role (http://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html) 5289// in new accounts in your organization. This means the service can't perform 5290// operations on your behalf on any new accounts in your organization. The service 5291// can still perform operations in older accounts until the service completes 5292// its clean-up from AWS Organizations. 5293// 5294// We recommend that you disable integration between AWS Organizations and the 5295// specified AWS service by using the console or commands that are provided 5296// by the specified service. Doing so ensures that the other service is aware 5297// that it can clean up any resources that are required only for the integration. 5298// How the service cleans up its resources in the organization's accounts depends 5299// on that service. For more information, see the documentation for the other 5300// AWS service. 5301// 5302// After you perform the DisableAWSServiceAccess operation, the specified service 5303// can no longer perform operations in your organization's accounts unless the 5304// operations are explicitly permitted by the IAM policies that are attached 5305// to your roles. 5306// 5307// For more information about integrating other services with AWS Organizations, 5308// including the list of services that work with Organizations, see Integrating 5309// AWS Organizations with Other AWS Services (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html) 5310// in the AWS Organizations User Guide. 5311// 5312// This operation can be called only from the organization's master account. 5313// 5314// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 5315// with awserr.Error's Code and Message methods to get detailed information about 5316// the error. 5317// 5318// See the AWS API reference guide for AWS Organizations's 5319// API operation DisableAWSServiceAccess for usage and error information. 5320// 5321// Returned Error Types: 5322// * AccessDeniedException 5323// You don't have permissions to perform the requested operation. The user or 5324// role that is making the request must have at least one IAM permissions policy 5325// attached that grants the required permissions. For more information, see 5326// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 5327// in the IAM User Guide. 5328// 5329// * AWSOrganizationsNotInUseException 5330// Your account isn't a member of an organization. To make this request, you 5331// must use the credentials of an account that belongs to an organization. 5332// 5333// * ConcurrentModificationException 5334// The target of the operation is currently being modified by a different request. 5335// Try again later. 5336// 5337// * ConstraintViolationException 5338// Performing this operation violates a minimum or maximum value limit. For 5339// example, attempting to remove the last service control policy (SCP) from 5340// an OU or root, inviting or creating too many accounts to the organization, 5341// or attaching too many policies to an account, OU, or root. This exception 5342// includes a reason that contains additional information about the violated 5343// limit: 5344// 5345// Some of the reasons in the following list might not be applicable to this 5346// specific API or operation. 5347// 5348// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master 5349// account from the organization. You can't remove the master account. Instead, 5350// after you remove all member accounts, delete the organization itself. 5351// 5352// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 5353// from the organization that doesn't yet have enough information to exist 5354// as a standalone account. This account requires you to first agree to the 5355// AWS Customer Agreement. Follow the steps at Removing a member account 5356// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 5357// the AWS Organizations User Guide. 5358// 5359// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 5360// an account from the organization that doesn't yet have enough information 5361// to exist as a standalone account. This account requires you to first complete 5362// phone verification. Follow the steps at Removing a member account from 5363// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 5364// in the AWS Organizations User Guide. 5365// 5366// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 5367// of accounts that you can create in one day. 5368// 5369// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 5370// the number of accounts in an organization. If you need more accounts, 5371// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 5372// request an increase in your limit. Or the number of invitations that you 5373// tried to send would cause you to exceed the limit of accounts in your 5374// organization. Send fewer invitations or contact AWS Support to request 5375// an increase in the number of accounts. Deleted and closed accounts still 5376// count toward your limit. If you get this exception when running a command 5377// immediately after creating the organization, wait one hour and try again. 5378// After an hour, if the command continues to fail with this error, contact 5379// AWS Support (https://console.aws.amazon.com/support/home#/). 5380// 5381// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 5382// register the master account of the organization as a delegated administrator 5383// for an AWS service integrated with Organizations. You can designate only 5384// a member account as a delegated administrator. 5385// 5386// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 5387// an account that is registered as a delegated administrator for a service 5388// integrated with your organization. To complete this operation, you must 5389// first deregister this account as a delegated administrator. 5390// 5391// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 5392// organization in the specified region, you must enable all features mode. 5393// 5394// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 5395// an AWS account as a delegated administrator for an AWS service that already 5396// has a delegated administrator. To complete this operation, you must first 5397// deregister any existing delegated administrators for this service. 5398// 5399// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 5400// valid for a limited period of time. You must resubmit the request and 5401// generate a new verfication code. 5402// 5403// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 5404// handshakes that you can send in one day. 5405// 5406// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 5407// in this organization, you first must migrate the organization's master 5408// account to the marketplace that corresponds to the master account's address. 5409// For example, accounts with India addresses must be associated with the 5410// AISPL marketplace. All accounts in an organization must be associated 5411// with the same marketplace. 5412// 5413// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 5414// in China. To create an organization, the master must have an valid business 5415// license. For more information, contact customer support. 5416// 5417// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 5418// must first provide a valid contact address and phone number for the master 5419// account. Then try the operation again. 5420// 5421// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 5422// master account must have an associated account in the AWS GovCloud (US-West) 5423// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 5424// in the AWS GovCloud User Guide. 5425// 5426// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 5427// with this master account, you first must associate a valid payment instrument, 5428// such as a credit card, with the account. Follow the steps at To leave 5429// an organization when all required account information has not yet been 5430// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 5431// in the AWS Organizations User Guide. 5432// 5433// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 5434// to register more delegated administrators than allowed for the service 5435// principal. 5436// 5437// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 5438// number of policies of a certain type that can be attached to an entity 5439// at one time. 5440// 5441// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 5442// on this resource. 5443// 5444// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 5445// with this member account, you first must associate a valid payment instrument, 5446// such as a credit card, with the account. Follow the steps at To leave 5447// an organization when all required account information has not yet been 5448// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 5449// in the AWS Organizations User Guide. 5450// 5451// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 5452// policy from an entity that would cause the entity to have fewer than the 5453// minimum number of policies of a certain type required. 5454// 5455// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 5456// that requires the organization to be configured to support all features. 5457// An organization that supports only consolidated billing features can't 5458// perform this operation. 5459// 5460// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 5461// too many levels deep. 5462// 5463// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 5464// that you can have in an organization. 5465// 5466// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 5467// is larger than the maximum size. 5468// 5469// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 5470// policies that you can have in an organization. 5471// 5472// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 5473// tags that are not compliant with the tag policy requirements for this 5474// account. 5475// 5476// * InvalidInputException 5477// The requested operation failed because you provided invalid values for one 5478// or more of the request parameters. This exception includes a reason that 5479// contains additional information about the violated limit: 5480// 5481// Some of the reasons in the following list might not be applicable to this 5482// specific API or operation. 5483// 5484// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 5485// can't be modified. 5486// 5487// * INPUT_REQUIRED: You must include a value for all required parameters. 5488// 5489// * INVALID_ENUM: You specified an invalid value. 5490// 5491// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 5492// characters. 5493// 5494// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 5495// at least one invalid value. 5496// 5497// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 5498// from the response to a previous call of the operation. 5499// 5500// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 5501// organization, or email) as a party. 5502// 5503// * INVALID_PATTERN: You provided a value that doesn't match the required 5504// pattern. 5505// 5506// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 5507// match the required pattern. 5508// 5509// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 5510// name can't begin with the reserved prefix AWSServiceRoleFor. 5511// 5512// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 5513// Name (ARN) for the organization. 5514// 5515// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 5516// 5517// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 5518// tag. You can’t add, edit, or delete system tag keys because they're 5519// reserved for AWS use. System tags don’t count against your tags per 5520// resource limit. 5521// 5522// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 5523// for the operation. 5524// 5525// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 5526// than allowed. 5527// 5528// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 5529// value than allowed. 5530// 5531// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 5532// than allowed. 5533// 5534// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 5535// value than allowed. 5536// 5537// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 5538// between entities in the same root. 5539// 5540// * ServiceException 5541// AWS Organizations can't complete your request because of an internal service 5542// error. Try again later. 5543// 5544// * TooManyRequestsException 5545// You have sent too many requests in too short a period of time. The quota 5546// helps protect against denial-of-service attacks. Try again later. 5547// 5548// For information about quotas that affect AWS Organizations, see Quotas for 5549// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 5550// the AWS Organizations User Guide. 5551// 5552// * UnsupportedAPIEndpointException 5553// This action isn't available in the current AWS Region. 5554// 5555// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisableAWSServiceAccess 5556func (c *Organizations) DisableAWSServiceAccess(input *DisableAWSServiceAccessInput) (*DisableAWSServiceAccessOutput, error) { 5557 req, out := c.DisableAWSServiceAccessRequest(input) 5558 return out, req.Send() 5559} 5560 5561// DisableAWSServiceAccessWithContext is the same as DisableAWSServiceAccess with the addition of 5562// the ability to pass a context and additional request options. 5563// 5564// See DisableAWSServiceAccess for details on how to use this API operation. 5565// 5566// The context must be non-nil and will be used for request cancellation. If 5567// the context is nil a panic will occur. In the future the SDK may create 5568// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 5569// for more information on using Contexts. 5570func (c *Organizations) DisableAWSServiceAccessWithContext(ctx aws.Context, input *DisableAWSServiceAccessInput, opts ...request.Option) (*DisableAWSServiceAccessOutput, error) { 5571 req, out := c.DisableAWSServiceAccessRequest(input) 5572 req.SetContext(ctx) 5573 req.ApplyOptions(opts...) 5574 return out, req.Send() 5575} 5576 5577const opDisablePolicyType = "DisablePolicyType" 5578 5579// DisablePolicyTypeRequest generates a "aws/request.Request" representing the 5580// client's request for the DisablePolicyType operation. The "output" return 5581// value will be populated with the request's response once the request completes 5582// successfully. 5583// 5584// Use "Send" method on the returned Request to send the API call to the service. 5585// the "output" return value is not valid until after Send returns without error. 5586// 5587// See DisablePolicyType for more information on using the DisablePolicyType 5588// API call, and error handling. 5589// 5590// This method is useful when you want to inject custom logic or configuration 5591// into the SDK's request lifecycle. Such as custom headers, or retry logic. 5592// 5593// 5594// // Example sending a request using the DisablePolicyTypeRequest method. 5595// req, resp := client.DisablePolicyTypeRequest(params) 5596// 5597// err := req.Send() 5598// if err == nil { // resp is now filled 5599// fmt.Println(resp) 5600// } 5601// 5602// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyType 5603func (c *Organizations) DisablePolicyTypeRequest(input *DisablePolicyTypeInput) (req *request.Request, output *DisablePolicyTypeOutput) { 5604 op := &request.Operation{ 5605 Name: opDisablePolicyType, 5606 HTTPMethod: "POST", 5607 HTTPPath: "/", 5608 } 5609 5610 if input == nil { 5611 input = &DisablePolicyTypeInput{} 5612 } 5613 5614 output = &DisablePolicyTypeOutput{} 5615 req = c.newRequest(op, input, output) 5616 return 5617} 5618 5619// DisablePolicyType API operation for AWS Organizations. 5620// 5621// Disables an organizational policy type in a root. A policy of a certain type 5622// can be attached to entities in a root only if that type is enabled in the 5623// root. After you perform this operation, you no longer can attach policies 5624// of the specified type to that root or to any organizational unit (OU) or 5625// account in that root. You can undo this by using the EnablePolicyType operation. 5626// 5627// This is an asynchronous request that AWS performs in the background. If you 5628// disable a policy type for a root, it still appears enabled for the organization 5629// if all features (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) 5630// are enabled for the organization. AWS recommends that you first use ListRoots 5631// to see the status of policy types for a specified root, and then use this 5632// operation. 5633// 5634// This operation can be called only from the organization's master account. 5635// 5636// To view the status of available policy types in the organization, use DescribeOrganization. 5637// 5638// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 5639// with awserr.Error's Code and Message methods to get detailed information about 5640// the error. 5641// 5642// See the AWS API reference guide for AWS Organizations's 5643// API operation DisablePolicyType for usage and error information. 5644// 5645// Returned Error Types: 5646// * AccessDeniedException 5647// You don't have permissions to perform the requested operation. The user or 5648// role that is making the request must have at least one IAM permissions policy 5649// attached that grants the required permissions. For more information, see 5650// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 5651// in the IAM User Guide. 5652// 5653// * AWSOrganizationsNotInUseException 5654// Your account isn't a member of an organization. To make this request, you 5655// must use the credentials of an account that belongs to an organization. 5656// 5657// * ConcurrentModificationException 5658// The target of the operation is currently being modified by a different request. 5659// Try again later. 5660// 5661// * ConstraintViolationException 5662// Performing this operation violates a minimum or maximum value limit. For 5663// example, attempting to remove the last service control policy (SCP) from 5664// an OU or root, inviting or creating too many accounts to the organization, 5665// or attaching too many policies to an account, OU, or root. This exception 5666// includes a reason that contains additional information about the violated 5667// limit: 5668// 5669// Some of the reasons in the following list might not be applicable to this 5670// specific API or operation. 5671// 5672// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master 5673// account from the organization. You can't remove the master account. Instead, 5674// after you remove all member accounts, delete the organization itself. 5675// 5676// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 5677// from the organization that doesn't yet have enough information to exist 5678// as a standalone account. This account requires you to first agree to the 5679// AWS Customer Agreement. Follow the steps at Removing a member account 5680// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 5681// the AWS Organizations User Guide. 5682// 5683// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 5684// an account from the organization that doesn't yet have enough information 5685// to exist as a standalone account. This account requires you to first complete 5686// phone verification. Follow the steps at Removing a member account from 5687// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 5688// in the AWS Organizations User Guide. 5689// 5690// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 5691// of accounts that you can create in one day. 5692// 5693// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 5694// the number of accounts in an organization. If you need more accounts, 5695// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 5696// request an increase in your limit. Or the number of invitations that you 5697// tried to send would cause you to exceed the limit of accounts in your 5698// organization. Send fewer invitations or contact AWS Support to request 5699// an increase in the number of accounts. Deleted and closed accounts still 5700// count toward your limit. If you get this exception when running a command 5701// immediately after creating the organization, wait one hour and try again. 5702// After an hour, if the command continues to fail with this error, contact 5703// AWS Support (https://console.aws.amazon.com/support/home#/). 5704// 5705// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 5706// register the master account of the organization as a delegated administrator 5707// for an AWS service integrated with Organizations. You can designate only 5708// a member account as a delegated administrator. 5709// 5710// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 5711// an account that is registered as a delegated administrator for a service 5712// integrated with your organization. To complete this operation, you must 5713// first deregister this account as a delegated administrator. 5714// 5715// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 5716// organization in the specified region, you must enable all features mode. 5717// 5718// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 5719// an AWS account as a delegated administrator for an AWS service that already 5720// has a delegated administrator. To complete this operation, you must first 5721// deregister any existing delegated administrators for this service. 5722// 5723// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 5724// valid for a limited period of time. You must resubmit the request and 5725// generate a new verfication code. 5726// 5727// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 5728// handshakes that you can send in one day. 5729// 5730// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 5731// in this organization, you first must migrate the organization's master 5732// account to the marketplace that corresponds to the master account's address. 5733// For example, accounts with India addresses must be associated with the 5734// AISPL marketplace. All accounts in an organization must be associated 5735// with the same marketplace. 5736// 5737// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 5738// in China. To create an organization, the master must have an valid business 5739// license. For more information, contact customer support. 5740// 5741// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 5742// must first provide a valid contact address and phone number for the master 5743// account. Then try the operation again. 5744// 5745// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 5746// master account must have an associated account in the AWS GovCloud (US-West) 5747// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 5748// in the AWS GovCloud User Guide. 5749// 5750// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 5751// with this master account, you first must associate a valid payment instrument, 5752// such as a credit card, with the account. Follow the steps at To leave 5753// an organization when all required account information has not yet been 5754// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 5755// in the AWS Organizations User Guide. 5756// 5757// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 5758// to register more delegated administrators than allowed for the service 5759// principal. 5760// 5761// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 5762// number of policies of a certain type that can be attached to an entity 5763// at one time. 5764// 5765// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 5766// on this resource. 5767// 5768// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 5769// with this member account, you first must associate a valid payment instrument, 5770// such as a credit card, with the account. Follow the steps at To leave 5771// an organization when all required account information has not yet been 5772// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 5773// in the AWS Organizations User Guide. 5774// 5775// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 5776// policy from an entity that would cause the entity to have fewer than the 5777// minimum number of policies of a certain type required. 5778// 5779// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 5780// that requires the organization to be configured to support all features. 5781// An organization that supports only consolidated billing features can't 5782// perform this operation. 5783// 5784// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 5785// too many levels deep. 5786// 5787// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 5788// that you can have in an organization. 5789// 5790// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 5791// is larger than the maximum size. 5792// 5793// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 5794// policies that you can have in an organization. 5795// 5796// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 5797// tags that are not compliant with the tag policy requirements for this 5798// account. 5799// 5800// * InvalidInputException 5801// The requested operation failed because you provided invalid values for one 5802// or more of the request parameters. This exception includes a reason that 5803// contains additional information about the violated limit: 5804// 5805// Some of the reasons in the following list might not be applicable to this 5806// specific API or operation. 5807// 5808// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 5809// can't be modified. 5810// 5811// * INPUT_REQUIRED: You must include a value for all required parameters. 5812// 5813// * INVALID_ENUM: You specified an invalid value. 5814// 5815// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 5816// characters. 5817// 5818// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 5819// at least one invalid value. 5820// 5821// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 5822// from the response to a previous call of the operation. 5823// 5824// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 5825// organization, or email) as a party. 5826// 5827// * INVALID_PATTERN: You provided a value that doesn't match the required 5828// pattern. 5829// 5830// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 5831// match the required pattern. 5832// 5833// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 5834// name can't begin with the reserved prefix AWSServiceRoleFor. 5835// 5836// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 5837// Name (ARN) for the organization. 5838// 5839// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 5840// 5841// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 5842// tag. You can’t add, edit, or delete system tag keys because they're 5843// reserved for AWS use. System tags don’t count against your tags per 5844// resource limit. 5845// 5846// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 5847// for the operation. 5848// 5849// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 5850// than allowed. 5851// 5852// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 5853// value than allowed. 5854// 5855// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 5856// than allowed. 5857// 5858// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 5859// value than allowed. 5860// 5861// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 5862// between entities in the same root. 5863// 5864// * PolicyTypeNotEnabledException 5865// The specified policy type isn't currently enabled in this root. You can't 5866// attach policies of the specified type to entities in a root until you enable 5867// that type in the root. For more information, see Enabling All Features in 5868// Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) 5869// in the AWS Organizations User Guide. 5870// 5871// * RootNotFoundException 5872// We can't find a root with the RootId that you specified. 5873// 5874// * ServiceException 5875// AWS Organizations can't complete your request because of an internal service 5876// error. Try again later. 5877// 5878// * TooManyRequestsException 5879// You have sent too many requests in too short a period of time. The quota 5880// helps protect against denial-of-service attacks. Try again later. 5881// 5882// For information about quotas that affect AWS Organizations, see Quotas for 5883// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 5884// the AWS Organizations User Guide. 5885// 5886// * UnsupportedAPIEndpointException 5887// This action isn't available in the current AWS Region. 5888// 5889// * PolicyChangesInProgressException 5890// Changes to the effective policy are in progress, and its contents can't be 5891// returned. Try the operation again later. 5892// 5893// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyType 5894func (c *Organizations) DisablePolicyType(input *DisablePolicyTypeInput) (*DisablePolicyTypeOutput, error) { 5895 req, out := c.DisablePolicyTypeRequest(input) 5896 return out, req.Send() 5897} 5898 5899// DisablePolicyTypeWithContext is the same as DisablePolicyType with the addition of 5900// the ability to pass a context and additional request options. 5901// 5902// See DisablePolicyType for details on how to use this API operation. 5903// 5904// The context must be non-nil and will be used for request cancellation. If 5905// the context is nil a panic will occur. In the future the SDK may create 5906// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 5907// for more information on using Contexts. 5908func (c *Organizations) DisablePolicyTypeWithContext(ctx aws.Context, input *DisablePolicyTypeInput, opts ...request.Option) (*DisablePolicyTypeOutput, error) { 5909 req, out := c.DisablePolicyTypeRequest(input) 5910 req.SetContext(ctx) 5911 req.ApplyOptions(opts...) 5912 return out, req.Send() 5913} 5914 5915const opEnableAWSServiceAccess = "EnableAWSServiceAccess" 5916 5917// EnableAWSServiceAccessRequest generates a "aws/request.Request" representing the 5918// client's request for the EnableAWSServiceAccess operation. The "output" return 5919// value will be populated with the request's response once the request completes 5920// successfully. 5921// 5922// Use "Send" method on the returned Request to send the API call to the service. 5923// the "output" return value is not valid until after Send returns without error. 5924// 5925// See EnableAWSServiceAccess for more information on using the EnableAWSServiceAccess 5926// API call, and error handling. 5927// 5928// This method is useful when you want to inject custom logic or configuration 5929// into the SDK's request lifecycle. Such as custom headers, or retry logic. 5930// 5931// 5932// // Example sending a request using the EnableAWSServiceAccessRequest method. 5933// req, resp := client.EnableAWSServiceAccessRequest(params) 5934// 5935// err := req.Send() 5936// if err == nil { // resp is now filled 5937// fmt.Println(resp) 5938// } 5939// 5940// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAWSServiceAccess 5941func (c *Organizations) EnableAWSServiceAccessRequest(input *EnableAWSServiceAccessInput) (req *request.Request, output *EnableAWSServiceAccessOutput) { 5942 op := &request.Operation{ 5943 Name: opEnableAWSServiceAccess, 5944 HTTPMethod: "POST", 5945 HTTPPath: "/", 5946 } 5947 5948 if input == nil { 5949 input = &EnableAWSServiceAccessInput{} 5950 } 5951 5952 output = &EnableAWSServiceAccessOutput{} 5953 req = c.newRequest(op, input, output) 5954 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 5955 return 5956} 5957 5958// EnableAWSServiceAccess API operation for AWS Organizations. 5959// 5960// Enables the integration of an AWS service (the service that is specified 5961// by ServicePrincipal) with AWS Organizations. When you enable integration, 5962// you allow the specified service to create a service-linked role (http://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html) 5963// in all the accounts in your organization. This allows the service to perform 5964// operations on your behalf in your organization and its accounts. 5965// 5966// We recommend that you enable integration between AWS Organizations and the 5967// specified AWS service by using the console or commands that are provided 5968// by the specified service. Doing so ensures that the service is aware that 5969// it can create the resources that are required for the integration. How the 5970// service creates those resources in the organization's accounts depends on 5971// that service. For more information, see the documentation for the other AWS 5972// service. 5973// 5974// For more information about enabling services to integrate with AWS Organizations, 5975// see Integrating AWS Organizations with Other AWS Services (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html) 5976// in the AWS Organizations User Guide. 5977// 5978// This operation can be called only from the organization's master account 5979// and only if the organization has enabled all features (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html). 5980// 5981// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 5982// with awserr.Error's Code and Message methods to get detailed information about 5983// the error. 5984// 5985// See the AWS API reference guide for AWS Organizations's 5986// API operation EnableAWSServiceAccess for usage and error information. 5987// 5988// Returned Error Types: 5989// * AccessDeniedException 5990// You don't have permissions to perform the requested operation. The user or 5991// role that is making the request must have at least one IAM permissions policy 5992// attached that grants the required permissions. For more information, see 5993// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 5994// in the IAM User Guide. 5995// 5996// * AWSOrganizationsNotInUseException 5997// Your account isn't a member of an organization. To make this request, you 5998// must use the credentials of an account that belongs to an organization. 5999// 6000// * ConcurrentModificationException 6001// The target of the operation is currently being modified by a different request. 6002// Try again later. 6003// 6004// * ConstraintViolationException 6005// Performing this operation violates a minimum or maximum value limit. For 6006// example, attempting to remove the last service control policy (SCP) from 6007// an OU or root, inviting or creating too many accounts to the organization, 6008// or attaching too many policies to an account, OU, or root. This exception 6009// includes a reason that contains additional information about the violated 6010// limit: 6011// 6012// Some of the reasons in the following list might not be applicable to this 6013// specific API or operation. 6014// 6015// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master 6016// account from the organization. You can't remove the master account. Instead, 6017// after you remove all member accounts, delete the organization itself. 6018// 6019// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 6020// from the organization that doesn't yet have enough information to exist 6021// as a standalone account. This account requires you to first agree to the 6022// AWS Customer Agreement. Follow the steps at Removing a member account 6023// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 6024// the AWS Organizations User Guide. 6025// 6026// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 6027// an account from the organization that doesn't yet have enough information 6028// to exist as a standalone account. This account requires you to first complete 6029// phone verification. Follow the steps at Removing a member account from 6030// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 6031// in the AWS Organizations User Guide. 6032// 6033// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 6034// of accounts that you can create in one day. 6035// 6036// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 6037// the number of accounts in an organization. If you need more accounts, 6038// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 6039// request an increase in your limit. Or the number of invitations that you 6040// tried to send would cause you to exceed the limit of accounts in your 6041// organization. Send fewer invitations or contact AWS Support to request 6042// an increase in the number of accounts. Deleted and closed accounts still 6043// count toward your limit. If you get this exception when running a command 6044// immediately after creating the organization, wait one hour and try again. 6045// After an hour, if the command continues to fail with this error, contact 6046// AWS Support (https://console.aws.amazon.com/support/home#/). 6047// 6048// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 6049// register the master account of the organization as a delegated administrator 6050// for an AWS service integrated with Organizations. You can designate only 6051// a member account as a delegated administrator. 6052// 6053// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 6054// an account that is registered as a delegated administrator for a service 6055// integrated with your organization. To complete this operation, you must 6056// first deregister this account as a delegated administrator. 6057// 6058// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 6059// organization in the specified region, you must enable all features mode. 6060// 6061// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 6062// an AWS account as a delegated administrator for an AWS service that already 6063// has a delegated administrator. To complete this operation, you must first 6064// deregister any existing delegated administrators for this service. 6065// 6066// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 6067// valid for a limited period of time. You must resubmit the request and 6068// generate a new verfication code. 6069// 6070// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 6071// handshakes that you can send in one day. 6072// 6073// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 6074// in this organization, you first must migrate the organization's master 6075// account to the marketplace that corresponds to the master account's address. 6076// For example, accounts with India addresses must be associated with the 6077// AISPL marketplace. All accounts in an organization must be associated 6078// with the same marketplace. 6079// 6080// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 6081// in China. To create an organization, the master must have an valid business 6082// license. For more information, contact customer support. 6083// 6084// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 6085// must first provide a valid contact address and phone number for the master 6086// account. Then try the operation again. 6087// 6088// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 6089// master account must have an associated account in the AWS GovCloud (US-West) 6090// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 6091// in the AWS GovCloud User Guide. 6092// 6093// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 6094// with this master account, you first must associate a valid payment instrument, 6095// such as a credit card, with the account. Follow the steps at To leave 6096// an organization when all required account information has not yet been 6097// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 6098// in the AWS Organizations User Guide. 6099// 6100// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 6101// to register more delegated administrators than allowed for the service 6102// principal. 6103// 6104// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 6105// number of policies of a certain type that can be attached to an entity 6106// at one time. 6107// 6108// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 6109// on this resource. 6110// 6111// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 6112// with this member account, you first must associate a valid payment instrument, 6113// such as a credit card, with the account. Follow the steps at To leave 6114// an organization when all required account information has not yet been 6115// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 6116// in the AWS Organizations User Guide. 6117// 6118// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 6119// policy from an entity that would cause the entity to have fewer than the 6120// minimum number of policies of a certain type required. 6121// 6122// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 6123// that requires the organization to be configured to support all features. 6124// An organization that supports only consolidated billing features can't 6125// perform this operation. 6126// 6127// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 6128// too many levels deep. 6129// 6130// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 6131// that you can have in an organization. 6132// 6133// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 6134// is larger than the maximum size. 6135// 6136// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 6137// policies that you can have in an organization. 6138// 6139// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 6140// tags that are not compliant with the tag policy requirements for this 6141// account. 6142// 6143// * InvalidInputException 6144// The requested operation failed because you provided invalid values for one 6145// or more of the request parameters. This exception includes a reason that 6146// contains additional information about the violated limit: 6147// 6148// Some of the reasons in the following list might not be applicable to this 6149// specific API or operation. 6150// 6151// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 6152// can't be modified. 6153// 6154// * INPUT_REQUIRED: You must include a value for all required parameters. 6155// 6156// * INVALID_ENUM: You specified an invalid value. 6157// 6158// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 6159// characters. 6160// 6161// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 6162// at least one invalid value. 6163// 6164// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 6165// from the response to a previous call of the operation. 6166// 6167// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 6168// organization, or email) as a party. 6169// 6170// * INVALID_PATTERN: You provided a value that doesn't match the required 6171// pattern. 6172// 6173// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 6174// match the required pattern. 6175// 6176// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 6177// name can't begin with the reserved prefix AWSServiceRoleFor. 6178// 6179// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 6180// Name (ARN) for the organization. 6181// 6182// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 6183// 6184// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 6185// tag. You can’t add, edit, or delete system tag keys because they're 6186// reserved for AWS use. System tags don’t count against your tags per 6187// resource limit. 6188// 6189// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 6190// for the operation. 6191// 6192// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 6193// than allowed. 6194// 6195// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 6196// value than allowed. 6197// 6198// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 6199// than allowed. 6200// 6201// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 6202// value than allowed. 6203// 6204// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 6205// between entities in the same root. 6206// 6207// * ServiceException 6208// AWS Organizations can't complete your request because of an internal service 6209// error. Try again later. 6210// 6211// * TooManyRequestsException 6212// You have sent too many requests in too short a period of time. The quota 6213// helps protect against denial-of-service attacks. Try again later. 6214// 6215// For information about quotas that affect AWS Organizations, see Quotas for 6216// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 6217// the AWS Organizations User Guide. 6218// 6219// * UnsupportedAPIEndpointException 6220// This action isn't available in the current AWS Region. 6221// 6222// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAWSServiceAccess 6223func (c *Organizations) EnableAWSServiceAccess(input *EnableAWSServiceAccessInput) (*EnableAWSServiceAccessOutput, error) { 6224 req, out := c.EnableAWSServiceAccessRequest(input) 6225 return out, req.Send() 6226} 6227 6228// EnableAWSServiceAccessWithContext is the same as EnableAWSServiceAccess with the addition of 6229// the ability to pass a context and additional request options. 6230// 6231// See EnableAWSServiceAccess for details on how to use this API operation. 6232// 6233// The context must be non-nil and will be used for request cancellation. If 6234// the context is nil a panic will occur. In the future the SDK may create 6235// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 6236// for more information on using Contexts. 6237func (c *Organizations) EnableAWSServiceAccessWithContext(ctx aws.Context, input *EnableAWSServiceAccessInput, opts ...request.Option) (*EnableAWSServiceAccessOutput, error) { 6238 req, out := c.EnableAWSServiceAccessRequest(input) 6239 req.SetContext(ctx) 6240 req.ApplyOptions(opts...) 6241 return out, req.Send() 6242} 6243 6244const opEnableAllFeatures = "EnableAllFeatures" 6245 6246// EnableAllFeaturesRequest generates a "aws/request.Request" representing the 6247// client's request for the EnableAllFeatures operation. The "output" return 6248// value will be populated with the request's response once the request completes 6249// successfully. 6250// 6251// Use "Send" method on the returned Request to send the API call to the service. 6252// the "output" return value is not valid until after Send returns without error. 6253// 6254// See EnableAllFeatures for more information on using the EnableAllFeatures 6255// API call, and error handling. 6256// 6257// This method is useful when you want to inject custom logic or configuration 6258// into the SDK's request lifecycle. Such as custom headers, or retry logic. 6259// 6260// 6261// // Example sending a request using the EnableAllFeaturesRequest method. 6262// req, resp := client.EnableAllFeaturesRequest(params) 6263// 6264// err := req.Send() 6265// if err == nil { // resp is now filled 6266// fmt.Println(resp) 6267// } 6268// 6269// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAllFeatures 6270func (c *Organizations) EnableAllFeaturesRequest(input *EnableAllFeaturesInput) (req *request.Request, output *EnableAllFeaturesOutput) { 6271 op := &request.Operation{ 6272 Name: opEnableAllFeatures, 6273 HTTPMethod: "POST", 6274 HTTPPath: "/", 6275 } 6276 6277 if input == nil { 6278 input = &EnableAllFeaturesInput{} 6279 } 6280 6281 output = &EnableAllFeaturesOutput{} 6282 req = c.newRequest(op, input, output) 6283 return 6284} 6285 6286// EnableAllFeatures API operation for AWS Organizations. 6287// 6288// Enables all features in an organization. This enables the use of organization 6289// policies that can restrict the services and actions that can be called in 6290// each account. Until you enable all features, you have access only to consolidated 6291// billing, and you can't use any of the advanced account administration features 6292// that AWS Organizations supports. For more information, see Enabling All Features 6293// in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) 6294// in the AWS Organizations User Guide. 6295// 6296// This operation is required only for organizations that were created explicitly 6297// with only the consolidated billing features enabled. Calling this operation 6298// sends a handshake to every invited account in the organization. The feature 6299// set change can be finalized and the additional features enabled only after 6300// all administrators in the invited accounts approve the change by accepting 6301// the handshake. 6302// 6303// After you enable all features, you can separately enable or disable individual 6304// policy types in a root using EnablePolicyType and DisablePolicyType. To see 6305// the status of policy types in a root, use ListRoots. 6306// 6307// After all invited member accounts accept the handshake, you finalize the 6308// feature set change by accepting the handshake that contains "Action": "ENABLE_ALL_FEATURES". 6309// This completes the change. 6310// 6311// After you enable all features in your organization, the master account in 6312// the organization can apply policies on all member accounts. These policies 6313// can restrict what users and even administrators in those accounts can do. 6314// The master account can apply policies that prevent accounts from leaving 6315// the organization. Ensure that your account administrators are aware of this. 6316// 6317// This operation can be called only from the organization's master account. 6318// 6319// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 6320// with awserr.Error's Code and Message methods to get detailed information about 6321// the error. 6322// 6323// See the AWS API reference guide for AWS Organizations's 6324// API operation EnableAllFeatures for usage and error information. 6325// 6326// Returned Error Types: 6327// * AccessDeniedException 6328// You don't have permissions to perform the requested operation. The user or 6329// role that is making the request must have at least one IAM permissions policy 6330// attached that grants the required permissions. For more information, see 6331// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 6332// in the IAM User Guide. 6333// 6334// * AWSOrganizationsNotInUseException 6335// Your account isn't a member of an organization. To make this request, you 6336// must use the credentials of an account that belongs to an organization. 6337// 6338// * ConcurrentModificationException 6339// The target of the operation is currently being modified by a different request. 6340// Try again later. 6341// 6342// * HandshakeConstraintViolationException 6343// The requested operation would violate the constraint identified in the reason 6344// code. 6345// 6346// Some of the reasons in the following list might not be applicable to this 6347// specific API or operation: 6348// 6349// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 6350// the number of accounts in an organization. Note that deleted and closed 6351// accounts still count toward your limit. If you get this exception immediately 6352// after creating the organization, wait one hour and try again. If after 6353// an hour it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/). 6354// 6355// * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because 6356// the invited account is already a member of an organization. 6357// 6358// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 6359// handshakes that you can send in one day. 6360// 6361// * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations 6362// to join an organization while it's in the process of enabling all features. 6363// You can resume inviting accounts after you finalize the process when all 6364// accounts have agreed to the change. 6365// 6366// * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid 6367// because the organization has already enabled all features. 6368// 6369// * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because 6370// the account is from a different marketplace than the accounts in the organization. 6371// For example, accounts with India addresses must be associated with the 6372// AISPL marketplace. All accounts in an organization must be from the same 6373// marketplace. 6374// 6375// * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to 6376// change the membership of an account too quickly after its previous change. 6377// 6378// * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an 6379// account that doesn't have a payment instrument, such as a credit card, 6380// associated with it. 6381// 6382// * InvalidInputException 6383// The requested operation failed because you provided invalid values for one 6384// or more of the request parameters. This exception includes a reason that 6385// contains additional information about the violated limit: 6386// 6387// Some of the reasons in the following list might not be applicable to this 6388// specific API or operation. 6389// 6390// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 6391// can't be modified. 6392// 6393// * INPUT_REQUIRED: You must include a value for all required parameters. 6394// 6395// * INVALID_ENUM: You specified an invalid value. 6396// 6397// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 6398// characters. 6399// 6400// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 6401// at least one invalid value. 6402// 6403// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 6404// from the response to a previous call of the operation. 6405// 6406// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 6407// organization, or email) as a party. 6408// 6409// * INVALID_PATTERN: You provided a value that doesn't match the required 6410// pattern. 6411// 6412// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 6413// match the required pattern. 6414// 6415// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 6416// name can't begin with the reserved prefix AWSServiceRoleFor. 6417// 6418// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 6419// Name (ARN) for the organization. 6420// 6421// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 6422// 6423// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 6424// tag. You can’t add, edit, or delete system tag keys because they're 6425// reserved for AWS use. System tags don’t count against your tags per 6426// resource limit. 6427// 6428// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 6429// for the operation. 6430// 6431// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 6432// than allowed. 6433// 6434// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 6435// value than allowed. 6436// 6437// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 6438// than allowed. 6439// 6440// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 6441// value than allowed. 6442// 6443// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 6444// between entities in the same root. 6445// 6446// * ServiceException 6447// AWS Organizations can't complete your request because of an internal service 6448// error. Try again later. 6449// 6450// * TooManyRequestsException 6451// You have sent too many requests in too short a period of time. The quota 6452// helps protect against denial-of-service attacks. Try again later. 6453// 6454// For information about quotas that affect AWS Organizations, see Quotas for 6455// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 6456// the AWS Organizations User Guide. 6457// 6458// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAllFeatures 6459func (c *Organizations) EnableAllFeatures(input *EnableAllFeaturesInput) (*EnableAllFeaturesOutput, error) { 6460 req, out := c.EnableAllFeaturesRequest(input) 6461 return out, req.Send() 6462} 6463 6464// EnableAllFeaturesWithContext is the same as EnableAllFeatures with the addition of 6465// the ability to pass a context and additional request options. 6466// 6467// See EnableAllFeatures for details on how to use this API operation. 6468// 6469// The context must be non-nil and will be used for request cancellation. If 6470// the context is nil a panic will occur. In the future the SDK may create 6471// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 6472// for more information on using Contexts. 6473func (c *Organizations) EnableAllFeaturesWithContext(ctx aws.Context, input *EnableAllFeaturesInput, opts ...request.Option) (*EnableAllFeaturesOutput, error) { 6474 req, out := c.EnableAllFeaturesRequest(input) 6475 req.SetContext(ctx) 6476 req.ApplyOptions(opts...) 6477 return out, req.Send() 6478} 6479 6480const opEnablePolicyType = "EnablePolicyType" 6481 6482// EnablePolicyTypeRequest generates a "aws/request.Request" representing the 6483// client's request for the EnablePolicyType operation. The "output" return 6484// value will be populated with the request's response once the request completes 6485// successfully. 6486// 6487// Use "Send" method on the returned Request to send the API call to the service. 6488// the "output" return value is not valid until after Send returns without error. 6489// 6490// See EnablePolicyType for more information on using the EnablePolicyType 6491// API call, and error handling. 6492// 6493// This method is useful when you want to inject custom logic or configuration 6494// into the SDK's request lifecycle. Such as custom headers, or retry logic. 6495// 6496// 6497// // Example sending a request using the EnablePolicyTypeRequest method. 6498// req, resp := client.EnablePolicyTypeRequest(params) 6499// 6500// err := req.Send() 6501// if err == nil { // resp is now filled 6502// fmt.Println(resp) 6503// } 6504// 6505// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyType 6506func (c *Organizations) EnablePolicyTypeRequest(input *EnablePolicyTypeInput) (req *request.Request, output *EnablePolicyTypeOutput) { 6507 op := &request.Operation{ 6508 Name: opEnablePolicyType, 6509 HTTPMethod: "POST", 6510 HTTPPath: "/", 6511 } 6512 6513 if input == nil { 6514 input = &EnablePolicyTypeInput{} 6515 } 6516 6517 output = &EnablePolicyTypeOutput{} 6518 req = c.newRequest(op, input, output) 6519 return 6520} 6521 6522// EnablePolicyType API operation for AWS Organizations. 6523// 6524// Enables a policy type in a root. After you enable a policy type in a root, 6525// you can attach policies of that type to the root, any organizational unit 6526// (OU), or account in that root. You can undo this by using the DisablePolicyType 6527// operation. 6528// 6529// This is an asynchronous request that AWS performs in the background. AWS 6530// recommends that you first use ListRoots to see the status of policy types 6531// for a specified root, and then use this operation. 6532// 6533// This operation can be called only from the organization's master account. 6534// 6535// You can enable a policy type in a root only if that policy type is available 6536// in the organization. To view the status of available policy types in the 6537// organization, use DescribeOrganization. 6538// 6539// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 6540// with awserr.Error's Code and Message methods to get detailed information about 6541// the error. 6542// 6543// See the AWS API reference guide for AWS Organizations's 6544// API operation EnablePolicyType for usage and error information. 6545// 6546// Returned Error Types: 6547// * AccessDeniedException 6548// You don't have permissions to perform the requested operation. The user or 6549// role that is making the request must have at least one IAM permissions policy 6550// attached that grants the required permissions. For more information, see 6551// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 6552// in the IAM User Guide. 6553// 6554// * AWSOrganizationsNotInUseException 6555// Your account isn't a member of an organization. To make this request, you 6556// must use the credentials of an account that belongs to an organization. 6557// 6558// * ConcurrentModificationException 6559// The target of the operation is currently being modified by a different request. 6560// Try again later. 6561// 6562// * ConstraintViolationException 6563// Performing this operation violates a minimum or maximum value limit. For 6564// example, attempting to remove the last service control policy (SCP) from 6565// an OU or root, inviting or creating too many accounts to the organization, 6566// or attaching too many policies to an account, OU, or root. This exception 6567// includes a reason that contains additional information about the violated 6568// limit: 6569// 6570// Some of the reasons in the following list might not be applicable to this 6571// specific API or operation. 6572// 6573// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master 6574// account from the organization. You can't remove the master account. Instead, 6575// after you remove all member accounts, delete the organization itself. 6576// 6577// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 6578// from the organization that doesn't yet have enough information to exist 6579// as a standalone account. This account requires you to first agree to the 6580// AWS Customer Agreement. Follow the steps at Removing a member account 6581// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 6582// the AWS Organizations User Guide. 6583// 6584// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 6585// an account from the organization that doesn't yet have enough information 6586// to exist as a standalone account. This account requires you to first complete 6587// phone verification. Follow the steps at Removing a member account from 6588// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 6589// in the AWS Organizations User Guide. 6590// 6591// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 6592// of accounts that you can create in one day. 6593// 6594// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 6595// the number of accounts in an organization. If you need more accounts, 6596// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 6597// request an increase in your limit. Or the number of invitations that you 6598// tried to send would cause you to exceed the limit of accounts in your 6599// organization. Send fewer invitations or contact AWS Support to request 6600// an increase in the number of accounts. Deleted and closed accounts still 6601// count toward your limit. If you get this exception when running a command 6602// immediately after creating the organization, wait one hour and try again. 6603// After an hour, if the command continues to fail with this error, contact 6604// AWS Support (https://console.aws.amazon.com/support/home#/). 6605// 6606// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 6607// register the master account of the organization as a delegated administrator 6608// for an AWS service integrated with Organizations. You can designate only 6609// a member account as a delegated administrator. 6610// 6611// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 6612// an account that is registered as a delegated administrator for a service 6613// integrated with your organization. To complete this operation, you must 6614// first deregister this account as a delegated administrator. 6615// 6616// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 6617// organization in the specified region, you must enable all features mode. 6618// 6619// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 6620// an AWS account as a delegated administrator for an AWS service that already 6621// has a delegated administrator. To complete this operation, you must first 6622// deregister any existing delegated administrators for this service. 6623// 6624// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 6625// valid for a limited period of time. You must resubmit the request and 6626// generate a new verfication code. 6627// 6628// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 6629// handshakes that you can send in one day. 6630// 6631// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 6632// in this organization, you first must migrate the organization's master 6633// account to the marketplace that corresponds to the master account's address. 6634// For example, accounts with India addresses must be associated with the 6635// AISPL marketplace. All accounts in an organization must be associated 6636// with the same marketplace. 6637// 6638// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 6639// in China. To create an organization, the master must have an valid business 6640// license. For more information, contact customer support. 6641// 6642// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 6643// must first provide a valid contact address and phone number for the master 6644// account. Then try the operation again. 6645// 6646// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 6647// master account must have an associated account in the AWS GovCloud (US-West) 6648// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 6649// in the AWS GovCloud User Guide. 6650// 6651// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 6652// with this master account, you first must associate a valid payment instrument, 6653// such as a credit card, with the account. Follow the steps at To leave 6654// an organization when all required account information has not yet been 6655// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 6656// in the AWS Organizations User Guide. 6657// 6658// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 6659// to register more delegated administrators than allowed for the service 6660// principal. 6661// 6662// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 6663// number of policies of a certain type that can be attached to an entity 6664// at one time. 6665// 6666// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 6667// on this resource. 6668// 6669// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 6670// with this member account, you first must associate a valid payment instrument, 6671// such as a credit card, with the account. Follow the steps at To leave 6672// an organization when all required account information has not yet been 6673// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 6674// in the AWS Organizations User Guide. 6675// 6676// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 6677// policy from an entity that would cause the entity to have fewer than the 6678// minimum number of policies of a certain type required. 6679// 6680// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 6681// that requires the organization to be configured to support all features. 6682// An organization that supports only consolidated billing features can't 6683// perform this operation. 6684// 6685// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 6686// too many levels deep. 6687// 6688// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 6689// that you can have in an organization. 6690// 6691// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 6692// is larger than the maximum size. 6693// 6694// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 6695// policies that you can have in an organization. 6696// 6697// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 6698// tags that are not compliant with the tag policy requirements for this 6699// account. 6700// 6701// * InvalidInputException 6702// The requested operation failed because you provided invalid values for one 6703// or more of the request parameters. This exception includes a reason that 6704// contains additional information about the violated limit: 6705// 6706// Some of the reasons in the following list might not be applicable to this 6707// specific API or operation. 6708// 6709// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 6710// can't be modified. 6711// 6712// * INPUT_REQUIRED: You must include a value for all required parameters. 6713// 6714// * INVALID_ENUM: You specified an invalid value. 6715// 6716// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 6717// characters. 6718// 6719// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 6720// at least one invalid value. 6721// 6722// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 6723// from the response to a previous call of the operation. 6724// 6725// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 6726// organization, or email) as a party. 6727// 6728// * INVALID_PATTERN: You provided a value that doesn't match the required 6729// pattern. 6730// 6731// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 6732// match the required pattern. 6733// 6734// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 6735// name can't begin with the reserved prefix AWSServiceRoleFor. 6736// 6737// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 6738// Name (ARN) for the organization. 6739// 6740// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 6741// 6742// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 6743// tag. You can’t add, edit, or delete system tag keys because they're 6744// reserved for AWS use. System tags don’t count against your tags per 6745// resource limit. 6746// 6747// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 6748// for the operation. 6749// 6750// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 6751// than allowed. 6752// 6753// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 6754// value than allowed. 6755// 6756// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 6757// than allowed. 6758// 6759// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 6760// value than allowed. 6761// 6762// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 6763// between entities in the same root. 6764// 6765// * PolicyTypeAlreadyEnabledException 6766// The specified policy type is already enabled in the specified root. 6767// 6768// * RootNotFoundException 6769// We can't find a root with the RootId that you specified. 6770// 6771// * ServiceException 6772// AWS Organizations can't complete your request because of an internal service 6773// error. Try again later. 6774// 6775// * TooManyRequestsException 6776// You have sent too many requests in too short a period of time. The quota 6777// helps protect against denial-of-service attacks. Try again later. 6778// 6779// For information about quotas that affect AWS Organizations, see Quotas for 6780// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 6781// the AWS Organizations User Guide. 6782// 6783// * PolicyTypeNotAvailableForOrganizationException 6784// You can't use the specified policy type with the feature set currently enabled 6785// for this organization. For example, you can enable SCPs only after you enable 6786// all features in the organization. For more information, see Managing AWS 6787// Organizations Policies (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root)in 6788// the AWS Organizations User Guide. 6789// 6790// * UnsupportedAPIEndpointException 6791// This action isn't available in the current AWS Region. 6792// 6793// * PolicyChangesInProgressException 6794// Changes to the effective policy are in progress, and its contents can't be 6795// returned. Try the operation again later. 6796// 6797// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyType 6798func (c *Organizations) EnablePolicyType(input *EnablePolicyTypeInput) (*EnablePolicyTypeOutput, error) { 6799 req, out := c.EnablePolicyTypeRequest(input) 6800 return out, req.Send() 6801} 6802 6803// EnablePolicyTypeWithContext is the same as EnablePolicyType with the addition of 6804// the ability to pass a context and additional request options. 6805// 6806// See EnablePolicyType for details on how to use this API operation. 6807// 6808// The context must be non-nil and will be used for request cancellation. If 6809// the context is nil a panic will occur. In the future the SDK may create 6810// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 6811// for more information on using Contexts. 6812func (c *Organizations) EnablePolicyTypeWithContext(ctx aws.Context, input *EnablePolicyTypeInput, opts ...request.Option) (*EnablePolicyTypeOutput, error) { 6813 req, out := c.EnablePolicyTypeRequest(input) 6814 req.SetContext(ctx) 6815 req.ApplyOptions(opts...) 6816 return out, req.Send() 6817} 6818 6819const opInviteAccountToOrganization = "InviteAccountToOrganization" 6820 6821// InviteAccountToOrganizationRequest generates a "aws/request.Request" representing the 6822// client's request for the InviteAccountToOrganization operation. The "output" return 6823// value will be populated with the request's response once the request completes 6824// successfully. 6825// 6826// Use "Send" method on the returned Request to send the API call to the service. 6827// the "output" return value is not valid until after Send returns without error. 6828// 6829// See InviteAccountToOrganization for more information on using the InviteAccountToOrganization 6830// API call, and error handling. 6831// 6832// This method is useful when you want to inject custom logic or configuration 6833// into the SDK's request lifecycle. Such as custom headers, or retry logic. 6834// 6835// 6836// // Example sending a request using the InviteAccountToOrganizationRequest method. 6837// req, resp := client.InviteAccountToOrganizationRequest(params) 6838// 6839// err := req.Send() 6840// if err == nil { // resp is now filled 6841// fmt.Println(resp) 6842// } 6843// 6844// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/InviteAccountToOrganization 6845func (c *Organizations) InviteAccountToOrganizationRequest(input *InviteAccountToOrganizationInput) (req *request.Request, output *InviteAccountToOrganizationOutput) { 6846 op := &request.Operation{ 6847 Name: opInviteAccountToOrganization, 6848 HTTPMethod: "POST", 6849 HTTPPath: "/", 6850 } 6851 6852 if input == nil { 6853 input = &InviteAccountToOrganizationInput{} 6854 } 6855 6856 output = &InviteAccountToOrganizationOutput{} 6857 req = c.newRequest(op, input, output) 6858 return 6859} 6860 6861// InviteAccountToOrganization API operation for AWS Organizations. 6862// 6863// Sends an invitation to another account to join your organization as a member 6864// account. AWS Organizations sends email on your behalf to the email address 6865// that is associated with the other account's owner. The invitation is implemented 6866// as a Handshake whose details are in the response. 6867// 6868// * You can invite AWS accounts only from the same seller as the master 6869// account. For example, if your organization's master account was created 6870// by Amazon Internet Services Pvt. Ltd (AISPL), an AWS seller in India, 6871// you can invite only other AISPL accounts to your organization. You can't 6872// combine accounts from AISPL and AWS or from any other AWS seller. For 6873// more information, see Consolidated Billing in India (http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/useconsolidatedbilliing-India.html). 6874// 6875// * If you receive an exception that indicates that you exceeded your account 6876// limits for the organization or that the operation failed because your 6877// organization is still initializing, wait one hour and then try again. 6878// If the error persists after an hour, contact AWS Support (https://console.aws.amazon.com/support/home#/). 6879// 6880// This operation can be called only from the organization's master account. 6881// 6882// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 6883// with awserr.Error's Code and Message methods to get detailed information about 6884// the error. 6885// 6886// See the AWS API reference guide for AWS Organizations's 6887// API operation InviteAccountToOrganization for usage and error information. 6888// 6889// Returned Error Types: 6890// * AccessDeniedException 6891// You don't have permissions to perform the requested operation. The user or 6892// role that is making the request must have at least one IAM permissions policy 6893// attached that grants the required permissions. For more information, see 6894// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 6895// in the IAM User Guide. 6896// 6897// * AWSOrganizationsNotInUseException 6898// Your account isn't a member of an organization. To make this request, you 6899// must use the credentials of an account that belongs to an organization. 6900// 6901// * AccountOwnerNotVerifiedException 6902// You can't invite an existing account to your organization until you verify 6903// that you own the email address associated with the master account. For more 6904// information, see Email Address Verification (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_create.html#about-email-verification) 6905// in the AWS Organizations User Guide. 6906// 6907// * ConcurrentModificationException 6908// The target of the operation is currently being modified by a different request. 6909// Try again later. 6910// 6911// * HandshakeConstraintViolationException 6912// The requested operation would violate the constraint identified in the reason 6913// code. 6914// 6915// Some of the reasons in the following list might not be applicable to this 6916// specific API or operation: 6917// 6918// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 6919// the number of accounts in an organization. Note that deleted and closed 6920// accounts still count toward your limit. If you get this exception immediately 6921// after creating the organization, wait one hour and try again. If after 6922// an hour it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/). 6923// 6924// * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because 6925// the invited account is already a member of an organization. 6926// 6927// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 6928// handshakes that you can send in one day. 6929// 6930// * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations 6931// to join an organization while it's in the process of enabling all features. 6932// You can resume inviting accounts after you finalize the process when all 6933// accounts have agreed to the change. 6934// 6935// * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid 6936// because the organization has already enabled all features. 6937// 6938// * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because 6939// the account is from a different marketplace than the accounts in the organization. 6940// For example, accounts with India addresses must be associated with the 6941// AISPL marketplace. All accounts in an organization must be from the same 6942// marketplace. 6943// 6944// * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to 6945// change the membership of an account too quickly after its previous change. 6946// 6947// * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an 6948// account that doesn't have a payment instrument, such as a credit card, 6949// associated with it. 6950// 6951// * DuplicateHandshakeException 6952// A handshake with the same action and target already exists. For example, 6953// if you invited an account to join your organization, the invited account 6954// might already have a pending invitation from this organization. If you intend 6955// to resend an invitation to an account, ensure that existing handshakes that 6956// might be considered duplicates are canceled or declined. 6957// 6958// * InvalidInputException 6959// The requested operation failed because you provided invalid values for one 6960// or more of the request parameters. This exception includes a reason that 6961// contains additional information about the violated limit: 6962// 6963// Some of the reasons in the following list might not be applicable to this 6964// specific API or operation. 6965// 6966// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 6967// can't be modified. 6968// 6969// * INPUT_REQUIRED: You must include a value for all required parameters. 6970// 6971// * INVALID_ENUM: You specified an invalid value. 6972// 6973// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 6974// characters. 6975// 6976// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 6977// at least one invalid value. 6978// 6979// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 6980// from the response to a previous call of the operation. 6981// 6982// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 6983// organization, or email) as a party. 6984// 6985// * INVALID_PATTERN: You provided a value that doesn't match the required 6986// pattern. 6987// 6988// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 6989// match the required pattern. 6990// 6991// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 6992// name can't begin with the reserved prefix AWSServiceRoleFor. 6993// 6994// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 6995// Name (ARN) for the organization. 6996// 6997// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 6998// 6999// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 7000// tag. You can’t add, edit, or delete system tag keys because they're 7001// reserved for AWS use. System tags don’t count against your tags per 7002// resource limit. 7003// 7004// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 7005// for the operation. 7006// 7007// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 7008// than allowed. 7009// 7010// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 7011// value than allowed. 7012// 7013// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 7014// than allowed. 7015// 7016// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 7017// value than allowed. 7018// 7019// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 7020// between entities in the same root. 7021// 7022// * FinalizingOrganizationException 7023// AWS Organizations couldn't perform the operation because your organization 7024// hasn't finished initializing. This can take up to an hour. Try again later. 7025// If after one hour you continue to receive this error, contact AWS Support 7026// (https://console.aws.amazon.com/support/home#/). 7027// 7028// * ServiceException 7029// AWS Organizations can't complete your request because of an internal service 7030// error. Try again later. 7031// 7032// * TooManyRequestsException 7033// You have sent too many requests in too short a period of time. The quota 7034// helps protect against denial-of-service attacks. Try again later. 7035// 7036// For information about quotas that affect AWS Organizations, see Quotas for 7037// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 7038// the AWS Organizations User Guide. 7039// 7040// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/InviteAccountToOrganization 7041func (c *Organizations) InviteAccountToOrganization(input *InviteAccountToOrganizationInput) (*InviteAccountToOrganizationOutput, error) { 7042 req, out := c.InviteAccountToOrganizationRequest(input) 7043 return out, req.Send() 7044} 7045 7046// InviteAccountToOrganizationWithContext is the same as InviteAccountToOrganization with the addition of 7047// the ability to pass a context and additional request options. 7048// 7049// See InviteAccountToOrganization for details on how to use this API operation. 7050// 7051// The context must be non-nil and will be used for request cancellation. If 7052// the context is nil a panic will occur. In the future the SDK may create 7053// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 7054// for more information on using Contexts. 7055func (c *Organizations) InviteAccountToOrganizationWithContext(ctx aws.Context, input *InviteAccountToOrganizationInput, opts ...request.Option) (*InviteAccountToOrganizationOutput, error) { 7056 req, out := c.InviteAccountToOrganizationRequest(input) 7057 req.SetContext(ctx) 7058 req.ApplyOptions(opts...) 7059 return out, req.Send() 7060} 7061 7062const opLeaveOrganization = "LeaveOrganization" 7063 7064// LeaveOrganizationRequest generates a "aws/request.Request" representing the 7065// client's request for the LeaveOrganization operation. The "output" return 7066// value will be populated with the request's response once the request completes 7067// successfully. 7068// 7069// Use "Send" method on the returned Request to send the API call to the service. 7070// the "output" return value is not valid until after Send returns without error. 7071// 7072// See LeaveOrganization for more information on using the LeaveOrganization 7073// API call, and error handling. 7074// 7075// This method is useful when you want to inject custom logic or configuration 7076// into the SDK's request lifecycle. Such as custom headers, or retry logic. 7077// 7078// 7079// // Example sending a request using the LeaveOrganizationRequest method. 7080// req, resp := client.LeaveOrganizationRequest(params) 7081// 7082// err := req.Send() 7083// if err == nil { // resp is now filled 7084// fmt.Println(resp) 7085// } 7086// 7087// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/LeaveOrganization 7088func (c *Organizations) LeaveOrganizationRequest(input *LeaveOrganizationInput) (req *request.Request, output *LeaveOrganizationOutput) { 7089 op := &request.Operation{ 7090 Name: opLeaveOrganization, 7091 HTTPMethod: "POST", 7092 HTTPPath: "/", 7093 } 7094 7095 if input == nil { 7096 input = &LeaveOrganizationInput{} 7097 } 7098 7099 output = &LeaveOrganizationOutput{} 7100 req = c.newRequest(op, input, output) 7101 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 7102 return 7103} 7104 7105// LeaveOrganization API operation for AWS Organizations. 7106// 7107// Removes a member account from its parent organization. This version of the 7108// operation is performed by the account that wants to leave. To remove a member 7109// account as a user in the master account, use RemoveAccountFromOrganization 7110// instead. 7111// 7112// This operation can be called only from a member account in the organization. 7113// 7114// * The master account in an organization with all features enabled can 7115// set service control policies (SCPs) that can restrict what administrators 7116// of member accounts can do. This includes preventing them from successfully 7117// calling LeaveOrganization and leaving the organization. 7118// 7119// * You can leave an organization as a member account only if the account 7120// is configured with the information required to operate as a standalone 7121// account. When you create an account in an organization using the AWS Organizations 7122// console, API, or CLI commands, the information required of standalone 7123// accounts is not automatically collected. For each account that you want 7124// to make standalone, you must do the following steps: Accept the end user 7125// license agreement (EULA) Choose a support plan Provide and verify the 7126// required contact information Provide a current payment method AWS uses 7127// the payment method to charge for any billable (not free tier) AWS activity 7128// that occurs while the account isn't attached to an organization. Follow 7129// the steps at To leave an organization when all required account information 7130// has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 7131// in the AWS Organizations User Guide. 7132// 7133// * You can leave an organization only after you enable IAM user access 7134// to billing in your account. For more information, see Activating Access 7135// to the Billing and Cost Management Console (http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate) 7136// in the AWS Billing and Cost Management User Guide. 7137// 7138// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 7139// with awserr.Error's Code and Message methods to get detailed information about 7140// the error. 7141// 7142// See the AWS API reference guide for AWS Organizations's 7143// API operation LeaveOrganization for usage and error information. 7144// 7145// Returned Error Types: 7146// * AccessDeniedException 7147// You don't have permissions to perform the requested operation. The user or 7148// role that is making the request must have at least one IAM permissions policy 7149// attached that grants the required permissions. For more information, see 7150// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 7151// in the IAM User Guide. 7152// 7153// * AccountNotFoundException 7154// We can't find an AWS account with the AccountId that you specified, or the 7155// account whose credentials you used to make this request isn't a member of 7156// an organization. 7157// 7158// * AWSOrganizationsNotInUseException 7159// Your account isn't a member of an organization. To make this request, you 7160// must use the credentials of an account that belongs to an organization. 7161// 7162// * ConcurrentModificationException 7163// The target of the operation is currently being modified by a different request. 7164// Try again later. 7165// 7166// * ConstraintViolationException 7167// Performing this operation violates a minimum or maximum value limit. For 7168// example, attempting to remove the last service control policy (SCP) from 7169// an OU or root, inviting or creating too many accounts to the organization, 7170// or attaching too many policies to an account, OU, or root. This exception 7171// includes a reason that contains additional information about the violated 7172// limit: 7173// 7174// Some of the reasons in the following list might not be applicable to this 7175// specific API or operation. 7176// 7177// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master 7178// account from the organization. You can't remove the master account. Instead, 7179// after you remove all member accounts, delete the organization itself. 7180// 7181// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 7182// from the organization that doesn't yet have enough information to exist 7183// as a standalone account. This account requires you to first agree to the 7184// AWS Customer Agreement. Follow the steps at Removing a member account 7185// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 7186// the AWS Organizations User Guide. 7187// 7188// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 7189// an account from the organization that doesn't yet have enough information 7190// to exist as a standalone account. This account requires you to first complete 7191// phone verification. Follow the steps at Removing a member account from 7192// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 7193// in the AWS Organizations User Guide. 7194// 7195// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 7196// of accounts that you can create in one day. 7197// 7198// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 7199// the number of accounts in an organization. If you need more accounts, 7200// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 7201// request an increase in your limit. Or the number of invitations that you 7202// tried to send would cause you to exceed the limit of accounts in your 7203// organization. Send fewer invitations or contact AWS Support to request 7204// an increase in the number of accounts. Deleted and closed accounts still 7205// count toward your limit. If you get this exception when running a command 7206// immediately after creating the organization, wait one hour and try again. 7207// After an hour, if the command continues to fail with this error, contact 7208// AWS Support (https://console.aws.amazon.com/support/home#/). 7209// 7210// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 7211// register the master account of the organization as a delegated administrator 7212// for an AWS service integrated with Organizations. You can designate only 7213// a member account as a delegated administrator. 7214// 7215// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 7216// an account that is registered as a delegated administrator for a service 7217// integrated with your organization. To complete this operation, you must 7218// first deregister this account as a delegated administrator. 7219// 7220// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 7221// organization in the specified region, you must enable all features mode. 7222// 7223// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 7224// an AWS account as a delegated administrator for an AWS service that already 7225// has a delegated administrator. To complete this operation, you must first 7226// deregister any existing delegated administrators for this service. 7227// 7228// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 7229// valid for a limited period of time. You must resubmit the request and 7230// generate a new verfication code. 7231// 7232// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 7233// handshakes that you can send in one day. 7234// 7235// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 7236// in this organization, you first must migrate the organization's master 7237// account to the marketplace that corresponds to the master account's address. 7238// For example, accounts with India addresses must be associated with the 7239// AISPL marketplace. All accounts in an organization must be associated 7240// with the same marketplace. 7241// 7242// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 7243// in China. To create an organization, the master must have an valid business 7244// license. For more information, contact customer support. 7245// 7246// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 7247// must first provide a valid contact address and phone number for the master 7248// account. Then try the operation again. 7249// 7250// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 7251// master account must have an associated account in the AWS GovCloud (US-West) 7252// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 7253// in the AWS GovCloud User Guide. 7254// 7255// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 7256// with this master account, you first must associate a valid payment instrument, 7257// such as a credit card, with the account. Follow the steps at To leave 7258// an organization when all required account information has not yet been 7259// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 7260// in the AWS Organizations User Guide. 7261// 7262// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 7263// to register more delegated administrators than allowed for the service 7264// principal. 7265// 7266// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 7267// number of policies of a certain type that can be attached to an entity 7268// at one time. 7269// 7270// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 7271// on this resource. 7272// 7273// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 7274// with this member account, you first must associate a valid payment instrument, 7275// such as a credit card, with the account. Follow the steps at To leave 7276// an organization when all required account information has not yet been 7277// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 7278// in the AWS Organizations User Guide. 7279// 7280// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 7281// policy from an entity that would cause the entity to have fewer than the 7282// minimum number of policies of a certain type required. 7283// 7284// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 7285// that requires the organization to be configured to support all features. 7286// An organization that supports only consolidated billing features can't 7287// perform this operation. 7288// 7289// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 7290// too many levels deep. 7291// 7292// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 7293// that you can have in an organization. 7294// 7295// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 7296// is larger than the maximum size. 7297// 7298// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 7299// policies that you can have in an organization. 7300// 7301// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 7302// tags that are not compliant with the tag policy requirements for this 7303// account. 7304// 7305// * InvalidInputException 7306// The requested operation failed because you provided invalid values for one 7307// or more of the request parameters. This exception includes a reason that 7308// contains additional information about the violated limit: 7309// 7310// Some of the reasons in the following list might not be applicable to this 7311// specific API or operation. 7312// 7313// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 7314// can't be modified. 7315// 7316// * INPUT_REQUIRED: You must include a value for all required parameters. 7317// 7318// * INVALID_ENUM: You specified an invalid value. 7319// 7320// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 7321// characters. 7322// 7323// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 7324// at least one invalid value. 7325// 7326// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 7327// from the response to a previous call of the operation. 7328// 7329// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 7330// organization, or email) as a party. 7331// 7332// * INVALID_PATTERN: You provided a value that doesn't match the required 7333// pattern. 7334// 7335// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 7336// match the required pattern. 7337// 7338// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 7339// name can't begin with the reserved prefix AWSServiceRoleFor. 7340// 7341// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 7342// Name (ARN) for the organization. 7343// 7344// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 7345// 7346// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 7347// tag. You can’t add, edit, or delete system tag keys because they're 7348// reserved for AWS use. System tags don’t count against your tags per 7349// resource limit. 7350// 7351// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 7352// for the operation. 7353// 7354// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 7355// than allowed. 7356// 7357// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 7358// value than allowed. 7359// 7360// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 7361// than allowed. 7362// 7363// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 7364// value than allowed. 7365// 7366// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 7367// between entities in the same root. 7368// 7369// * MasterCannotLeaveOrganizationException 7370// You can't remove a master account from an organization. If you want the master 7371// account to become a member account in another organization, you must first 7372// delete the current organization of the master account. 7373// 7374// * ServiceException 7375// AWS Organizations can't complete your request because of an internal service 7376// error. Try again later. 7377// 7378// * TooManyRequestsException 7379// You have sent too many requests in too short a period of time. The quota 7380// helps protect against denial-of-service attacks. Try again later. 7381// 7382// For information about quotas that affect AWS Organizations, see Quotas for 7383// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 7384// the AWS Organizations User Guide. 7385// 7386// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/LeaveOrganization 7387func (c *Organizations) LeaveOrganization(input *LeaveOrganizationInput) (*LeaveOrganizationOutput, error) { 7388 req, out := c.LeaveOrganizationRequest(input) 7389 return out, req.Send() 7390} 7391 7392// LeaveOrganizationWithContext is the same as LeaveOrganization with the addition of 7393// the ability to pass a context and additional request options. 7394// 7395// See LeaveOrganization for details on how to use this API operation. 7396// 7397// The context must be non-nil and will be used for request cancellation. If 7398// the context is nil a panic will occur. In the future the SDK may create 7399// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 7400// for more information on using Contexts. 7401func (c *Organizations) LeaveOrganizationWithContext(ctx aws.Context, input *LeaveOrganizationInput, opts ...request.Option) (*LeaveOrganizationOutput, error) { 7402 req, out := c.LeaveOrganizationRequest(input) 7403 req.SetContext(ctx) 7404 req.ApplyOptions(opts...) 7405 return out, req.Send() 7406} 7407 7408const opListAWSServiceAccessForOrganization = "ListAWSServiceAccessForOrganization" 7409 7410// ListAWSServiceAccessForOrganizationRequest generates a "aws/request.Request" representing the 7411// client's request for the ListAWSServiceAccessForOrganization operation. The "output" return 7412// value will be populated with the request's response once the request completes 7413// successfully. 7414// 7415// Use "Send" method on the returned Request to send the API call to the service. 7416// the "output" return value is not valid until after Send returns without error. 7417// 7418// See ListAWSServiceAccessForOrganization for more information on using the ListAWSServiceAccessForOrganization 7419// API call, and error handling. 7420// 7421// This method is useful when you want to inject custom logic or configuration 7422// into the SDK's request lifecycle. Such as custom headers, or retry logic. 7423// 7424// 7425// // Example sending a request using the ListAWSServiceAccessForOrganizationRequest method. 7426// req, resp := client.ListAWSServiceAccessForOrganizationRequest(params) 7427// 7428// err := req.Send() 7429// if err == nil { // resp is now filled 7430// fmt.Println(resp) 7431// } 7432// 7433// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAWSServiceAccessForOrganization 7434func (c *Organizations) ListAWSServiceAccessForOrganizationRequest(input *ListAWSServiceAccessForOrganizationInput) (req *request.Request, output *ListAWSServiceAccessForOrganizationOutput) { 7435 op := &request.Operation{ 7436 Name: opListAWSServiceAccessForOrganization, 7437 HTTPMethod: "POST", 7438 HTTPPath: "/", 7439 Paginator: &request.Paginator{ 7440 InputTokens: []string{"NextToken"}, 7441 OutputTokens: []string{"NextToken"}, 7442 LimitToken: "MaxResults", 7443 TruncationToken: "", 7444 }, 7445 } 7446 7447 if input == nil { 7448 input = &ListAWSServiceAccessForOrganizationInput{} 7449 } 7450 7451 output = &ListAWSServiceAccessForOrganizationOutput{} 7452 req = c.newRequest(op, input, output) 7453 return 7454} 7455 7456// ListAWSServiceAccessForOrganization API operation for AWS Organizations. 7457// 7458// Returns a list of the AWS services that you enabled to integrate with your 7459// organization. After a service on this list creates the resources that it 7460// requires for the integration, it can perform operations on your organization 7461// and its accounts. 7462// 7463// For more information about integrating other services with AWS Organizations, 7464// including the list of services that currently work with Organizations, see 7465// Integrating AWS Organizations with Other AWS Services (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html) 7466// in the AWS Organizations User Guide. 7467// 7468// This operation can be called only from the organization's master account 7469// or by a member account that is a delegated administrator for an AWS service. 7470// 7471// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 7472// with awserr.Error's Code and Message methods to get detailed information about 7473// the error. 7474// 7475// See the AWS API reference guide for AWS Organizations's 7476// API operation ListAWSServiceAccessForOrganization for usage and error information. 7477// 7478// Returned Error Types: 7479// * AccessDeniedException 7480// You don't have permissions to perform the requested operation. The user or 7481// role that is making the request must have at least one IAM permissions policy 7482// attached that grants the required permissions. For more information, see 7483// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 7484// in the IAM User Guide. 7485// 7486// * AWSOrganizationsNotInUseException 7487// Your account isn't a member of an organization. To make this request, you 7488// must use the credentials of an account that belongs to an organization. 7489// 7490// * ConstraintViolationException 7491// Performing this operation violates a minimum or maximum value limit. For 7492// example, attempting to remove the last service control policy (SCP) from 7493// an OU or root, inviting or creating too many accounts to the organization, 7494// or attaching too many policies to an account, OU, or root. This exception 7495// includes a reason that contains additional information about the violated 7496// limit: 7497// 7498// Some of the reasons in the following list might not be applicable to this 7499// specific API or operation. 7500// 7501// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master 7502// account from the organization. You can't remove the master account. Instead, 7503// after you remove all member accounts, delete the organization itself. 7504// 7505// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 7506// from the organization that doesn't yet have enough information to exist 7507// as a standalone account. This account requires you to first agree to the 7508// AWS Customer Agreement. Follow the steps at Removing a member account 7509// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 7510// the AWS Organizations User Guide. 7511// 7512// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 7513// an account from the organization that doesn't yet have enough information 7514// to exist as a standalone account. This account requires you to first complete 7515// phone verification. Follow the steps at Removing a member account from 7516// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 7517// in the AWS Organizations User Guide. 7518// 7519// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 7520// of accounts that you can create in one day. 7521// 7522// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 7523// the number of accounts in an organization. If you need more accounts, 7524// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 7525// request an increase in your limit. Or the number of invitations that you 7526// tried to send would cause you to exceed the limit of accounts in your 7527// organization. Send fewer invitations or contact AWS Support to request 7528// an increase in the number of accounts. Deleted and closed accounts still 7529// count toward your limit. If you get this exception when running a command 7530// immediately after creating the organization, wait one hour and try again. 7531// After an hour, if the command continues to fail with this error, contact 7532// AWS Support (https://console.aws.amazon.com/support/home#/). 7533// 7534// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 7535// register the master account of the organization as a delegated administrator 7536// for an AWS service integrated with Organizations. You can designate only 7537// a member account as a delegated administrator. 7538// 7539// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 7540// an account that is registered as a delegated administrator for a service 7541// integrated with your organization. To complete this operation, you must 7542// first deregister this account as a delegated administrator. 7543// 7544// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 7545// organization in the specified region, you must enable all features mode. 7546// 7547// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 7548// an AWS account as a delegated administrator for an AWS service that already 7549// has a delegated administrator. To complete this operation, you must first 7550// deregister any existing delegated administrators for this service. 7551// 7552// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 7553// valid for a limited period of time. You must resubmit the request and 7554// generate a new verfication code. 7555// 7556// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 7557// handshakes that you can send in one day. 7558// 7559// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 7560// in this organization, you first must migrate the organization's master 7561// account to the marketplace that corresponds to the master account's address. 7562// For example, accounts with India addresses must be associated with the 7563// AISPL marketplace. All accounts in an organization must be associated 7564// with the same marketplace. 7565// 7566// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 7567// in China. To create an organization, the master must have an valid business 7568// license. For more information, contact customer support. 7569// 7570// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 7571// must first provide a valid contact address and phone number for the master 7572// account. Then try the operation again. 7573// 7574// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 7575// master account must have an associated account in the AWS GovCloud (US-West) 7576// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 7577// in the AWS GovCloud User Guide. 7578// 7579// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 7580// with this master account, you first must associate a valid payment instrument, 7581// such as a credit card, with the account. Follow the steps at To leave 7582// an organization when all required account information has not yet been 7583// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 7584// in the AWS Organizations User Guide. 7585// 7586// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 7587// to register more delegated administrators than allowed for the service 7588// principal. 7589// 7590// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 7591// number of policies of a certain type that can be attached to an entity 7592// at one time. 7593// 7594// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 7595// on this resource. 7596// 7597// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 7598// with this member account, you first must associate a valid payment instrument, 7599// such as a credit card, with the account. Follow the steps at To leave 7600// an organization when all required account information has not yet been 7601// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 7602// in the AWS Organizations User Guide. 7603// 7604// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 7605// policy from an entity that would cause the entity to have fewer than the 7606// minimum number of policies of a certain type required. 7607// 7608// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 7609// that requires the organization to be configured to support all features. 7610// An organization that supports only consolidated billing features can't 7611// perform this operation. 7612// 7613// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 7614// too many levels deep. 7615// 7616// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 7617// that you can have in an organization. 7618// 7619// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 7620// is larger than the maximum size. 7621// 7622// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 7623// policies that you can have in an organization. 7624// 7625// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 7626// tags that are not compliant with the tag policy requirements for this 7627// account. 7628// 7629// * InvalidInputException 7630// The requested operation failed because you provided invalid values for one 7631// or more of the request parameters. This exception includes a reason that 7632// contains additional information about the violated limit: 7633// 7634// Some of the reasons in the following list might not be applicable to this 7635// specific API or operation. 7636// 7637// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 7638// can't be modified. 7639// 7640// * INPUT_REQUIRED: You must include a value for all required parameters. 7641// 7642// * INVALID_ENUM: You specified an invalid value. 7643// 7644// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 7645// characters. 7646// 7647// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 7648// at least one invalid value. 7649// 7650// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 7651// from the response to a previous call of the operation. 7652// 7653// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 7654// organization, or email) as a party. 7655// 7656// * INVALID_PATTERN: You provided a value that doesn't match the required 7657// pattern. 7658// 7659// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 7660// match the required pattern. 7661// 7662// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 7663// name can't begin with the reserved prefix AWSServiceRoleFor. 7664// 7665// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 7666// Name (ARN) for the organization. 7667// 7668// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 7669// 7670// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 7671// tag. You can’t add, edit, or delete system tag keys because they're 7672// reserved for AWS use. System tags don’t count against your tags per 7673// resource limit. 7674// 7675// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 7676// for the operation. 7677// 7678// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 7679// than allowed. 7680// 7681// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 7682// value than allowed. 7683// 7684// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 7685// than allowed. 7686// 7687// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 7688// value than allowed. 7689// 7690// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 7691// between entities in the same root. 7692// 7693// * ServiceException 7694// AWS Organizations can't complete your request because of an internal service 7695// error. Try again later. 7696// 7697// * TooManyRequestsException 7698// You have sent too many requests in too short a period of time. The quota 7699// helps protect against denial-of-service attacks. Try again later. 7700// 7701// For information about quotas that affect AWS Organizations, see Quotas for 7702// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 7703// the AWS Organizations User Guide. 7704// 7705// * UnsupportedAPIEndpointException 7706// This action isn't available in the current AWS Region. 7707// 7708// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAWSServiceAccessForOrganization 7709func (c *Organizations) ListAWSServiceAccessForOrganization(input *ListAWSServiceAccessForOrganizationInput) (*ListAWSServiceAccessForOrganizationOutput, error) { 7710 req, out := c.ListAWSServiceAccessForOrganizationRequest(input) 7711 return out, req.Send() 7712} 7713 7714// ListAWSServiceAccessForOrganizationWithContext is the same as ListAWSServiceAccessForOrganization with the addition of 7715// the ability to pass a context and additional request options. 7716// 7717// See ListAWSServiceAccessForOrganization for details on how to use this API operation. 7718// 7719// The context must be non-nil and will be used for request cancellation. If 7720// the context is nil a panic will occur. In the future the SDK may create 7721// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 7722// for more information on using Contexts. 7723func (c *Organizations) ListAWSServiceAccessForOrganizationWithContext(ctx aws.Context, input *ListAWSServiceAccessForOrganizationInput, opts ...request.Option) (*ListAWSServiceAccessForOrganizationOutput, error) { 7724 req, out := c.ListAWSServiceAccessForOrganizationRequest(input) 7725 req.SetContext(ctx) 7726 req.ApplyOptions(opts...) 7727 return out, req.Send() 7728} 7729 7730// ListAWSServiceAccessForOrganizationPages iterates over the pages of a ListAWSServiceAccessForOrganization operation, 7731// calling the "fn" function with the response data for each page. To stop 7732// iterating, return false from the fn function. 7733// 7734// See ListAWSServiceAccessForOrganization method for more information on how to use this operation. 7735// 7736// Note: This operation can generate multiple requests to a service. 7737// 7738// // Example iterating over at most 3 pages of a ListAWSServiceAccessForOrganization operation. 7739// pageNum := 0 7740// err := client.ListAWSServiceAccessForOrganizationPages(params, 7741// func(page *organizations.ListAWSServiceAccessForOrganizationOutput, lastPage bool) bool { 7742// pageNum++ 7743// fmt.Println(page) 7744// return pageNum <= 3 7745// }) 7746// 7747func (c *Organizations) ListAWSServiceAccessForOrganizationPages(input *ListAWSServiceAccessForOrganizationInput, fn func(*ListAWSServiceAccessForOrganizationOutput, bool) bool) error { 7748 return c.ListAWSServiceAccessForOrganizationPagesWithContext(aws.BackgroundContext(), input, fn) 7749} 7750 7751// ListAWSServiceAccessForOrganizationPagesWithContext same as ListAWSServiceAccessForOrganizationPages except 7752// it takes a Context and allows setting request options on the pages. 7753// 7754// The context must be non-nil and will be used for request cancellation. If 7755// the context is nil a panic will occur. In the future the SDK may create 7756// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 7757// for more information on using Contexts. 7758func (c *Organizations) ListAWSServiceAccessForOrganizationPagesWithContext(ctx aws.Context, input *ListAWSServiceAccessForOrganizationInput, fn func(*ListAWSServiceAccessForOrganizationOutput, bool) bool, opts ...request.Option) error { 7759 p := request.Pagination{ 7760 NewRequest: func() (*request.Request, error) { 7761 var inCpy *ListAWSServiceAccessForOrganizationInput 7762 if input != nil { 7763 tmp := *input 7764 inCpy = &tmp 7765 } 7766 req, _ := c.ListAWSServiceAccessForOrganizationRequest(inCpy) 7767 req.SetContext(ctx) 7768 req.ApplyOptions(opts...) 7769 return req, nil 7770 }, 7771 } 7772 7773 for p.Next() { 7774 if !fn(p.Page().(*ListAWSServiceAccessForOrganizationOutput), !p.HasNextPage()) { 7775 break 7776 } 7777 } 7778 7779 return p.Err() 7780} 7781 7782const opListAccounts = "ListAccounts" 7783 7784// ListAccountsRequest generates a "aws/request.Request" representing the 7785// client's request for the ListAccounts operation. The "output" return 7786// value will be populated with the request's response once the request completes 7787// successfully. 7788// 7789// Use "Send" method on the returned Request to send the API call to the service. 7790// the "output" return value is not valid until after Send returns without error. 7791// 7792// See ListAccounts for more information on using the ListAccounts 7793// API call, and error handling. 7794// 7795// This method is useful when you want to inject custom logic or configuration 7796// into the SDK's request lifecycle. Such as custom headers, or retry logic. 7797// 7798// 7799// // Example sending a request using the ListAccountsRequest method. 7800// req, resp := client.ListAccountsRequest(params) 7801// 7802// err := req.Send() 7803// if err == nil { // resp is now filled 7804// fmt.Println(resp) 7805// } 7806// 7807// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccounts 7808func (c *Organizations) ListAccountsRequest(input *ListAccountsInput) (req *request.Request, output *ListAccountsOutput) { 7809 op := &request.Operation{ 7810 Name: opListAccounts, 7811 HTTPMethod: "POST", 7812 HTTPPath: "/", 7813 Paginator: &request.Paginator{ 7814 InputTokens: []string{"NextToken"}, 7815 OutputTokens: []string{"NextToken"}, 7816 LimitToken: "MaxResults", 7817 TruncationToken: "", 7818 }, 7819 } 7820 7821 if input == nil { 7822 input = &ListAccountsInput{} 7823 } 7824 7825 output = &ListAccountsOutput{} 7826 req = c.newRequest(op, input, output) 7827 return 7828} 7829 7830// ListAccounts API operation for AWS Organizations. 7831// 7832// Lists all the accounts in the organization. To request only the accounts 7833// in a specified root or organizational unit (OU), use the ListAccountsForParent 7834// operation instead. 7835// 7836// Always check the NextToken response parameter for a null value when calling 7837// a List* operation. These operations can occasionally return an empty set 7838// of results even when there are more results available. The NextToken response 7839// parameter value is null only when there are no more results to display. 7840// 7841// This operation can be called only from the organization's master account 7842// or by a member account that is a delegated administrator for an AWS service. 7843// 7844// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 7845// with awserr.Error's Code and Message methods to get detailed information about 7846// the error. 7847// 7848// See the AWS API reference guide for AWS Organizations's 7849// API operation ListAccounts for usage and error information. 7850// 7851// Returned Error Types: 7852// * AccessDeniedException 7853// You don't have permissions to perform the requested operation. The user or 7854// role that is making the request must have at least one IAM permissions policy 7855// attached that grants the required permissions. For more information, see 7856// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 7857// in the IAM User Guide. 7858// 7859// * AWSOrganizationsNotInUseException 7860// Your account isn't a member of an organization. To make this request, you 7861// must use the credentials of an account that belongs to an organization. 7862// 7863// * InvalidInputException 7864// The requested operation failed because you provided invalid values for one 7865// or more of the request parameters. This exception includes a reason that 7866// contains additional information about the violated limit: 7867// 7868// Some of the reasons in the following list might not be applicable to this 7869// specific API or operation. 7870// 7871// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 7872// can't be modified. 7873// 7874// * INPUT_REQUIRED: You must include a value for all required parameters. 7875// 7876// * INVALID_ENUM: You specified an invalid value. 7877// 7878// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 7879// characters. 7880// 7881// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 7882// at least one invalid value. 7883// 7884// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 7885// from the response to a previous call of the operation. 7886// 7887// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 7888// organization, or email) as a party. 7889// 7890// * INVALID_PATTERN: You provided a value that doesn't match the required 7891// pattern. 7892// 7893// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 7894// match the required pattern. 7895// 7896// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 7897// name can't begin with the reserved prefix AWSServiceRoleFor. 7898// 7899// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 7900// Name (ARN) for the organization. 7901// 7902// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 7903// 7904// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 7905// tag. You can’t add, edit, or delete system tag keys because they're 7906// reserved for AWS use. System tags don’t count against your tags per 7907// resource limit. 7908// 7909// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 7910// for the operation. 7911// 7912// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 7913// than allowed. 7914// 7915// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 7916// value than allowed. 7917// 7918// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 7919// than allowed. 7920// 7921// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 7922// value than allowed. 7923// 7924// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 7925// between entities in the same root. 7926// 7927// * ServiceException 7928// AWS Organizations can't complete your request because of an internal service 7929// error. Try again later. 7930// 7931// * TooManyRequestsException 7932// You have sent too many requests in too short a period of time. The quota 7933// helps protect against denial-of-service attacks. Try again later. 7934// 7935// For information about quotas that affect AWS Organizations, see Quotas for 7936// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 7937// the AWS Organizations User Guide. 7938// 7939// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccounts 7940func (c *Organizations) ListAccounts(input *ListAccountsInput) (*ListAccountsOutput, error) { 7941 req, out := c.ListAccountsRequest(input) 7942 return out, req.Send() 7943} 7944 7945// ListAccountsWithContext is the same as ListAccounts with the addition of 7946// the ability to pass a context and additional request options. 7947// 7948// See ListAccounts for details on how to use this API operation. 7949// 7950// The context must be non-nil and will be used for request cancellation. If 7951// the context is nil a panic will occur. In the future the SDK may create 7952// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 7953// for more information on using Contexts. 7954func (c *Organizations) ListAccountsWithContext(ctx aws.Context, input *ListAccountsInput, opts ...request.Option) (*ListAccountsOutput, error) { 7955 req, out := c.ListAccountsRequest(input) 7956 req.SetContext(ctx) 7957 req.ApplyOptions(opts...) 7958 return out, req.Send() 7959} 7960 7961// ListAccountsPages iterates over the pages of a ListAccounts operation, 7962// calling the "fn" function with the response data for each page. To stop 7963// iterating, return false from the fn function. 7964// 7965// See ListAccounts method for more information on how to use this operation. 7966// 7967// Note: This operation can generate multiple requests to a service. 7968// 7969// // Example iterating over at most 3 pages of a ListAccounts operation. 7970// pageNum := 0 7971// err := client.ListAccountsPages(params, 7972// func(page *organizations.ListAccountsOutput, lastPage bool) bool { 7973// pageNum++ 7974// fmt.Println(page) 7975// return pageNum <= 3 7976// }) 7977// 7978func (c *Organizations) ListAccountsPages(input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool) error { 7979 return c.ListAccountsPagesWithContext(aws.BackgroundContext(), input, fn) 7980} 7981 7982// ListAccountsPagesWithContext same as ListAccountsPages except 7983// it takes a Context and allows setting request options on the pages. 7984// 7985// The context must be non-nil and will be used for request cancellation. If 7986// the context is nil a panic will occur. In the future the SDK may create 7987// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 7988// for more information on using Contexts. 7989func (c *Organizations) ListAccountsPagesWithContext(ctx aws.Context, input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool, opts ...request.Option) error { 7990 p := request.Pagination{ 7991 NewRequest: func() (*request.Request, error) { 7992 var inCpy *ListAccountsInput 7993 if input != nil { 7994 tmp := *input 7995 inCpy = &tmp 7996 } 7997 req, _ := c.ListAccountsRequest(inCpy) 7998 req.SetContext(ctx) 7999 req.ApplyOptions(opts...) 8000 return req, nil 8001 }, 8002 } 8003 8004 for p.Next() { 8005 if !fn(p.Page().(*ListAccountsOutput), !p.HasNextPage()) { 8006 break 8007 } 8008 } 8009 8010 return p.Err() 8011} 8012 8013const opListAccountsForParent = "ListAccountsForParent" 8014 8015// ListAccountsForParentRequest generates a "aws/request.Request" representing the 8016// client's request for the ListAccountsForParent operation. The "output" return 8017// value will be populated with the request's response once the request completes 8018// successfully. 8019// 8020// Use "Send" method on the returned Request to send the API call to the service. 8021// the "output" return value is not valid until after Send returns without error. 8022// 8023// See ListAccountsForParent for more information on using the ListAccountsForParent 8024// API call, and error handling. 8025// 8026// This method is useful when you want to inject custom logic or configuration 8027// into the SDK's request lifecycle. Such as custom headers, or retry logic. 8028// 8029// 8030// // Example sending a request using the ListAccountsForParentRequest method. 8031// req, resp := client.ListAccountsForParentRequest(params) 8032// 8033// err := req.Send() 8034// if err == nil { // resp is now filled 8035// fmt.Println(resp) 8036// } 8037// 8038// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccountsForParent 8039func (c *Organizations) ListAccountsForParentRequest(input *ListAccountsForParentInput) (req *request.Request, output *ListAccountsForParentOutput) { 8040 op := &request.Operation{ 8041 Name: opListAccountsForParent, 8042 HTTPMethod: "POST", 8043 HTTPPath: "/", 8044 Paginator: &request.Paginator{ 8045 InputTokens: []string{"NextToken"}, 8046 OutputTokens: []string{"NextToken"}, 8047 LimitToken: "MaxResults", 8048 TruncationToken: "", 8049 }, 8050 } 8051 8052 if input == nil { 8053 input = &ListAccountsForParentInput{} 8054 } 8055 8056 output = &ListAccountsForParentOutput{} 8057 req = c.newRequest(op, input, output) 8058 return 8059} 8060 8061// ListAccountsForParent API operation for AWS Organizations. 8062// 8063// Lists the accounts in an organization that are contained by the specified 8064// target root or organizational unit (OU). If you specify the root, you get 8065// a list of all the accounts that aren't in any OU. If you specify an OU, you 8066// get a list of all the accounts in only that OU and not in any child OUs. 8067// To get a list of all accounts in the organization, use the ListAccounts operation. 8068// 8069// Always check the NextToken response parameter for a null value when calling 8070// a List* operation. These operations can occasionally return an empty set 8071// of results even when there are more results available. The NextToken response 8072// parameter value is null only when there are no more results to display. 8073// 8074// This operation can be called only from the organization's master account 8075// or by a member account that is a delegated administrator for an AWS service. 8076// 8077// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 8078// with awserr.Error's Code and Message methods to get detailed information about 8079// the error. 8080// 8081// See the AWS API reference guide for AWS Organizations's 8082// API operation ListAccountsForParent for usage and error information. 8083// 8084// Returned Error Types: 8085// * AccessDeniedException 8086// You don't have permissions to perform the requested operation. The user or 8087// role that is making the request must have at least one IAM permissions policy 8088// attached that grants the required permissions. For more information, see 8089// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 8090// in the IAM User Guide. 8091// 8092// * AWSOrganizationsNotInUseException 8093// Your account isn't a member of an organization. To make this request, you 8094// must use the credentials of an account that belongs to an organization. 8095// 8096// * InvalidInputException 8097// The requested operation failed because you provided invalid values for one 8098// or more of the request parameters. This exception includes a reason that 8099// contains additional information about the violated limit: 8100// 8101// Some of the reasons in the following list might not be applicable to this 8102// specific API or operation. 8103// 8104// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 8105// can't be modified. 8106// 8107// * INPUT_REQUIRED: You must include a value for all required parameters. 8108// 8109// * INVALID_ENUM: You specified an invalid value. 8110// 8111// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 8112// characters. 8113// 8114// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 8115// at least one invalid value. 8116// 8117// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 8118// from the response to a previous call of the operation. 8119// 8120// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 8121// organization, or email) as a party. 8122// 8123// * INVALID_PATTERN: You provided a value that doesn't match the required 8124// pattern. 8125// 8126// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 8127// match the required pattern. 8128// 8129// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 8130// name can't begin with the reserved prefix AWSServiceRoleFor. 8131// 8132// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 8133// Name (ARN) for the organization. 8134// 8135// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 8136// 8137// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 8138// tag. You can’t add, edit, or delete system tag keys because they're 8139// reserved for AWS use. System tags don’t count against your tags per 8140// resource limit. 8141// 8142// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 8143// for the operation. 8144// 8145// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 8146// than allowed. 8147// 8148// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 8149// value than allowed. 8150// 8151// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 8152// than allowed. 8153// 8154// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 8155// value than allowed. 8156// 8157// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 8158// between entities in the same root. 8159// 8160// * ParentNotFoundException 8161// We can't find a root or OU with the ParentId that you specified. 8162// 8163// * ServiceException 8164// AWS Organizations can't complete your request because of an internal service 8165// error. Try again later. 8166// 8167// * TooManyRequestsException 8168// You have sent too many requests in too short a period of time. The quota 8169// helps protect against denial-of-service attacks. Try again later. 8170// 8171// For information about quotas that affect AWS Organizations, see Quotas for 8172// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 8173// the AWS Organizations User Guide. 8174// 8175// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccountsForParent 8176func (c *Organizations) ListAccountsForParent(input *ListAccountsForParentInput) (*ListAccountsForParentOutput, error) { 8177 req, out := c.ListAccountsForParentRequest(input) 8178 return out, req.Send() 8179} 8180 8181// ListAccountsForParentWithContext is the same as ListAccountsForParent with the addition of 8182// the ability to pass a context and additional request options. 8183// 8184// See ListAccountsForParent for details on how to use this API operation. 8185// 8186// The context must be non-nil and will be used for request cancellation. If 8187// the context is nil a panic will occur. In the future the SDK may create 8188// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8189// for more information on using Contexts. 8190func (c *Organizations) ListAccountsForParentWithContext(ctx aws.Context, input *ListAccountsForParentInput, opts ...request.Option) (*ListAccountsForParentOutput, error) { 8191 req, out := c.ListAccountsForParentRequest(input) 8192 req.SetContext(ctx) 8193 req.ApplyOptions(opts...) 8194 return out, req.Send() 8195} 8196 8197// ListAccountsForParentPages iterates over the pages of a ListAccountsForParent operation, 8198// calling the "fn" function with the response data for each page. To stop 8199// iterating, return false from the fn function. 8200// 8201// See ListAccountsForParent method for more information on how to use this operation. 8202// 8203// Note: This operation can generate multiple requests to a service. 8204// 8205// // Example iterating over at most 3 pages of a ListAccountsForParent operation. 8206// pageNum := 0 8207// err := client.ListAccountsForParentPages(params, 8208// func(page *organizations.ListAccountsForParentOutput, lastPage bool) bool { 8209// pageNum++ 8210// fmt.Println(page) 8211// return pageNum <= 3 8212// }) 8213// 8214func (c *Organizations) ListAccountsForParentPages(input *ListAccountsForParentInput, fn func(*ListAccountsForParentOutput, bool) bool) error { 8215 return c.ListAccountsForParentPagesWithContext(aws.BackgroundContext(), input, fn) 8216} 8217 8218// ListAccountsForParentPagesWithContext same as ListAccountsForParentPages except 8219// it takes a Context and allows setting request options on the pages. 8220// 8221// The context must be non-nil and will be used for request cancellation. If 8222// the context is nil a panic will occur. In the future the SDK may create 8223// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8224// for more information on using Contexts. 8225func (c *Organizations) ListAccountsForParentPagesWithContext(ctx aws.Context, input *ListAccountsForParentInput, fn func(*ListAccountsForParentOutput, bool) bool, opts ...request.Option) error { 8226 p := request.Pagination{ 8227 NewRequest: func() (*request.Request, error) { 8228 var inCpy *ListAccountsForParentInput 8229 if input != nil { 8230 tmp := *input 8231 inCpy = &tmp 8232 } 8233 req, _ := c.ListAccountsForParentRequest(inCpy) 8234 req.SetContext(ctx) 8235 req.ApplyOptions(opts...) 8236 return req, nil 8237 }, 8238 } 8239 8240 for p.Next() { 8241 if !fn(p.Page().(*ListAccountsForParentOutput), !p.HasNextPage()) { 8242 break 8243 } 8244 } 8245 8246 return p.Err() 8247} 8248 8249const opListChildren = "ListChildren" 8250 8251// ListChildrenRequest generates a "aws/request.Request" representing the 8252// client's request for the ListChildren operation. The "output" return 8253// value will be populated with the request's response once the request completes 8254// successfully. 8255// 8256// Use "Send" method on the returned Request to send the API call to the service. 8257// the "output" return value is not valid until after Send returns without error. 8258// 8259// See ListChildren for more information on using the ListChildren 8260// API call, and error handling. 8261// 8262// This method is useful when you want to inject custom logic or configuration 8263// into the SDK's request lifecycle. Such as custom headers, or retry logic. 8264// 8265// 8266// // Example sending a request using the ListChildrenRequest method. 8267// req, resp := client.ListChildrenRequest(params) 8268// 8269// err := req.Send() 8270// if err == nil { // resp is now filled 8271// fmt.Println(resp) 8272// } 8273// 8274// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListChildren 8275func (c *Organizations) ListChildrenRequest(input *ListChildrenInput) (req *request.Request, output *ListChildrenOutput) { 8276 op := &request.Operation{ 8277 Name: opListChildren, 8278 HTTPMethod: "POST", 8279 HTTPPath: "/", 8280 Paginator: &request.Paginator{ 8281 InputTokens: []string{"NextToken"}, 8282 OutputTokens: []string{"NextToken"}, 8283 LimitToken: "MaxResults", 8284 TruncationToken: "", 8285 }, 8286 } 8287 8288 if input == nil { 8289 input = &ListChildrenInput{} 8290 } 8291 8292 output = &ListChildrenOutput{} 8293 req = c.newRequest(op, input, output) 8294 return 8295} 8296 8297// ListChildren API operation for AWS Organizations. 8298// 8299// Lists all of the organizational units (OUs) or accounts that are contained 8300// in the specified parent OU or root. This operation, along with ListParents 8301// enables you to traverse the tree structure that makes up this root. 8302// 8303// Always check the NextToken response parameter for a null value when calling 8304// a List* operation. These operations can occasionally return an empty set 8305// of results even when there are more results available. The NextToken response 8306// parameter value is null only when there are no more results to display. 8307// 8308// This operation can be called only from the organization's master account 8309// or by a member account that is a delegated administrator for an AWS service. 8310// 8311// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 8312// with awserr.Error's Code and Message methods to get detailed information about 8313// the error. 8314// 8315// See the AWS API reference guide for AWS Organizations's 8316// API operation ListChildren for usage and error information. 8317// 8318// Returned Error Types: 8319// * AccessDeniedException 8320// You don't have permissions to perform the requested operation. The user or 8321// role that is making the request must have at least one IAM permissions policy 8322// attached that grants the required permissions. For more information, see 8323// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 8324// in the IAM User Guide. 8325// 8326// * AWSOrganizationsNotInUseException 8327// Your account isn't a member of an organization. To make this request, you 8328// must use the credentials of an account that belongs to an organization. 8329// 8330// * InvalidInputException 8331// The requested operation failed because you provided invalid values for one 8332// or more of the request parameters. This exception includes a reason that 8333// contains additional information about the violated limit: 8334// 8335// Some of the reasons in the following list might not be applicable to this 8336// specific API or operation. 8337// 8338// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 8339// can't be modified. 8340// 8341// * INPUT_REQUIRED: You must include a value for all required parameters. 8342// 8343// * INVALID_ENUM: You specified an invalid value. 8344// 8345// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 8346// characters. 8347// 8348// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 8349// at least one invalid value. 8350// 8351// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 8352// from the response to a previous call of the operation. 8353// 8354// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 8355// organization, or email) as a party. 8356// 8357// * INVALID_PATTERN: You provided a value that doesn't match the required 8358// pattern. 8359// 8360// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 8361// match the required pattern. 8362// 8363// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 8364// name can't begin with the reserved prefix AWSServiceRoleFor. 8365// 8366// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 8367// Name (ARN) for the organization. 8368// 8369// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 8370// 8371// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 8372// tag. You can’t add, edit, or delete system tag keys because they're 8373// reserved for AWS use. System tags don’t count against your tags per 8374// resource limit. 8375// 8376// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 8377// for the operation. 8378// 8379// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 8380// than allowed. 8381// 8382// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 8383// value than allowed. 8384// 8385// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 8386// than allowed. 8387// 8388// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 8389// value than allowed. 8390// 8391// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 8392// between entities in the same root. 8393// 8394// * ParentNotFoundException 8395// We can't find a root or OU with the ParentId that you specified. 8396// 8397// * ServiceException 8398// AWS Organizations can't complete your request because of an internal service 8399// error. Try again later. 8400// 8401// * TooManyRequestsException 8402// You have sent too many requests in too short a period of time. The quota 8403// helps protect against denial-of-service attacks. Try again later. 8404// 8405// For information about quotas that affect AWS Organizations, see Quotas for 8406// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 8407// the AWS Organizations User Guide. 8408// 8409// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListChildren 8410func (c *Organizations) ListChildren(input *ListChildrenInput) (*ListChildrenOutput, error) { 8411 req, out := c.ListChildrenRequest(input) 8412 return out, req.Send() 8413} 8414 8415// ListChildrenWithContext is the same as ListChildren with the addition of 8416// the ability to pass a context and additional request options. 8417// 8418// See ListChildren for details on how to use this API operation. 8419// 8420// The context must be non-nil and will be used for request cancellation. If 8421// the context is nil a panic will occur. In the future the SDK may create 8422// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8423// for more information on using Contexts. 8424func (c *Organizations) ListChildrenWithContext(ctx aws.Context, input *ListChildrenInput, opts ...request.Option) (*ListChildrenOutput, error) { 8425 req, out := c.ListChildrenRequest(input) 8426 req.SetContext(ctx) 8427 req.ApplyOptions(opts...) 8428 return out, req.Send() 8429} 8430 8431// ListChildrenPages iterates over the pages of a ListChildren operation, 8432// calling the "fn" function with the response data for each page. To stop 8433// iterating, return false from the fn function. 8434// 8435// See ListChildren method for more information on how to use this operation. 8436// 8437// Note: This operation can generate multiple requests to a service. 8438// 8439// // Example iterating over at most 3 pages of a ListChildren operation. 8440// pageNum := 0 8441// err := client.ListChildrenPages(params, 8442// func(page *organizations.ListChildrenOutput, lastPage bool) bool { 8443// pageNum++ 8444// fmt.Println(page) 8445// return pageNum <= 3 8446// }) 8447// 8448func (c *Organizations) ListChildrenPages(input *ListChildrenInput, fn func(*ListChildrenOutput, bool) bool) error { 8449 return c.ListChildrenPagesWithContext(aws.BackgroundContext(), input, fn) 8450} 8451 8452// ListChildrenPagesWithContext same as ListChildrenPages except 8453// it takes a Context and allows setting request options on the pages. 8454// 8455// The context must be non-nil and will be used for request cancellation. If 8456// the context is nil a panic will occur. In the future the SDK may create 8457// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8458// for more information on using Contexts. 8459func (c *Organizations) ListChildrenPagesWithContext(ctx aws.Context, input *ListChildrenInput, fn func(*ListChildrenOutput, bool) bool, opts ...request.Option) error { 8460 p := request.Pagination{ 8461 NewRequest: func() (*request.Request, error) { 8462 var inCpy *ListChildrenInput 8463 if input != nil { 8464 tmp := *input 8465 inCpy = &tmp 8466 } 8467 req, _ := c.ListChildrenRequest(inCpy) 8468 req.SetContext(ctx) 8469 req.ApplyOptions(opts...) 8470 return req, nil 8471 }, 8472 } 8473 8474 for p.Next() { 8475 if !fn(p.Page().(*ListChildrenOutput), !p.HasNextPage()) { 8476 break 8477 } 8478 } 8479 8480 return p.Err() 8481} 8482 8483const opListCreateAccountStatus = "ListCreateAccountStatus" 8484 8485// ListCreateAccountStatusRequest generates a "aws/request.Request" representing the 8486// client's request for the ListCreateAccountStatus operation. The "output" return 8487// value will be populated with the request's response once the request completes 8488// successfully. 8489// 8490// Use "Send" method on the returned Request to send the API call to the service. 8491// the "output" return value is not valid until after Send returns without error. 8492// 8493// See ListCreateAccountStatus for more information on using the ListCreateAccountStatus 8494// API call, and error handling. 8495// 8496// This method is useful when you want to inject custom logic or configuration 8497// into the SDK's request lifecycle. Such as custom headers, or retry logic. 8498// 8499// 8500// // Example sending a request using the ListCreateAccountStatusRequest method. 8501// req, resp := client.ListCreateAccountStatusRequest(params) 8502// 8503// err := req.Send() 8504// if err == nil { // resp is now filled 8505// fmt.Println(resp) 8506// } 8507// 8508// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus 8509func (c *Organizations) ListCreateAccountStatusRequest(input *ListCreateAccountStatusInput) (req *request.Request, output *ListCreateAccountStatusOutput) { 8510 op := &request.Operation{ 8511 Name: opListCreateAccountStatus, 8512 HTTPMethod: "POST", 8513 HTTPPath: "/", 8514 Paginator: &request.Paginator{ 8515 InputTokens: []string{"NextToken"}, 8516 OutputTokens: []string{"NextToken"}, 8517 LimitToken: "MaxResults", 8518 TruncationToken: "", 8519 }, 8520 } 8521 8522 if input == nil { 8523 input = &ListCreateAccountStatusInput{} 8524 } 8525 8526 output = &ListCreateAccountStatusOutput{} 8527 req = c.newRequest(op, input, output) 8528 return 8529} 8530 8531// ListCreateAccountStatus API operation for AWS Organizations. 8532// 8533// Lists the account creation requests that match the specified status that 8534// is currently being tracked for the organization. 8535// 8536// Always check the NextToken response parameter for a null value when calling 8537// a List* operation. These operations can occasionally return an empty set 8538// of results even when there are more results available. The NextToken response 8539// parameter value is null only when there are no more results to display. 8540// 8541// This operation can be called only from the organization's master account 8542// or by a member account that is a delegated administrator for an AWS service. 8543// 8544// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 8545// with awserr.Error's Code and Message methods to get detailed information about 8546// the error. 8547// 8548// See the AWS API reference guide for AWS Organizations's 8549// API operation ListCreateAccountStatus for usage and error information. 8550// 8551// Returned Error Types: 8552// * AccessDeniedException 8553// You don't have permissions to perform the requested operation. The user or 8554// role that is making the request must have at least one IAM permissions policy 8555// attached that grants the required permissions. For more information, see 8556// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 8557// in the IAM User Guide. 8558// 8559// * AWSOrganizationsNotInUseException 8560// Your account isn't a member of an organization. To make this request, you 8561// must use the credentials of an account that belongs to an organization. 8562// 8563// * InvalidInputException 8564// The requested operation failed because you provided invalid values for one 8565// or more of the request parameters. This exception includes a reason that 8566// contains additional information about the violated limit: 8567// 8568// Some of the reasons in the following list might not be applicable to this 8569// specific API or operation. 8570// 8571// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 8572// can't be modified. 8573// 8574// * INPUT_REQUIRED: You must include a value for all required parameters. 8575// 8576// * INVALID_ENUM: You specified an invalid value. 8577// 8578// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 8579// characters. 8580// 8581// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 8582// at least one invalid value. 8583// 8584// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 8585// from the response to a previous call of the operation. 8586// 8587// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 8588// organization, or email) as a party. 8589// 8590// * INVALID_PATTERN: You provided a value that doesn't match the required 8591// pattern. 8592// 8593// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 8594// match the required pattern. 8595// 8596// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 8597// name can't begin with the reserved prefix AWSServiceRoleFor. 8598// 8599// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 8600// Name (ARN) for the organization. 8601// 8602// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 8603// 8604// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 8605// tag. You can’t add, edit, or delete system tag keys because they're 8606// reserved for AWS use. System tags don’t count against your tags per 8607// resource limit. 8608// 8609// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 8610// for the operation. 8611// 8612// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 8613// than allowed. 8614// 8615// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 8616// value than allowed. 8617// 8618// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 8619// than allowed. 8620// 8621// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 8622// value than allowed. 8623// 8624// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 8625// between entities in the same root. 8626// 8627// * ServiceException 8628// AWS Organizations can't complete your request because of an internal service 8629// error. Try again later. 8630// 8631// * TooManyRequestsException 8632// You have sent too many requests in too short a period of time. The quota 8633// helps protect against denial-of-service attacks. Try again later. 8634// 8635// For information about quotas that affect AWS Organizations, see Quotas for 8636// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 8637// the AWS Organizations User Guide. 8638// 8639// * UnsupportedAPIEndpointException 8640// This action isn't available in the current AWS Region. 8641// 8642// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus 8643func (c *Organizations) ListCreateAccountStatus(input *ListCreateAccountStatusInput) (*ListCreateAccountStatusOutput, error) { 8644 req, out := c.ListCreateAccountStatusRequest(input) 8645 return out, req.Send() 8646} 8647 8648// ListCreateAccountStatusWithContext is the same as ListCreateAccountStatus with the addition of 8649// the ability to pass a context and additional request options. 8650// 8651// See ListCreateAccountStatus for details on how to use this API operation. 8652// 8653// The context must be non-nil and will be used for request cancellation. If 8654// the context is nil a panic will occur. In the future the SDK may create 8655// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8656// for more information on using Contexts. 8657func (c *Organizations) ListCreateAccountStatusWithContext(ctx aws.Context, input *ListCreateAccountStatusInput, opts ...request.Option) (*ListCreateAccountStatusOutput, error) { 8658 req, out := c.ListCreateAccountStatusRequest(input) 8659 req.SetContext(ctx) 8660 req.ApplyOptions(opts...) 8661 return out, req.Send() 8662} 8663 8664// ListCreateAccountStatusPages iterates over the pages of a ListCreateAccountStatus operation, 8665// calling the "fn" function with the response data for each page. To stop 8666// iterating, return false from the fn function. 8667// 8668// See ListCreateAccountStatus method for more information on how to use this operation. 8669// 8670// Note: This operation can generate multiple requests to a service. 8671// 8672// // Example iterating over at most 3 pages of a ListCreateAccountStatus operation. 8673// pageNum := 0 8674// err := client.ListCreateAccountStatusPages(params, 8675// func(page *organizations.ListCreateAccountStatusOutput, lastPage bool) bool { 8676// pageNum++ 8677// fmt.Println(page) 8678// return pageNum <= 3 8679// }) 8680// 8681func (c *Organizations) ListCreateAccountStatusPages(input *ListCreateAccountStatusInput, fn func(*ListCreateAccountStatusOutput, bool) bool) error { 8682 return c.ListCreateAccountStatusPagesWithContext(aws.BackgroundContext(), input, fn) 8683} 8684 8685// ListCreateAccountStatusPagesWithContext same as ListCreateAccountStatusPages except 8686// it takes a Context and allows setting request options on the pages. 8687// 8688// The context must be non-nil and will be used for request cancellation. If 8689// the context is nil a panic will occur. In the future the SDK may create 8690// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8691// for more information on using Contexts. 8692func (c *Organizations) ListCreateAccountStatusPagesWithContext(ctx aws.Context, input *ListCreateAccountStatusInput, fn func(*ListCreateAccountStatusOutput, bool) bool, opts ...request.Option) error { 8693 p := request.Pagination{ 8694 NewRequest: func() (*request.Request, error) { 8695 var inCpy *ListCreateAccountStatusInput 8696 if input != nil { 8697 tmp := *input 8698 inCpy = &tmp 8699 } 8700 req, _ := c.ListCreateAccountStatusRequest(inCpy) 8701 req.SetContext(ctx) 8702 req.ApplyOptions(opts...) 8703 return req, nil 8704 }, 8705 } 8706 8707 for p.Next() { 8708 if !fn(p.Page().(*ListCreateAccountStatusOutput), !p.HasNextPage()) { 8709 break 8710 } 8711 } 8712 8713 return p.Err() 8714} 8715 8716const opListDelegatedAdministrators = "ListDelegatedAdministrators" 8717 8718// ListDelegatedAdministratorsRequest generates a "aws/request.Request" representing the 8719// client's request for the ListDelegatedAdministrators operation. The "output" return 8720// value will be populated with the request's response once the request completes 8721// successfully. 8722// 8723// Use "Send" method on the returned Request to send the API call to the service. 8724// the "output" return value is not valid until after Send returns without error. 8725// 8726// See ListDelegatedAdministrators for more information on using the ListDelegatedAdministrators 8727// API call, and error handling. 8728// 8729// This method is useful when you want to inject custom logic or configuration 8730// into the SDK's request lifecycle. Such as custom headers, or retry logic. 8731// 8732// 8733// // Example sending a request using the ListDelegatedAdministratorsRequest method. 8734// req, resp := client.ListDelegatedAdministratorsRequest(params) 8735// 8736// err := req.Send() 8737// if err == nil { // resp is now filled 8738// fmt.Println(resp) 8739// } 8740// 8741// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListDelegatedAdministrators 8742func (c *Organizations) ListDelegatedAdministratorsRequest(input *ListDelegatedAdministratorsInput) (req *request.Request, output *ListDelegatedAdministratorsOutput) { 8743 op := &request.Operation{ 8744 Name: opListDelegatedAdministrators, 8745 HTTPMethod: "POST", 8746 HTTPPath: "/", 8747 Paginator: &request.Paginator{ 8748 InputTokens: []string{"NextToken"}, 8749 OutputTokens: []string{"NextToken"}, 8750 LimitToken: "MaxResults", 8751 TruncationToken: "", 8752 }, 8753 } 8754 8755 if input == nil { 8756 input = &ListDelegatedAdministratorsInput{} 8757 } 8758 8759 output = &ListDelegatedAdministratorsOutput{} 8760 req = c.newRequest(op, input, output) 8761 return 8762} 8763 8764// ListDelegatedAdministrators API operation for AWS Organizations. 8765// 8766// Lists the AWS accounts that are designated as delegated administrators in 8767// this organization. 8768// 8769// This operation can be called only from the organization's master account 8770// or by a member account that is a delegated administrator for an AWS service. 8771// 8772// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 8773// with awserr.Error's Code and Message methods to get detailed information about 8774// the error. 8775// 8776// See the AWS API reference guide for AWS Organizations's 8777// API operation ListDelegatedAdministrators for usage and error information. 8778// 8779// Returned Error Types: 8780// * AccessDeniedException 8781// You don't have permissions to perform the requested operation. The user or 8782// role that is making the request must have at least one IAM permissions policy 8783// attached that grants the required permissions. For more information, see 8784// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 8785// in the IAM User Guide. 8786// 8787// * AWSOrganizationsNotInUseException 8788// Your account isn't a member of an organization. To make this request, you 8789// must use the credentials of an account that belongs to an organization. 8790// 8791// * ConstraintViolationException 8792// Performing this operation violates a minimum or maximum value limit. For 8793// example, attempting to remove the last service control policy (SCP) from 8794// an OU or root, inviting or creating too many accounts to the organization, 8795// or attaching too many policies to an account, OU, or root. This exception 8796// includes a reason that contains additional information about the violated 8797// limit: 8798// 8799// Some of the reasons in the following list might not be applicable to this 8800// specific API or operation. 8801// 8802// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master 8803// account from the organization. You can't remove the master account. Instead, 8804// after you remove all member accounts, delete the organization itself. 8805// 8806// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 8807// from the organization that doesn't yet have enough information to exist 8808// as a standalone account. This account requires you to first agree to the 8809// AWS Customer Agreement. Follow the steps at Removing a member account 8810// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 8811// the AWS Organizations User Guide. 8812// 8813// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 8814// an account from the organization that doesn't yet have enough information 8815// to exist as a standalone account. This account requires you to first complete 8816// phone verification. Follow the steps at Removing a member account from 8817// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 8818// in the AWS Organizations User Guide. 8819// 8820// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 8821// of accounts that you can create in one day. 8822// 8823// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 8824// the number of accounts in an organization. If you need more accounts, 8825// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 8826// request an increase in your limit. Or the number of invitations that you 8827// tried to send would cause you to exceed the limit of accounts in your 8828// organization. Send fewer invitations or contact AWS Support to request 8829// an increase in the number of accounts. Deleted and closed accounts still 8830// count toward your limit. If you get this exception when running a command 8831// immediately after creating the organization, wait one hour and try again. 8832// After an hour, if the command continues to fail with this error, contact 8833// AWS Support (https://console.aws.amazon.com/support/home#/). 8834// 8835// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 8836// register the master account of the organization as a delegated administrator 8837// for an AWS service integrated with Organizations. You can designate only 8838// a member account as a delegated administrator. 8839// 8840// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 8841// an account that is registered as a delegated administrator for a service 8842// integrated with your organization. To complete this operation, you must 8843// first deregister this account as a delegated administrator. 8844// 8845// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 8846// organization in the specified region, you must enable all features mode. 8847// 8848// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 8849// an AWS account as a delegated administrator for an AWS service that already 8850// has a delegated administrator. To complete this operation, you must first 8851// deregister any existing delegated administrators for this service. 8852// 8853// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 8854// valid for a limited period of time. You must resubmit the request and 8855// generate a new verfication code. 8856// 8857// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 8858// handshakes that you can send in one day. 8859// 8860// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 8861// in this organization, you first must migrate the organization's master 8862// account to the marketplace that corresponds to the master account's address. 8863// For example, accounts with India addresses must be associated with the 8864// AISPL marketplace. All accounts in an organization must be associated 8865// with the same marketplace. 8866// 8867// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 8868// in China. To create an organization, the master must have an valid business 8869// license. For more information, contact customer support. 8870// 8871// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 8872// must first provide a valid contact address and phone number for the master 8873// account. Then try the operation again. 8874// 8875// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 8876// master account must have an associated account in the AWS GovCloud (US-West) 8877// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 8878// in the AWS GovCloud User Guide. 8879// 8880// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 8881// with this master account, you first must associate a valid payment instrument, 8882// such as a credit card, with the account. Follow the steps at To leave 8883// an organization when all required account information has not yet been 8884// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 8885// in the AWS Organizations User Guide. 8886// 8887// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 8888// to register more delegated administrators than allowed for the service 8889// principal. 8890// 8891// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 8892// number of policies of a certain type that can be attached to an entity 8893// at one time. 8894// 8895// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 8896// on this resource. 8897// 8898// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 8899// with this member account, you first must associate a valid payment instrument, 8900// such as a credit card, with the account. Follow the steps at To leave 8901// an organization when all required account information has not yet been 8902// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 8903// in the AWS Organizations User Guide. 8904// 8905// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 8906// policy from an entity that would cause the entity to have fewer than the 8907// minimum number of policies of a certain type required. 8908// 8909// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 8910// that requires the organization to be configured to support all features. 8911// An organization that supports only consolidated billing features can't 8912// perform this operation. 8913// 8914// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 8915// too many levels deep. 8916// 8917// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 8918// that you can have in an organization. 8919// 8920// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 8921// is larger than the maximum size. 8922// 8923// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 8924// policies that you can have in an organization. 8925// 8926// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 8927// tags that are not compliant with the tag policy requirements for this 8928// account. 8929// 8930// * InvalidInputException 8931// The requested operation failed because you provided invalid values for one 8932// or more of the request parameters. This exception includes a reason that 8933// contains additional information about the violated limit: 8934// 8935// Some of the reasons in the following list might not be applicable to this 8936// specific API or operation. 8937// 8938// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 8939// can't be modified. 8940// 8941// * INPUT_REQUIRED: You must include a value for all required parameters. 8942// 8943// * INVALID_ENUM: You specified an invalid value. 8944// 8945// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 8946// characters. 8947// 8948// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 8949// at least one invalid value. 8950// 8951// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 8952// from the response to a previous call of the operation. 8953// 8954// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 8955// organization, or email) as a party. 8956// 8957// * INVALID_PATTERN: You provided a value that doesn't match the required 8958// pattern. 8959// 8960// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 8961// match the required pattern. 8962// 8963// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 8964// name can't begin with the reserved prefix AWSServiceRoleFor. 8965// 8966// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 8967// Name (ARN) for the organization. 8968// 8969// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 8970// 8971// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 8972// tag. You can’t add, edit, or delete system tag keys because they're 8973// reserved for AWS use. System tags don’t count against your tags per 8974// resource limit. 8975// 8976// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 8977// for the operation. 8978// 8979// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 8980// than allowed. 8981// 8982// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 8983// value than allowed. 8984// 8985// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 8986// than allowed. 8987// 8988// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 8989// value than allowed. 8990// 8991// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 8992// between entities in the same root. 8993// 8994// * TooManyRequestsException 8995// You have sent too many requests in too short a period of time. The quota 8996// helps protect against denial-of-service attacks. Try again later. 8997// 8998// For information about quotas that affect AWS Organizations, see Quotas for 8999// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 9000// the AWS Organizations User Guide. 9001// 9002// * ServiceException 9003// AWS Organizations can't complete your request because of an internal service 9004// error. Try again later. 9005// 9006// * UnsupportedAPIEndpointException 9007// This action isn't available in the current AWS Region. 9008// 9009// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListDelegatedAdministrators 9010func (c *Organizations) ListDelegatedAdministrators(input *ListDelegatedAdministratorsInput) (*ListDelegatedAdministratorsOutput, error) { 9011 req, out := c.ListDelegatedAdministratorsRequest(input) 9012 return out, req.Send() 9013} 9014 9015// ListDelegatedAdministratorsWithContext is the same as ListDelegatedAdministrators with the addition of 9016// the ability to pass a context and additional request options. 9017// 9018// See ListDelegatedAdministrators for details on how to use this API operation. 9019// 9020// The context must be non-nil and will be used for request cancellation. If 9021// the context is nil a panic will occur. In the future the SDK may create 9022// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9023// for more information on using Contexts. 9024func (c *Organizations) ListDelegatedAdministratorsWithContext(ctx aws.Context, input *ListDelegatedAdministratorsInput, opts ...request.Option) (*ListDelegatedAdministratorsOutput, error) { 9025 req, out := c.ListDelegatedAdministratorsRequest(input) 9026 req.SetContext(ctx) 9027 req.ApplyOptions(opts...) 9028 return out, req.Send() 9029} 9030 9031// ListDelegatedAdministratorsPages iterates over the pages of a ListDelegatedAdministrators operation, 9032// calling the "fn" function with the response data for each page. To stop 9033// iterating, return false from the fn function. 9034// 9035// See ListDelegatedAdministrators method for more information on how to use this operation. 9036// 9037// Note: This operation can generate multiple requests to a service. 9038// 9039// // Example iterating over at most 3 pages of a ListDelegatedAdministrators operation. 9040// pageNum := 0 9041// err := client.ListDelegatedAdministratorsPages(params, 9042// func(page *organizations.ListDelegatedAdministratorsOutput, lastPage bool) bool { 9043// pageNum++ 9044// fmt.Println(page) 9045// return pageNum <= 3 9046// }) 9047// 9048func (c *Organizations) ListDelegatedAdministratorsPages(input *ListDelegatedAdministratorsInput, fn func(*ListDelegatedAdministratorsOutput, bool) bool) error { 9049 return c.ListDelegatedAdministratorsPagesWithContext(aws.BackgroundContext(), input, fn) 9050} 9051 9052// ListDelegatedAdministratorsPagesWithContext same as ListDelegatedAdministratorsPages except 9053// it takes a Context and allows setting request options on the pages. 9054// 9055// The context must be non-nil and will be used for request cancellation. If 9056// the context is nil a panic will occur. In the future the SDK may create 9057// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9058// for more information on using Contexts. 9059func (c *Organizations) ListDelegatedAdministratorsPagesWithContext(ctx aws.Context, input *ListDelegatedAdministratorsInput, fn func(*ListDelegatedAdministratorsOutput, bool) bool, opts ...request.Option) error { 9060 p := request.Pagination{ 9061 NewRequest: func() (*request.Request, error) { 9062 var inCpy *ListDelegatedAdministratorsInput 9063 if input != nil { 9064 tmp := *input 9065 inCpy = &tmp 9066 } 9067 req, _ := c.ListDelegatedAdministratorsRequest(inCpy) 9068 req.SetContext(ctx) 9069 req.ApplyOptions(opts...) 9070 return req, nil 9071 }, 9072 } 9073 9074 for p.Next() { 9075 if !fn(p.Page().(*ListDelegatedAdministratorsOutput), !p.HasNextPage()) { 9076 break 9077 } 9078 } 9079 9080 return p.Err() 9081} 9082 9083const opListDelegatedServicesForAccount = "ListDelegatedServicesForAccount" 9084 9085// ListDelegatedServicesForAccountRequest generates a "aws/request.Request" representing the 9086// client's request for the ListDelegatedServicesForAccount operation. The "output" return 9087// value will be populated with the request's response once the request completes 9088// successfully. 9089// 9090// Use "Send" method on the returned Request to send the API call to the service. 9091// the "output" return value is not valid until after Send returns without error. 9092// 9093// See ListDelegatedServicesForAccount for more information on using the ListDelegatedServicesForAccount 9094// API call, and error handling. 9095// 9096// This method is useful when you want to inject custom logic or configuration 9097// into the SDK's request lifecycle. Such as custom headers, or retry logic. 9098// 9099// 9100// // Example sending a request using the ListDelegatedServicesForAccountRequest method. 9101// req, resp := client.ListDelegatedServicesForAccountRequest(params) 9102// 9103// err := req.Send() 9104// if err == nil { // resp is now filled 9105// fmt.Println(resp) 9106// } 9107// 9108// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListDelegatedServicesForAccount 9109func (c *Organizations) ListDelegatedServicesForAccountRequest(input *ListDelegatedServicesForAccountInput) (req *request.Request, output *ListDelegatedServicesForAccountOutput) { 9110 op := &request.Operation{ 9111 Name: opListDelegatedServicesForAccount, 9112 HTTPMethod: "POST", 9113 HTTPPath: "/", 9114 Paginator: &request.Paginator{ 9115 InputTokens: []string{"NextToken"}, 9116 OutputTokens: []string{"NextToken"}, 9117 LimitToken: "MaxResults", 9118 TruncationToken: "", 9119 }, 9120 } 9121 9122 if input == nil { 9123 input = &ListDelegatedServicesForAccountInput{} 9124 } 9125 9126 output = &ListDelegatedServicesForAccountOutput{} 9127 req = c.newRequest(op, input, output) 9128 return 9129} 9130 9131// ListDelegatedServicesForAccount API operation for AWS Organizations. 9132// 9133// List the AWS services for which the specified account is a delegated administrator. 9134// 9135// This operation can be called only from the organization's master account 9136// or by a member account that is a delegated administrator for an AWS service. 9137// 9138// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 9139// with awserr.Error's Code and Message methods to get detailed information about 9140// the error. 9141// 9142// See the AWS API reference guide for AWS Organizations's 9143// API operation ListDelegatedServicesForAccount for usage and error information. 9144// 9145// Returned Error Types: 9146// * AccessDeniedException 9147// You don't have permissions to perform the requested operation. The user or 9148// role that is making the request must have at least one IAM permissions policy 9149// attached that grants the required permissions. For more information, see 9150// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 9151// in the IAM User Guide. 9152// 9153// * AccountNotFoundException 9154// We can't find an AWS account with the AccountId that you specified, or the 9155// account whose credentials you used to make this request isn't a member of 9156// an organization. 9157// 9158// * AccountNotRegisteredException 9159// The specified account is not a delegated administrator for this AWS service. 9160// 9161// * AWSOrganizationsNotInUseException 9162// Your account isn't a member of an organization. To make this request, you 9163// must use the credentials of an account that belongs to an organization. 9164// 9165// * ConstraintViolationException 9166// Performing this operation violates a minimum or maximum value limit. For 9167// example, attempting to remove the last service control policy (SCP) from 9168// an OU or root, inviting or creating too many accounts to the organization, 9169// or attaching too many policies to an account, OU, or root. This exception 9170// includes a reason that contains additional information about the violated 9171// limit: 9172// 9173// Some of the reasons in the following list might not be applicable to this 9174// specific API or operation. 9175// 9176// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master 9177// account from the organization. You can't remove the master account. Instead, 9178// after you remove all member accounts, delete the organization itself. 9179// 9180// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 9181// from the organization that doesn't yet have enough information to exist 9182// as a standalone account. This account requires you to first agree to the 9183// AWS Customer Agreement. Follow the steps at Removing a member account 9184// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 9185// the AWS Organizations User Guide. 9186// 9187// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 9188// an account from the organization that doesn't yet have enough information 9189// to exist as a standalone account. This account requires you to first complete 9190// phone verification. Follow the steps at Removing a member account from 9191// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 9192// in the AWS Organizations User Guide. 9193// 9194// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 9195// of accounts that you can create in one day. 9196// 9197// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 9198// the number of accounts in an organization. If you need more accounts, 9199// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 9200// request an increase in your limit. Or the number of invitations that you 9201// tried to send would cause you to exceed the limit of accounts in your 9202// organization. Send fewer invitations or contact AWS Support to request 9203// an increase in the number of accounts. Deleted and closed accounts still 9204// count toward your limit. If you get this exception when running a command 9205// immediately after creating the organization, wait one hour and try again. 9206// After an hour, if the command continues to fail with this error, contact 9207// AWS Support (https://console.aws.amazon.com/support/home#/). 9208// 9209// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 9210// register the master account of the organization as a delegated administrator 9211// for an AWS service integrated with Organizations. You can designate only 9212// a member account as a delegated administrator. 9213// 9214// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 9215// an account that is registered as a delegated administrator for a service 9216// integrated with your organization. To complete this operation, you must 9217// first deregister this account as a delegated administrator. 9218// 9219// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 9220// organization in the specified region, you must enable all features mode. 9221// 9222// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 9223// an AWS account as a delegated administrator for an AWS service that already 9224// has a delegated administrator. To complete this operation, you must first 9225// deregister any existing delegated administrators for this service. 9226// 9227// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 9228// valid for a limited period of time. You must resubmit the request and 9229// generate a new verfication code. 9230// 9231// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 9232// handshakes that you can send in one day. 9233// 9234// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 9235// in this organization, you first must migrate the organization's master 9236// account to the marketplace that corresponds to the master account's address. 9237// For example, accounts with India addresses must be associated with the 9238// AISPL marketplace. All accounts in an organization must be associated 9239// with the same marketplace. 9240// 9241// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 9242// in China. To create an organization, the master must have an valid business 9243// license. For more information, contact customer support. 9244// 9245// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 9246// must first provide a valid contact address and phone number for the master 9247// account. Then try the operation again. 9248// 9249// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 9250// master account must have an associated account in the AWS GovCloud (US-West) 9251// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 9252// in the AWS GovCloud User Guide. 9253// 9254// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 9255// with this master account, you first must associate a valid payment instrument, 9256// such as a credit card, with the account. Follow the steps at To leave 9257// an organization when all required account information has not yet been 9258// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 9259// in the AWS Organizations User Guide. 9260// 9261// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 9262// to register more delegated administrators than allowed for the service 9263// principal. 9264// 9265// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 9266// number of policies of a certain type that can be attached to an entity 9267// at one time. 9268// 9269// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 9270// on this resource. 9271// 9272// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 9273// with this member account, you first must associate a valid payment instrument, 9274// such as a credit card, with the account. Follow the steps at To leave 9275// an organization when all required account information has not yet been 9276// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 9277// in the AWS Organizations User Guide. 9278// 9279// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 9280// policy from an entity that would cause the entity to have fewer than the 9281// minimum number of policies of a certain type required. 9282// 9283// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 9284// that requires the organization to be configured to support all features. 9285// An organization that supports only consolidated billing features can't 9286// perform this operation. 9287// 9288// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 9289// too many levels deep. 9290// 9291// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 9292// that you can have in an organization. 9293// 9294// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 9295// is larger than the maximum size. 9296// 9297// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 9298// policies that you can have in an organization. 9299// 9300// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 9301// tags that are not compliant with the tag policy requirements for this 9302// account. 9303// 9304// * InvalidInputException 9305// The requested operation failed because you provided invalid values for one 9306// or more of the request parameters. This exception includes a reason that 9307// contains additional information about the violated limit: 9308// 9309// Some of the reasons in the following list might not be applicable to this 9310// specific API or operation. 9311// 9312// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 9313// can't be modified. 9314// 9315// * INPUT_REQUIRED: You must include a value for all required parameters. 9316// 9317// * INVALID_ENUM: You specified an invalid value. 9318// 9319// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 9320// characters. 9321// 9322// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 9323// at least one invalid value. 9324// 9325// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 9326// from the response to a previous call of the operation. 9327// 9328// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 9329// organization, or email) as a party. 9330// 9331// * INVALID_PATTERN: You provided a value that doesn't match the required 9332// pattern. 9333// 9334// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 9335// match the required pattern. 9336// 9337// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 9338// name can't begin with the reserved prefix AWSServiceRoleFor. 9339// 9340// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 9341// Name (ARN) for the organization. 9342// 9343// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 9344// 9345// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 9346// tag. You can’t add, edit, or delete system tag keys because they're 9347// reserved for AWS use. System tags don’t count against your tags per 9348// resource limit. 9349// 9350// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 9351// for the operation. 9352// 9353// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 9354// than allowed. 9355// 9356// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 9357// value than allowed. 9358// 9359// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 9360// than allowed. 9361// 9362// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 9363// value than allowed. 9364// 9365// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 9366// between entities in the same root. 9367// 9368// * TooManyRequestsException 9369// You have sent too many requests in too short a period of time. The quota 9370// helps protect against denial-of-service attacks. Try again later. 9371// 9372// For information about quotas that affect AWS Organizations, see Quotas for 9373// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 9374// the AWS Organizations User Guide. 9375// 9376// * ServiceException 9377// AWS Organizations can't complete your request because of an internal service 9378// error. Try again later. 9379// 9380// * UnsupportedAPIEndpointException 9381// This action isn't available in the current AWS Region. 9382// 9383// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListDelegatedServicesForAccount 9384func (c *Organizations) ListDelegatedServicesForAccount(input *ListDelegatedServicesForAccountInput) (*ListDelegatedServicesForAccountOutput, error) { 9385 req, out := c.ListDelegatedServicesForAccountRequest(input) 9386 return out, req.Send() 9387} 9388 9389// ListDelegatedServicesForAccountWithContext is the same as ListDelegatedServicesForAccount with the addition of 9390// the ability to pass a context and additional request options. 9391// 9392// See ListDelegatedServicesForAccount for details on how to use this API operation. 9393// 9394// The context must be non-nil and will be used for request cancellation. If 9395// the context is nil a panic will occur. In the future the SDK may create 9396// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9397// for more information on using Contexts. 9398func (c *Organizations) ListDelegatedServicesForAccountWithContext(ctx aws.Context, input *ListDelegatedServicesForAccountInput, opts ...request.Option) (*ListDelegatedServicesForAccountOutput, error) { 9399 req, out := c.ListDelegatedServicesForAccountRequest(input) 9400 req.SetContext(ctx) 9401 req.ApplyOptions(opts...) 9402 return out, req.Send() 9403} 9404 9405// ListDelegatedServicesForAccountPages iterates over the pages of a ListDelegatedServicesForAccount operation, 9406// calling the "fn" function with the response data for each page. To stop 9407// iterating, return false from the fn function. 9408// 9409// See ListDelegatedServicesForAccount method for more information on how to use this operation. 9410// 9411// Note: This operation can generate multiple requests to a service. 9412// 9413// // Example iterating over at most 3 pages of a ListDelegatedServicesForAccount operation. 9414// pageNum := 0 9415// err := client.ListDelegatedServicesForAccountPages(params, 9416// func(page *organizations.ListDelegatedServicesForAccountOutput, lastPage bool) bool { 9417// pageNum++ 9418// fmt.Println(page) 9419// return pageNum <= 3 9420// }) 9421// 9422func (c *Organizations) ListDelegatedServicesForAccountPages(input *ListDelegatedServicesForAccountInput, fn func(*ListDelegatedServicesForAccountOutput, bool) bool) error { 9423 return c.ListDelegatedServicesForAccountPagesWithContext(aws.BackgroundContext(), input, fn) 9424} 9425 9426// ListDelegatedServicesForAccountPagesWithContext same as ListDelegatedServicesForAccountPages except 9427// it takes a Context and allows setting request options on the pages. 9428// 9429// The context must be non-nil and will be used for request cancellation. If 9430// the context is nil a panic will occur. In the future the SDK may create 9431// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9432// for more information on using Contexts. 9433func (c *Organizations) ListDelegatedServicesForAccountPagesWithContext(ctx aws.Context, input *ListDelegatedServicesForAccountInput, fn func(*ListDelegatedServicesForAccountOutput, bool) bool, opts ...request.Option) error { 9434 p := request.Pagination{ 9435 NewRequest: func() (*request.Request, error) { 9436 var inCpy *ListDelegatedServicesForAccountInput 9437 if input != nil { 9438 tmp := *input 9439 inCpy = &tmp 9440 } 9441 req, _ := c.ListDelegatedServicesForAccountRequest(inCpy) 9442 req.SetContext(ctx) 9443 req.ApplyOptions(opts...) 9444 return req, nil 9445 }, 9446 } 9447 9448 for p.Next() { 9449 if !fn(p.Page().(*ListDelegatedServicesForAccountOutput), !p.HasNextPage()) { 9450 break 9451 } 9452 } 9453 9454 return p.Err() 9455} 9456 9457const opListHandshakesForAccount = "ListHandshakesForAccount" 9458 9459// ListHandshakesForAccountRequest generates a "aws/request.Request" representing the 9460// client's request for the ListHandshakesForAccount operation. The "output" return 9461// value will be populated with the request's response once the request completes 9462// successfully. 9463// 9464// Use "Send" method on the returned Request to send the API call to the service. 9465// the "output" return value is not valid until after Send returns without error. 9466// 9467// See ListHandshakesForAccount for more information on using the ListHandshakesForAccount 9468// API call, and error handling. 9469// 9470// This method is useful when you want to inject custom logic or configuration 9471// into the SDK's request lifecycle. Such as custom headers, or retry logic. 9472// 9473// 9474// // Example sending a request using the ListHandshakesForAccountRequest method. 9475// req, resp := client.ListHandshakesForAccountRequest(params) 9476// 9477// err := req.Send() 9478// if err == nil { // resp is now filled 9479// fmt.Println(resp) 9480// } 9481// 9482// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForAccount 9483func (c *Organizations) ListHandshakesForAccountRequest(input *ListHandshakesForAccountInput) (req *request.Request, output *ListHandshakesForAccountOutput) { 9484 op := &request.Operation{ 9485 Name: opListHandshakesForAccount, 9486 HTTPMethod: "POST", 9487 HTTPPath: "/", 9488 Paginator: &request.Paginator{ 9489 InputTokens: []string{"NextToken"}, 9490 OutputTokens: []string{"NextToken"}, 9491 LimitToken: "MaxResults", 9492 TruncationToken: "", 9493 }, 9494 } 9495 9496 if input == nil { 9497 input = &ListHandshakesForAccountInput{} 9498 } 9499 9500 output = &ListHandshakesForAccountOutput{} 9501 req = c.newRequest(op, input, output) 9502 return 9503} 9504 9505// ListHandshakesForAccount API operation for AWS Organizations. 9506// 9507// Lists the current handshakes that are associated with the account of the 9508// requesting user. 9509// 9510// Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the results 9511// of this API for only 30 days after changing to that state. After that, they're 9512// deleted and no longer accessible. 9513// 9514// Always check the NextToken response parameter for a null value when calling 9515// a List* operation. These operations can occasionally return an empty set 9516// of results even when there are more results available. The NextToken response 9517// parameter value is null only when there are no more results to display. 9518// 9519// This operation can be called only from the organization's master account 9520// or by a member account that is a delegated administrator for an AWS service. 9521// 9522// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 9523// with awserr.Error's Code and Message methods to get detailed information about 9524// the error. 9525// 9526// See the AWS API reference guide for AWS Organizations's 9527// API operation ListHandshakesForAccount for usage and error information. 9528// 9529// Returned Error Types: 9530// * AccessDeniedException 9531// You don't have permissions to perform the requested operation. The user or 9532// role that is making the request must have at least one IAM permissions policy 9533// attached that grants the required permissions. For more information, see 9534// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 9535// in the IAM User Guide. 9536// 9537// * ConcurrentModificationException 9538// The target of the operation is currently being modified by a different request. 9539// Try again later. 9540// 9541// * InvalidInputException 9542// The requested operation failed because you provided invalid values for one 9543// or more of the request parameters. This exception includes a reason that 9544// contains additional information about the violated limit: 9545// 9546// Some of the reasons in the following list might not be applicable to this 9547// specific API or operation. 9548// 9549// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 9550// can't be modified. 9551// 9552// * INPUT_REQUIRED: You must include a value for all required parameters. 9553// 9554// * INVALID_ENUM: You specified an invalid value. 9555// 9556// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 9557// characters. 9558// 9559// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 9560// at least one invalid value. 9561// 9562// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 9563// from the response to a previous call of the operation. 9564// 9565// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 9566// organization, or email) as a party. 9567// 9568// * INVALID_PATTERN: You provided a value that doesn't match the required 9569// pattern. 9570// 9571// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 9572// match the required pattern. 9573// 9574// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 9575// name can't begin with the reserved prefix AWSServiceRoleFor. 9576// 9577// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 9578// Name (ARN) for the organization. 9579// 9580// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 9581// 9582// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 9583// tag. You can’t add, edit, or delete system tag keys because they're 9584// reserved for AWS use. System tags don’t count against your tags per 9585// resource limit. 9586// 9587// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 9588// for the operation. 9589// 9590// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 9591// than allowed. 9592// 9593// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 9594// value than allowed. 9595// 9596// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 9597// than allowed. 9598// 9599// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 9600// value than allowed. 9601// 9602// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 9603// between entities in the same root. 9604// 9605// * ServiceException 9606// AWS Organizations can't complete your request because of an internal service 9607// error. Try again later. 9608// 9609// * TooManyRequestsException 9610// You have sent too many requests in too short a period of time. The quota 9611// helps protect against denial-of-service attacks. Try again later. 9612// 9613// For information about quotas that affect AWS Organizations, see Quotas for 9614// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 9615// the AWS Organizations User Guide. 9616// 9617// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForAccount 9618func (c *Organizations) ListHandshakesForAccount(input *ListHandshakesForAccountInput) (*ListHandshakesForAccountOutput, error) { 9619 req, out := c.ListHandshakesForAccountRequest(input) 9620 return out, req.Send() 9621} 9622 9623// ListHandshakesForAccountWithContext is the same as ListHandshakesForAccount with the addition of 9624// the ability to pass a context and additional request options. 9625// 9626// See ListHandshakesForAccount for details on how to use this API operation. 9627// 9628// The context must be non-nil and will be used for request cancellation. If 9629// the context is nil a panic will occur. In the future the SDK may create 9630// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9631// for more information on using Contexts. 9632func (c *Organizations) ListHandshakesForAccountWithContext(ctx aws.Context, input *ListHandshakesForAccountInput, opts ...request.Option) (*ListHandshakesForAccountOutput, error) { 9633 req, out := c.ListHandshakesForAccountRequest(input) 9634 req.SetContext(ctx) 9635 req.ApplyOptions(opts...) 9636 return out, req.Send() 9637} 9638 9639// ListHandshakesForAccountPages iterates over the pages of a ListHandshakesForAccount operation, 9640// calling the "fn" function with the response data for each page. To stop 9641// iterating, return false from the fn function. 9642// 9643// See ListHandshakesForAccount method for more information on how to use this operation. 9644// 9645// Note: This operation can generate multiple requests to a service. 9646// 9647// // Example iterating over at most 3 pages of a ListHandshakesForAccount operation. 9648// pageNum := 0 9649// err := client.ListHandshakesForAccountPages(params, 9650// func(page *organizations.ListHandshakesForAccountOutput, lastPage bool) bool { 9651// pageNum++ 9652// fmt.Println(page) 9653// return pageNum <= 3 9654// }) 9655// 9656func (c *Organizations) ListHandshakesForAccountPages(input *ListHandshakesForAccountInput, fn func(*ListHandshakesForAccountOutput, bool) bool) error { 9657 return c.ListHandshakesForAccountPagesWithContext(aws.BackgroundContext(), input, fn) 9658} 9659 9660// ListHandshakesForAccountPagesWithContext same as ListHandshakesForAccountPages except 9661// it takes a Context and allows setting request options on the pages. 9662// 9663// The context must be non-nil and will be used for request cancellation. If 9664// the context is nil a panic will occur. In the future the SDK may create 9665// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9666// for more information on using Contexts. 9667func (c *Organizations) ListHandshakesForAccountPagesWithContext(ctx aws.Context, input *ListHandshakesForAccountInput, fn func(*ListHandshakesForAccountOutput, bool) bool, opts ...request.Option) error { 9668 p := request.Pagination{ 9669 NewRequest: func() (*request.Request, error) { 9670 var inCpy *ListHandshakesForAccountInput 9671 if input != nil { 9672 tmp := *input 9673 inCpy = &tmp 9674 } 9675 req, _ := c.ListHandshakesForAccountRequest(inCpy) 9676 req.SetContext(ctx) 9677 req.ApplyOptions(opts...) 9678 return req, nil 9679 }, 9680 } 9681 9682 for p.Next() { 9683 if !fn(p.Page().(*ListHandshakesForAccountOutput), !p.HasNextPage()) { 9684 break 9685 } 9686 } 9687 9688 return p.Err() 9689} 9690 9691const opListHandshakesForOrganization = "ListHandshakesForOrganization" 9692 9693// ListHandshakesForOrganizationRequest generates a "aws/request.Request" representing the 9694// client's request for the ListHandshakesForOrganization operation. The "output" return 9695// value will be populated with the request's response once the request completes 9696// successfully. 9697// 9698// Use "Send" method on the returned Request to send the API call to the service. 9699// the "output" return value is not valid until after Send returns without error. 9700// 9701// See ListHandshakesForOrganization for more information on using the ListHandshakesForOrganization 9702// API call, and error handling. 9703// 9704// This method is useful when you want to inject custom logic or configuration 9705// into the SDK's request lifecycle. Such as custom headers, or retry logic. 9706// 9707// 9708// // Example sending a request using the ListHandshakesForOrganizationRequest method. 9709// req, resp := client.ListHandshakesForOrganizationRequest(params) 9710// 9711// err := req.Send() 9712// if err == nil { // resp is now filled 9713// fmt.Println(resp) 9714// } 9715// 9716// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForOrganization 9717func (c *Organizations) ListHandshakesForOrganizationRequest(input *ListHandshakesForOrganizationInput) (req *request.Request, output *ListHandshakesForOrganizationOutput) { 9718 op := &request.Operation{ 9719 Name: opListHandshakesForOrganization, 9720 HTTPMethod: "POST", 9721 HTTPPath: "/", 9722 Paginator: &request.Paginator{ 9723 InputTokens: []string{"NextToken"}, 9724 OutputTokens: []string{"NextToken"}, 9725 LimitToken: "MaxResults", 9726 TruncationToken: "", 9727 }, 9728 } 9729 9730 if input == nil { 9731 input = &ListHandshakesForOrganizationInput{} 9732 } 9733 9734 output = &ListHandshakesForOrganizationOutput{} 9735 req = c.newRequest(op, input, output) 9736 return 9737} 9738 9739// ListHandshakesForOrganization API operation for AWS Organizations. 9740// 9741// Lists the handshakes that are associated with the organization that the requesting 9742// user is part of. The ListHandshakesForOrganization operation returns a list 9743// of handshake structures. Each structure contains details and status about 9744// a handshake. 9745// 9746// Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the results 9747// of this API for only 30 days after changing to that state. After that, they're 9748// deleted and no longer accessible. 9749// 9750// Always check the NextToken response parameter for a null value when calling 9751// a List* operation. These operations can occasionally return an empty set 9752// of results even when there are more results available. The NextToken response 9753// parameter value is null only when there are no more results to display. 9754// 9755// This operation can be called only from the organization's master account 9756// or by a member account that is a delegated administrator for an AWS service. 9757// 9758// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 9759// with awserr.Error's Code and Message methods to get detailed information about 9760// the error. 9761// 9762// See the AWS API reference guide for AWS Organizations's 9763// API operation ListHandshakesForOrganization for usage and error information. 9764// 9765// Returned Error Types: 9766// * AccessDeniedException 9767// You don't have permissions to perform the requested operation. The user or 9768// role that is making the request must have at least one IAM permissions policy 9769// attached that grants the required permissions. For more information, see 9770// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 9771// in the IAM User Guide. 9772// 9773// * AWSOrganizationsNotInUseException 9774// Your account isn't a member of an organization. To make this request, you 9775// must use the credentials of an account that belongs to an organization. 9776// 9777// * ConcurrentModificationException 9778// The target of the operation is currently being modified by a different request. 9779// Try again later. 9780// 9781// * InvalidInputException 9782// The requested operation failed because you provided invalid values for one 9783// or more of the request parameters. This exception includes a reason that 9784// contains additional information about the violated limit: 9785// 9786// Some of the reasons in the following list might not be applicable to this 9787// specific API or operation. 9788// 9789// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 9790// can't be modified. 9791// 9792// * INPUT_REQUIRED: You must include a value for all required parameters. 9793// 9794// * INVALID_ENUM: You specified an invalid value. 9795// 9796// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 9797// characters. 9798// 9799// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 9800// at least one invalid value. 9801// 9802// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 9803// from the response to a previous call of the operation. 9804// 9805// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 9806// organization, or email) as a party. 9807// 9808// * INVALID_PATTERN: You provided a value that doesn't match the required 9809// pattern. 9810// 9811// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 9812// match the required pattern. 9813// 9814// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 9815// name can't begin with the reserved prefix AWSServiceRoleFor. 9816// 9817// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 9818// Name (ARN) for the organization. 9819// 9820// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 9821// 9822// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 9823// tag. You can’t add, edit, or delete system tag keys because they're 9824// reserved for AWS use. System tags don’t count against your tags per 9825// resource limit. 9826// 9827// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 9828// for the operation. 9829// 9830// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 9831// than allowed. 9832// 9833// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 9834// value than allowed. 9835// 9836// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 9837// than allowed. 9838// 9839// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 9840// value than allowed. 9841// 9842// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 9843// between entities in the same root. 9844// 9845// * ServiceException 9846// AWS Organizations can't complete your request because of an internal service 9847// error. Try again later. 9848// 9849// * TooManyRequestsException 9850// You have sent too many requests in too short a period of time. The quota 9851// helps protect against denial-of-service attacks. Try again later. 9852// 9853// For information about quotas that affect AWS Organizations, see Quotas for 9854// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 9855// the AWS Organizations User Guide. 9856// 9857// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForOrganization 9858func (c *Organizations) ListHandshakesForOrganization(input *ListHandshakesForOrganizationInput) (*ListHandshakesForOrganizationOutput, error) { 9859 req, out := c.ListHandshakesForOrganizationRequest(input) 9860 return out, req.Send() 9861} 9862 9863// ListHandshakesForOrganizationWithContext is the same as ListHandshakesForOrganization with the addition of 9864// the ability to pass a context and additional request options. 9865// 9866// See ListHandshakesForOrganization for details on how to use this API operation. 9867// 9868// The context must be non-nil and will be used for request cancellation. If 9869// the context is nil a panic will occur. In the future the SDK may create 9870// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9871// for more information on using Contexts. 9872func (c *Organizations) ListHandshakesForOrganizationWithContext(ctx aws.Context, input *ListHandshakesForOrganizationInput, opts ...request.Option) (*ListHandshakesForOrganizationOutput, error) { 9873 req, out := c.ListHandshakesForOrganizationRequest(input) 9874 req.SetContext(ctx) 9875 req.ApplyOptions(opts...) 9876 return out, req.Send() 9877} 9878 9879// ListHandshakesForOrganizationPages iterates over the pages of a ListHandshakesForOrganization operation, 9880// calling the "fn" function with the response data for each page. To stop 9881// iterating, return false from the fn function. 9882// 9883// See ListHandshakesForOrganization method for more information on how to use this operation. 9884// 9885// Note: This operation can generate multiple requests to a service. 9886// 9887// // Example iterating over at most 3 pages of a ListHandshakesForOrganization operation. 9888// pageNum := 0 9889// err := client.ListHandshakesForOrganizationPages(params, 9890// func(page *organizations.ListHandshakesForOrganizationOutput, lastPage bool) bool { 9891// pageNum++ 9892// fmt.Println(page) 9893// return pageNum <= 3 9894// }) 9895// 9896func (c *Organizations) ListHandshakesForOrganizationPages(input *ListHandshakesForOrganizationInput, fn func(*ListHandshakesForOrganizationOutput, bool) bool) error { 9897 return c.ListHandshakesForOrganizationPagesWithContext(aws.BackgroundContext(), input, fn) 9898} 9899 9900// ListHandshakesForOrganizationPagesWithContext same as ListHandshakesForOrganizationPages except 9901// it takes a Context and allows setting request options on the pages. 9902// 9903// The context must be non-nil and will be used for request cancellation. If 9904// the context is nil a panic will occur. In the future the SDK may create 9905// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9906// for more information on using Contexts. 9907func (c *Organizations) ListHandshakesForOrganizationPagesWithContext(ctx aws.Context, input *ListHandshakesForOrganizationInput, fn func(*ListHandshakesForOrganizationOutput, bool) bool, opts ...request.Option) error { 9908 p := request.Pagination{ 9909 NewRequest: func() (*request.Request, error) { 9910 var inCpy *ListHandshakesForOrganizationInput 9911 if input != nil { 9912 tmp := *input 9913 inCpy = &tmp 9914 } 9915 req, _ := c.ListHandshakesForOrganizationRequest(inCpy) 9916 req.SetContext(ctx) 9917 req.ApplyOptions(opts...) 9918 return req, nil 9919 }, 9920 } 9921 9922 for p.Next() { 9923 if !fn(p.Page().(*ListHandshakesForOrganizationOutput), !p.HasNextPage()) { 9924 break 9925 } 9926 } 9927 9928 return p.Err() 9929} 9930 9931const opListOrganizationalUnitsForParent = "ListOrganizationalUnitsForParent" 9932 9933// ListOrganizationalUnitsForParentRequest generates a "aws/request.Request" representing the 9934// client's request for the ListOrganizationalUnitsForParent operation. The "output" return 9935// value will be populated with the request's response once the request completes 9936// successfully. 9937// 9938// Use "Send" method on the returned Request to send the API call to the service. 9939// the "output" return value is not valid until after Send returns without error. 9940// 9941// See ListOrganizationalUnitsForParent for more information on using the ListOrganizationalUnitsForParent 9942// API call, and error handling. 9943// 9944// This method is useful when you want to inject custom logic or configuration 9945// into the SDK's request lifecycle. Such as custom headers, or retry logic. 9946// 9947// 9948// // Example sending a request using the ListOrganizationalUnitsForParentRequest method. 9949// req, resp := client.ListOrganizationalUnitsForParentRequest(params) 9950// 9951// err := req.Send() 9952// if err == nil { // resp is now filled 9953// fmt.Println(resp) 9954// } 9955// 9956// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListOrganizationalUnitsForParent 9957func (c *Organizations) ListOrganizationalUnitsForParentRequest(input *ListOrganizationalUnitsForParentInput) (req *request.Request, output *ListOrganizationalUnitsForParentOutput) { 9958 op := &request.Operation{ 9959 Name: opListOrganizationalUnitsForParent, 9960 HTTPMethod: "POST", 9961 HTTPPath: "/", 9962 Paginator: &request.Paginator{ 9963 InputTokens: []string{"NextToken"}, 9964 OutputTokens: []string{"NextToken"}, 9965 LimitToken: "MaxResults", 9966 TruncationToken: "", 9967 }, 9968 } 9969 9970 if input == nil { 9971 input = &ListOrganizationalUnitsForParentInput{} 9972 } 9973 9974 output = &ListOrganizationalUnitsForParentOutput{} 9975 req = c.newRequest(op, input, output) 9976 return 9977} 9978 9979// ListOrganizationalUnitsForParent API operation for AWS Organizations. 9980// 9981// Lists the organizational units (OUs) in a parent organizational unit or root. 9982// 9983// Always check the NextToken response parameter for a null value when calling 9984// a List* operation. These operations can occasionally return an empty set 9985// of results even when there are more results available. The NextToken response 9986// parameter value is null only when there are no more results to display. 9987// 9988// This operation can be called only from the organization's master account 9989// or by a member account that is a delegated administrator for an AWS service. 9990// 9991// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 9992// with awserr.Error's Code and Message methods to get detailed information about 9993// the error. 9994// 9995// See the AWS API reference guide for AWS Organizations's 9996// API operation ListOrganizationalUnitsForParent for usage and error information. 9997// 9998// Returned Error Types: 9999// * AccessDeniedException 10000// You don't have permissions to perform the requested operation. The user or 10001// role that is making the request must have at least one IAM permissions policy 10002// attached that grants the required permissions. For more information, see 10003// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 10004// in the IAM User Guide. 10005// 10006// * AWSOrganizationsNotInUseException 10007// Your account isn't a member of an organization. To make this request, you 10008// must use the credentials of an account that belongs to an organization. 10009// 10010// * InvalidInputException 10011// The requested operation failed because you provided invalid values for one 10012// or more of the request parameters. This exception includes a reason that 10013// contains additional information about the violated limit: 10014// 10015// Some of the reasons in the following list might not be applicable to this 10016// specific API or operation. 10017// 10018// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 10019// can't be modified. 10020// 10021// * INPUT_REQUIRED: You must include a value for all required parameters. 10022// 10023// * INVALID_ENUM: You specified an invalid value. 10024// 10025// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 10026// characters. 10027// 10028// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 10029// at least one invalid value. 10030// 10031// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 10032// from the response to a previous call of the operation. 10033// 10034// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 10035// organization, or email) as a party. 10036// 10037// * INVALID_PATTERN: You provided a value that doesn't match the required 10038// pattern. 10039// 10040// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 10041// match the required pattern. 10042// 10043// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 10044// name can't begin with the reserved prefix AWSServiceRoleFor. 10045// 10046// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 10047// Name (ARN) for the organization. 10048// 10049// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 10050// 10051// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 10052// tag. You can’t add, edit, or delete system tag keys because they're 10053// reserved for AWS use. System tags don’t count against your tags per 10054// resource limit. 10055// 10056// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 10057// for the operation. 10058// 10059// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 10060// than allowed. 10061// 10062// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 10063// value than allowed. 10064// 10065// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 10066// than allowed. 10067// 10068// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 10069// value than allowed. 10070// 10071// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 10072// between entities in the same root. 10073// 10074// * ParentNotFoundException 10075// We can't find a root or OU with the ParentId that you specified. 10076// 10077// * ServiceException 10078// AWS Organizations can't complete your request because of an internal service 10079// error. Try again later. 10080// 10081// * TooManyRequestsException 10082// You have sent too many requests in too short a period of time. The quota 10083// helps protect against denial-of-service attacks. Try again later. 10084// 10085// For information about quotas that affect AWS Organizations, see Quotas for 10086// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 10087// the AWS Organizations User Guide. 10088// 10089// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListOrganizationalUnitsForParent 10090func (c *Organizations) ListOrganizationalUnitsForParent(input *ListOrganizationalUnitsForParentInput) (*ListOrganizationalUnitsForParentOutput, error) { 10091 req, out := c.ListOrganizationalUnitsForParentRequest(input) 10092 return out, req.Send() 10093} 10094 10095// ListOrganizationalUnitsForParentWithContext is the same as ListOrganizationalUnitsForParent with the addition of 10096// the ability to pass a context and additional request options. 10097// 10098// See ListOrganizationalUnitsForParent for details on how to use this API operation. 10099// 10100// The context must be non-nil and will be used for request cancellation. If 10101// the context is nil a panic will occur. In the future the SDK may create 10102// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 10103// for more information on using Contexts. 10104func (c *Organizations) ListOrganizationalUnitsForParentWithContext(ctx aws.Context, input *ListOrganizationalUnitsForParentInput, opts ...request.Option) (*ListOrganizationalUnitsForParentOutput, error) { 10105 req, out := c.ListOrganizationalUnitsForParentRequest(input) 10106 req.SetContext(ctx) 10107 req.ApplyOptions(opts...) 10108 return out, req.Send() 10109} 10110 10111// ListOrganizationalUnitsForParentPages iterates over the pages of a ListOrganizationalUnitsForParent operation, 10112// calling the "fn" function with the response data for each page. To stop 10113// iterating, return false from the fn function. 10114// 10115// See ListOrganizationalUnitsForParent method for more information on how to use this operation. 10116// 10117// Note: This operation can generate multiple requests to a service. 10118// 10119// // Example iterating over at most 3 pages of a ListOrganizationalUnitsForParent operation. 10120// pageNum := 0 10121// err := client.ListOrganizationalUnitsForParentPages(params, 10122// func(page *organizations.ListOrganizationalUnitsForParentOutput, lastPage bool) bool { 10123// pageNum++ 10124// fmt.Println(page) 10125// return pageNum <= 3 10126// }) 10127// 10128func (c *Organizations) ListOrganizationalUnitsForParentPages(input *ListOrganizationalUnitsForParentInput, fn func(*ListOrganizationalUnitsForParentOutput, bool) bool) error { 10129 return c.ListOrganizationalUnitsForParentPagesWithContext(aws.BackgroundContext(), input, fn) 10130} 10131 10132// ListOrganizationalUnitsForParentPagesWithContext same as ListOrganizationalUnitsForParentPages except 10133// it takes a Context and allows setting request options on the pages. 10134// 10135// The context must be non-nil and will be used for request cancellation. If 10136// the context is nil a panic will occur. In the future the SDK may create 10137// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 10138// for more information on using Contexts. 10139func (c *Organizations) ListOrganizationalUnitsForParentPagesWithContext(ctx aws.Context, input *ListOrganizationalUnitsForParentInput, fn func(*ListOrganizationalUnitsForParentOutput, bool) bool, opts ...request.Option) error { 10140 p := request.Pagination{ 10141 NewRequest: func() (*request.Request, error) { 10142 var inCpy *ListOrganizationalUnitsForParentInput 10143 if input != nil { 10144 tmp := *input 10145 inCpy = &tmp 10146 } 10147 req, _ := c.ListOrganizationalUnitsForParentRequest(inCpy) 10148 req.SetContext(ctx) 10149 req.ApplyOptions(opts...) 10150 return req, nil 10151 }, 10152 } 10153 10154 for p.Next() { 10155 if !fn(p.Page().(*ListOrganizationalUnitsForParentOutput), !p.HasNextPage()) { 10156 break 10157 } 10158 } 10159 10160 return p.Err() 10161} 10162 10163const opListParents = "ListParents" 10164 10165// ListParentsRequest generates a "aws/request.Request" representing the 10166// client's request for the ListParents operation. The "output" return 10167// value will be populated with the request's response once the request completes 10168// successfully. 10169// 10170// Use "Send" method on the returned Request to send the API call to the service. 10171// the "output" return value is not valid until after Send returns without error. 10172// 10173// See ListParents for more information on using the ListParents 10174// API call, and error handling. 10175// 10176// This method is useful when you want to inject custom logic or configuration 10177// into the SDK's request lifecycle. Such as custom headers, or retry logic. 10178// 10179// 10180// // Example sending a request using the ListParentsRequest method. 10181// req, resp := client.ListParentsRequest(params) 10182// 10183// err := req.Send() 10184// if err == nil { // resp is now filled 10185// fmt.Println(resp) 10186// } 10187// 10188// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListParents 10189func (c *Organizations) ListParentsRequest(input *ListParentsInput) (req *request.Request, output *ListParentsOutput) { 10190 op := &request.Operation{ 10191 Name: opListParents, 10192 HTTPMethod: "POST", 10193 HTTPPath: "/", 10194 Paginator: &request.Paginator{ 10195 InputTokens: []string{"NextToken"}, 10196 OutputTokens: []string{"NextToken"}, 10197 LimitToken: "MaxResults", 10198 TruncationToken: "", 10199 }, 10200 } 10201 10202 if input == nil { 10203 input = &ListParentsInput{} 10204 } 10205 10206 output = &ListParentsOutput{} 10207 req = c.newRequest(op, input, output) 10208 return 10209} 10210 10211// ListParents API operation for AWS Organizations. 10212// 10213// Lists the root or organizational units (OUs) that serve as the immediate 10214// parent of the specified child OU or account. This operation, along with ListChildren 10215// enables you to traverse the tree structure that makes up this root. 10216// 10217// Always check the NextToken response parameter for a null value when calling 10218// a List* operation. These operations can occasionally return an empty set 10219// of results even when there are more results available. The NextToken response 10220// parameter value is null only when there are no more results to display. 10221// 10222// This operation can be called only from the organization's master account 10223// or by a member account that is a delegated administrator for an AWS service. 10224// 10225// In the current release, a child can have only a single parent. 10226// 10227// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 10228// with awserr.Error's Code and Message methods to get detailed information about 10229// the error. 10230// 10231// See the AWS API reference guide for AWS Organizations's 10232// API operation ListParents for usage and error information. 10233// 10234// Returned Error Types: 10235// * AccessDeniedException 10236// You don't have permissions to perform the requested operation. The user or 10237// role that is making the request must have at least one IAM permissions policy 10238// attached that grants the required permissions. For more information, see 10239// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 10240// in the IAM User Guide. 10241// 10242// * AWSOrganizationsNotInUseException 10243// Your account isn't a member of an organization. To make this request, you 10244// must use the credentials of an account that belongs to an organization. 10245// 10246// * ChildNotFoundException 10247// We can't find an organizational unit (OU) or AWS account with the ChildId 10248// that you specified. 10249// 10250// * InvalidInputException 10251// The requested operation failed because you provided invalid values for one 10252// or more of the request parameters. This exception includes a reason that 10253// contains additional information about the violated limit: 10254// 10255// Some of the reasons in the following list might not be applicable to this 10256// specific API or operation. 10257// 10258// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 10259// can't be modified. 10260// 10261// * INPUT_REQUIRED: You must include a value for all required parameters. 10262// 10263// * INVALID_ENUM: You specified an invalid value. 10264// 10265// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 10266// characters. 10267// 10268// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 10269// at least one invalid value. 10270// 10271// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 10272// from the response to a previous call of the operation. 10273// 10274// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 10275// organization, or email) as a party. 10276// 10277// * INVALID_PATTERN: You provided a value that doesn't match the required 10278// pattern. 10279// 10280// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 10281// match the required pattern. 10282// 10283// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 10284// name can't begin with the reserved prefix AWSServiceRoleFor. 10285// 10286// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 10287// Name (ARN) for the organization. 10288// 10289// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 10290// 10291// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 10292// tag. You can’t add, edit, or delete system tag keys because they're 10293// reserved for AWS use. System tags don’t count against your tags per 10294// resource limit. 10295// 10296// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 10297// for the operation. 10298// 10299// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 10300// than allowed. 10301// 10302// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 10303// value than allowed. 10304// 10305// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 10306// than allowed. 10307// 10308// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 10309// value than allowed. 10310// 10311// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 10312// between entities in the same root. 10313// 10314// * ServiceException 10315// AWS Organizations can't complete your request because of an internal service 10316// error. Try again later. 10317// 10318// * TooManyRequestsException 10319// You have sent too many requests in too short a period of time. The quota 10320// helps protect against denial-of-service attacks. Try again later. 10321// 10322// For information about quotas that affect AWS Organizations, see Quotas for 10323// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 10324// the AWS Organizations User Guide. 10325// 10326// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListParents 10327func (c *Organizations) ListParents(input *ListParentsInput) (*ListParentsOutput, error) { 10328 req, out := c.ListParentsRequest(input) 10329 return out, req.Send() 10330} 10331 10332// ListParentsWithContext is the same as ListParents with the addition of 10333// the ability to pass a context and additional request options. 10334// 10335// See ListParents for details on how to use this API operation. 10336// 10337// The context must be non-nil and will be used for request cancellation. If 10338// the context is nil a panic will occur. In the future the SDK may create 10339// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 10340// for more information on using Contexts. 10341func (c *Organizations) ListParentsWithContext(ctx aws.Context, input *ListParentsInput, opts ...request.Option) (*ListParentsOutput, error) { 10342 req, out := c.ListParentsRequest(input) 10343 req.SetContext(ctx) 10344 req.ApplyOptions(opts...) 10345 return out, req.Send() 10346} 10347 10348// ListParentsPages iterates over the pages of a ListParents operation, 10349// calling the "fn" function with the response data for each page. To stop 10350// iterating, return false from the fn function. 10351// 10352// See ListParents method for more information on how to use this operation. 10353// 10354// Note: This operation can generate multiple requests to a service. 10355// 10356// // Example iterating over at most 3 pages of a ListParents operation. 10357// pageNum := 0 10358// err := client.ListParentsPages(params, 10359// func(page *organizations.ListParentsOutput, lastPage bool) bool { 10360// pageNum++ 10361// fmt.Println(page) 10362// return pageNum <= 3 10363// }) 10364// 10365func (c *Organizations) ListParentsPages(input *ListParentsInput, fn func(*ListParentsOutput, bool) bool) error { 10366 return c.ListParentsPagesWithContext(aws.BackgroundContext(), input, fn) 10367} 10368 10369// ListParentsPagesWithContext same as ListParentsPages except 10370// it takes a Context and allows setting request options on the pages. 10371// 10372// The context must be non-nil and will be used for request cancellation. If 10373// the context is nil a panic will occur. In the future the SDK may create 10374// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 10375// for more information on using Contexts. 10376func (c *Organizations) ListParentsPagesWithContext(ctx aws.Context, input *ListParentsInput, fn func(*ListParentsOutput, bool) bool, opts ...request.Option) error { 10377 p := request.Pagination{ 10378 NewRequest: func() (*request.Request, error) { 10379 var inCpy *ListParentsInput 10380 if input != nil { 10381 tmp := *input 10382 inCpy = &tmp 10383 } 10384 req, _ := c.ListParentsRequest(inCpy) 10385 req.SetContext(ctx) 10386 req.ApplyOptions(opts...) 10387 return req, nil 10388 }, 10389 } 10390 10391 for p.Next() { 10392 if !fn(p.Page().(*ListParentsOutput), !p.HasNextPage()) { 10393 break 10394 } 10395 } 10396 10397 return p.Err() 10398} 10399 10400const opListPolicies = "ListPolicies" 10401 10402// ListPoliciesRequest generates a "aws/request.Request" representing the 10403// client's request for the ListPolicies operation. The "output" return 10404// value will be populated with the request's response once the request completes 10405// successfully. 10406// 10407// Use "Send" method on the returned Request to send the API call to the service. 10408// the "output" return value is not valid until after Send returns without error. 10409// 10410// See ListPolicies for more information on using the ListPolicies 10411// API call, and error handling. 10412// 10413// This method is useful when you want to inject custom logic or configuration 10414// into the SDK's request lifecycle. Such as custom headers, or retry logic. 10415// 10416// 10417// // Example sending a request using the ListPoliciesRequest method. 10418// req, resp := client.ListPoliciesRequest(params) 10419// 10420// err := req.Send() 10421// if err == nil { // resp is now filled 10422// fmt.Println(resp) 10423// } 10424// 10425// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPolicies 10426func (c *Organizations) ListPoliciesRequest(input *ListPoliciesInput) (req *request.Request, output *ListPoliciesOutput) { 10427 op := &request.Operation{ 10428 Name: opListPolicies, 10429 HTTPMethod: "POST", 10430 HTTPPath: "/", 10431 Paginator: &request.Paginator{ 10432 InputTokens: []string{"NextToken"}, 10433 OutputTokens: []string{"NextToken"}, 10434 LimitToken: "MaxResults", 10435 TruncationToken: "", 10436 }, 10437 } 10438 10439 if input == nil { 10440 input = &ListPoliciesInput{} 10441 } 10442 10443 output = &ListPoliciesOutput{} 10444 req = c.newRequest(op, input, output) 10445 return 10446} 10447 10448// ListPolicies API operation for AWS Organizations. 10449// 10450// Retrieves the list of all policies in an organization of a specified type. 10451// 10452// Always check the NextToken response parameter for a null value when calling 10453// a List* operation. These operations can occasionally return an empty set 10454// of results even when there are more results available. The NextToken response 10455// parameter value is null only when there are no more results to display. 10456// 10457// This operation can be called only from the organization's master account 10458// or by a member account that is a delegated administrator for an AWS service. 10459// 10460// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 10461// with awserr.Error's Code and Message methods to get detailed information about 10462// the error. 10463// 10464// See the AWS API reference guide for AWS Organizations's 10465// API operation ListPolicies for usage and error information. 10466// 10467// Returned Error Types: 10468// * AccessDeniedException 10469// You don't have permissions to perform the requested operation. The user or 10470// role that is making the request must have at least one IAM permissions policy 10471// attached that grants the required permissions. For more information, see 10472// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 10473// in the IAM User Guide. 10474// 10475// * AWSOrganizationsNotInUseException 10476// Your account isn't a member of an organization. To make this request, you 10477// must use the credentials of an account that belongs to an organization. 10478// 10479// * InvalidInputException 10480// The requested operation failed because you provided invalid values for one 10481// or more of the request parameters. This exception includes a reason that 10482// contains additional information about the violated limit: 10483// 10484// Some of the reasons in the following list might not be applicable to this 10485// specific API or operation. 10486// 10487// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 10488// can't be modified. 10489// 10490// * INPUT_REQUIRED: You must include a value for all required parameters. 10491// 10492// * INVALID_ENUM: You specified an invalid value. 10493// 10494// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 10495// characters. 10496// 10497// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 10498// at least one invalid value. 10499// 10500// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 10501// from the response to a previous call of the operation. 10502// 10503// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 10504// organization, or email) as a party. 10505// 10506// * INVALID_PATTERN: You provided a value that doesn't match the required 10507// pattern. 10508// 10509// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 10510// match the required pattern. 10511// 10512// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 10513// name can't begin with the reserved prefix AWSServiceRoleFor. 10514// 10515// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 10516// Name (ARN) for the organization. 10517// 10518// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 10519// 10520// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 10521// tag. You can’t add, edit, or delete system tag keys because they're 10522// reserved for AWS use. System tags don’t count against your tags per 10523// resource limit. 10524// 10525// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 10526// for the operation. 10527// 10528// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 10529// than allowed. 10530// 10531// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 10532// value than allowed. 10533// 10534// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 10535// than allowed. 10536// 10537// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 10538// value than allowed. 10539// 10540// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 10541// between entities in the same root. 10542// 10543// * ServiceException 10544// AWS Organizations can't complete your request because of an internal service 10545// error. Try again later. 10546// 10547// * TooManyRequestsException 10548// You have sent too many requests in too short a period of time. The quota 10549// helps protect against denial-of-service attacks. Try again later. 10550// 10551// For information about quotas that affect AWS Organizations, see Quotas for 10552// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 10553// the AWS Organizations User Guide. 10554// 10555// * UnsupportedAPIEndpointException 10556// This action isn't available in the current AWS Region. 10557// 10558// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPolicies 10559func (c *Organizations) ListPolicies(input *ListPoliciesInput) (*ListPoliciesOutput, error) { 10560 req, out := c.ListPoliciesRequest(input) 10561 return out, req.Send() 10562} 10563 10564// ListPoliciesWithContext is the same as ListPolicies with the addition of 10565// the ability to pass a context and additional request options. 10566// 10567// See ListPolicies for details on how to use this API operation. 10568// 10569// The context must be non-nil and will be used for request cancellation. If 10570// the context is nil a panic will occur. In the future the SDK may create 10571// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 10572// for more information on using Contexts. 10573func (c *Organizations) ListPoliciesWithContext(ctx aws.Context, input *ListPoliciesInput, opts ...request.Option) (*ListPoliciesOutput, error) { 10574 req, out := c.ListPoliciesRequest(input) 10575 req.SetContext(ctx) 10576 req.ApplyOptions(opts...) 10577 return out, req.Send() 10578} 10579 10580// ListPoliciesPages iterates over the pages of a ListPolicies operation, 10581// calling the "fn" function with the response data for each page. To stop 10582// iterating, return false from the fn function. 10583// 10584// See ListPolicies method for more information on how to use this operation. 10585// 10586// Note: This operation can generate multiple requests to a service. 10587// 10588// // Example iterating over at most 3 pages of a ListPolicies operation. 10589// pageNum := 0 10590// err := client.ListPoliciesPages(params, 10591// func(page *organizations.ListPoliciesOutput, lastPage bool) bool { 10592// pageNum++ 10593// fmt.Println(page) 10594// return pageNum <= 3 10595// }) 10596// 10597func (c *Organizations) ListPoliciesPages(input *ListPoliciesInput, fn func(*ListPoliciesOutput, bool) bool) error { 10598 return c.ListPoliciesPagesWithContext(aws.BackgroundContext(), input, fn) 10599} 10600 10601// ListPoliciesPagesWithContext same as ListPoliciesPages except 10602// it takes a Context and allows setting request options on the pages. 10603// 10604// The context must be non-nil and will be used for request cancellation. If 10605// the context is nil a panic will occur. In the future the SDK may create 10606// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 10607// for more information on using Contexts. 10608func (c *Organizations) ListPoliciesPagesWithContext(ctx aws.Context, input *ListPoliciesInput, fn func(*ListPoliciesOutput, bool) bool, opts ...request.Option) error { 10609 p := request.Pagination{ 10610 NewRequest: func() (*request.Request, error) { 10611 var inCpy *ListPoliciesInput 10612 if input != nil { 10613 tmp := *input 10614 inCpy = &tmp 10615 } 10616 req, _ := c.ListPoliciesRequest(inCpy) 10617 req.SetContext(ctx) 10618 req.ApplyOptions(opts...) 10619 return req, nil 10620 }, 10621 } 10622 10623 for p.Next() { 10624 if !fn(p.Page().(*ListPoliciesOutput), !p.HasNextPage()) { 10625 break 10626 } 10627 } 10628 10629 return p.Err() 10630} 10631 10632const opListPoliciesForTarget = "ListPoliciesForTarget" 10633 10634// ListPoliciesForTargetRequest generates a "aws/request.Request" representing the 10635// client's request for the ListPoliciesForTarget operation. The "output" return 10636// value will be populated with the request's response once the request completes 10637// successfully. 10638// 10639// Use "Send" method on the returned Request to send the API call to the service. 10640// the "output" return value is not valid until after Send returns without error. 10641// 10642// See ListPoliciesForTarget for more information on using the ListPoliciesForTarget 10643// API call, and error handling. 10644// 10645// This method is useful when you want to inject custom logic or configuration 10646// into the SDK's request lifecycle. Such as custom headers, or retry logic. 10647// 10648// 10649// // Example sending a request using the ListPoliciesForTargetRequest method. 10650// req, resp := client.ListPoliciesForTargetRequest(params) 10651// 10652// err := req.Send() 10653// if err == nil { // resp is now filled 10654// fmt.Println(resp) 10655// } 10656// 10657// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPoliciesForTarget 10658func (c *Organizations) ListPoliciesForTargetRequest(input *ListPoliciesForTargetInput) (req *request.Request, output *ListPoliciesForTargetOutput) { 10659 op := &request.Operation{ 10660 Name: opListPoliciesForTarget, 10661 HTTPMethod: "POST", 10662 HTTPPath: "/", 10663 Paginator: &request.Paginator{ 10664 InputTokens: []string{"NextToken"}, 10665 OutputTokens: []string{"NextToken"}, 10666 LimitToken: "MaxResults", 10667 TruncationToken: "", 10668 }, 10669 } 10670 10671 if input == nil { 10672 input = &ListPoliciesForTargetInput{} 10673 } 10674 10675 output = &ListPoliciesForTargetOutput{} 10676 req = c.newRequest(op, input, output) 10677 return 10678} 10679 10680// ListPoliciesForTarget API operation for AWS Organizations. 10681// 10682// Lists the policies that are directly attached to the specified target root, 10683// organizational unit (OU), or account. You must specify the policy type that 10684// you want included in the returned list. 10685// 10686// Always check the NextToken response parameter for a null value when calling 10687// a List* operation. These operations can occasionally return an empty set 10688// of results even when there are more results available. The NextToken response 10689// parameter value is null only when there are no more results to display. 10690// 10691// This operation can be called only from the organization's master account 10692// or by a member account that is a delegated administrator for an AWS service. 10693// 10694// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 10695// with awserr.Error's Code and Message methods to get detailed information about 10696// the error. 10697// 10698// See the AWS API reference guide for AWS Organizations's 10699// API operation ListPoliciesForTarget for usage and error information. 10700// 10701// Returned Error Types: 10702// * AccessDeniedException 10703// You don't have permissions to perform the requested operation. The user or 10704// role that is making the request must have at least one IAM permissions policy 10705// attached that grants the required permissions. For more information, see 10706// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 10707// in the IAM User Guide. 10708// 10709// * AWSOrganizationsNotInUseException 10710// Your account isn't a member of an organization. To make this request, you 10711// must use the credentials of an account that belongs to an organization. 10712// 10713// * InvalidInputException 10714// The requested operation failed because you provided invalid values for one 10715// or more of the request parameters. This exception includes a reason that 10716// contains additional information about the violated limit: 10717// 10718// Some of the reasons in the following list might not be applicable to this 10719// specific API or operation. 10720// 10721// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 10722// can't be modified. 10723// 10724// * INPUT_REQUIRED: You must include a value for all required parameters. 10725// 10726// * INVALID_ENUM: You specified an invalid value. 10727// 10728// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 10729// characters. 10730// 10731// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 10732// at least one invalid value. 10733// 10734// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 10735// from the response to a previous call of the operation. 10736// 10737// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 10738// organization, or email) as a party. 10739// 10740// * INVALID_PATTERN: You provided a value that doesn't match the required 10741// pattern. 10742// 10743// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 10744// match the required pattern. 10745// 10746// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 10747// name can't begin with the reserved prefix AWSServiceRoleFor. 10748// 10749// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 10750// Name (ARN) for the organization. 10751// 10752// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 10753// 10754// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 10755// tag. You can’t add, edit, or delete system tag keys because they're 10756// reserved for AWS use. System tags don’t count against your tags per 10757// resource limit. 10758// 10759// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 10760// for the operation. 10761// 10762// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 10763// than allowed. 10764// 10765// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 10766// value than allowed. 10767// 10768// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 10769// than allowed. 10770// 10771// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 10772// value than allowed. 10773// 10774// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 10775// between entities in the same root. 10776// 10777// * ServiceException 10778// AWS Organizations can't complete your request because of an internal service 10779// error. Try again later. 10780// 10781// * TargetNotFoundException 10782// We can't find a root, OU, or account with the TargetId that you specified. 10783// 10784// * TooManyRequestsException 10785// You have sent too many requests in too short a period of time. The quota 10786// helps protect against denial-of-service attacks. Try again later. 10787// 10788// For information about quotas that affect AWS Organizations, see Quotas for 10789// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 10790// the AWS Organizations User Guide. 10791// 10792// * UnsupportedAPIEndpointException 10793// This action isn't available in the current AWS Region. 10794// 10795// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPoliciesForTarget 10796func (c *Organizations) ListPoliciesForTarget(input *ListPoliciesForTargetInput) (*ListPoliciesForTargetOutput, error) { 10797 req, out := c.ListPoliciesForTargetRequest(input) 10798 return out, req.Send() 10799} 10800 10801// ListPoliciesForTargetWithContext is the same as ListPoliciesForTarget with the addition of 10802// the ability to pass a context and additional request options. 10803// 10804// See ListPoliciesForTarget for details on how to use this API operation. 10805// 10806// The context must be non-nil and will be used for request cancellation. If 10807// the context is nil a panic will occur. In the future the SDK may create 10808// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 10809// for more information on using Contexts. 10810func (c *Organizations) ListPoliciesForTargetWithContext(ctx aws.Context, input *ListPoliciesForTargetInput, opts ...request.Option) (*ListPoliciesForTargetOutput, error) { 10811 req, out := c.ListPoliciesForTargetRequest(input) 10812 req.SetContext(ctx) 10813 req.ApplyOptions(opts...) 10814 return out, req.Send() 10815} 10816 10817// ListPoliciesForTargetPages iterates over the pages of a ListPoliciesForTarget operation, 10818// calling the "fn" function with the response data for each page. To stop 10819// iterating, return false from the fn function. 10820// 10821// See ListPoliciesForTarget method for more information on how to use this operation. 10822// 10823// Note: This operation can generate multiple requests to a service. 10824// 10825// // Example iterating over at most 3 pages of a ListPoliciesForTarget operation. 10826// pageNum := 0 10827// err := client.ListPoliciesForTargetPages(params, 10828// func(page *organizations.ListPoliciesForTargetOutput, lastPage bool) bool { 10829// pageNum++ 10830// fmt.Println(page) 10831// return pageNum <= 3 10832// }) 10833// 10834func (c *Organizations) ListPoliciesForTargetPages(input *ListPoliciesForTargetInput, fn func(*ListPoliciesForTargetOutput, bool) bool) error { 10835 return c.ListPoliciesForTargetPagesWithContext(aws.BackgroundContext(), input, fn) 10836} 10837 10838// ListPoliciesForTargetPagesWithContext same as ListPoliciesForTargetPages except 10839// it takes a Context and allows setting request options on the pages. 10840// 10841// The context must be non-nil and will be used for request cancellation. If 10842// the context is nil a panic will occur. In the future the SDK may create 10843// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 10844// for more information on using Contexts. 10845func (c *Organizations) ListPoliciesForTargetPagesWithContext(ctx aws.Context, input *ListPoliciesForTargetInput, fn func(*ListPoliciesForTargetOutput, bool) bool, opts ...request.Option) error { 10846 p := request.Pagination{ 10847 NewRequest: func() (*request.Request, error) { 10848 var inCpy *ListPoliciesForTargetInput 10849 if input != nil { 10850 tmp := *input 10851 inCpy = &tmp 10852 } 10853 req, _ := c.ListPoliciesForTargetRequest(inCpy) 10854 req.SetContext(ctx) 10855 req.ApplyOptions(opts...) 10856 return req, nil 10857 }, 10858 } 10859 10860 for p.Next() { 10861 if !fn(p.Page().(*ListPoliciesForTargetOutput), !p.HasNextPage()) { 10862 break 10863 } 10864 } 10865 10866 return p.Err() 10867} 10868 10869const opListRoots = "ListRoots" 10870 10871// ListRootsRequest generates a "aws/request.Request" representing the 10872// client's request for the ListRoots operation. The "output" return 10873// value will be populated with the request's response once the request completes 10874// successfully. 10875// 10876// Use "Send" method on the returned Request to send the API call to the service. 10877// the "output" return value is not valid until after Send returns without error. 10878// 10879// See ListRoots for more information on using the ListRoots 10880// API call, and error handling. 10881// 10882// This method is useful when you want to inject custom logic or configuration 10883// into the SDK's request lifecycle. Such as custom headers, or retry logic. 10884// 10885// 10886// // Example sending a request using the ListRootsRequest method. 10887// req, resp := client.ListRootsRequest(params) 10888// 10889// err := req.Send() 10890// if err == nil { // resp is now filled 10891// fmt.Println(resp) 10892// } 10893// 10894// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListRoots 10895func (c *Organizations) ListRootsRequest(input *ListRootsInput) (req *request.Request, output *ListRootsOutput) { 10896 op := &request.Operation{ 10897 Name: opListRoots, 10898 HTTPMethod: "POST", 10899 HTTPPath: "/", 10900 Paginator: &request.Paginator{ 10901 InputTokens: []string{"NextToken"}, 10902 OutputTokens: []string{"NextToken"}, 10903 LimitToken: "MaxResults", 10904 TruncationToken: "", 10905 }, 10906 } 10907 10908 if input == nil { 10909 input = &ListRootsInput{} 10910 } 10911 10912 output = &ListRootsOutput{} 10913 req = c.newRequest(op, input, output) 10914 return 10915} 10916 10917// ListRoots API operation for AWS Organizations. 10918// 10919// Lists the roots that are defined in the current organization. 10920// 10921// Always check the NextToken response parameter for a null value when calling 10922// a List* operation. These operations can occasionally return an empty set 10923// of results even when there are more results available. The NextToken response 10924// parameter value is null only when there are no more results to display. 10925// 10926// This operation can be called only from the organization's master account 10927// or by a member account that is a delegated administrator for an AWS service. 10928// 10929// Policy types can be enabled and disabled in roots. This is distinct from 10930// whether they're available in the organization. When you enable all features, 10931// you make policy types available for use in that organization. Individual 10932// policy types can then be enabled and disabled in a root. To see the availability 10933// of a policy type in an organization, use DescribeOrganization. 10934// 10935// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 10936// with awserr.Error's Code and Message methods to get detailed information about 10937// the error. 10938// 10939// See the AWS API reference guide for AWS Organizations's 10940// API operation ListRoots for usage and error information. 10941// 10942// Returned Error Types: 10943// * AccessDeniedException 10944// You don't have permissions to perform the requested operation. The user or 10945// role that is making the request must have at least one IAM permissions policy 10946// attached that grants the required permissions. For more information, see 10947// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 10948// in the IAM User Guide. 10949// 10950// * AWSOrganizationsNotInUseException 10951// Your account isn't a member of an organization. To make this request, you 10952// must use the credentials of an account that belongs to an organization. 10953// 10954// * InvalidInputException 10955// The requested operation failed because you provided invalid values for one 10956// or more of the request parameters. This exception includes a reason that 10957// contains additional information about the violated limit: 10958// 10959// Some of the reasons in the following list might not be applicable to this 10960// specific API or operation. 10961// 10962// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 10963// can't be modified. 10964// 10965// * INPUT_REQUIRED: You must include a value for all required parameters. 10966// 10967// * INVALID_ENUM: You specified an invalid value. 10968// 10969// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 10970// characters. 10971// 10972// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 10973// at least one invalid value. 10974// 10975// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 10976// from the response to a previous call of the operation. 10977// 10978// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 10979// organization, or email) as a party. 10980// 10981// * INVALID_PATTERN: You provided a value that doesn't match the required 10982// pattern. 10983// 10984// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 10985// match the required pattern. 10986// 10987// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 10988// name can't begin with the reserved prefix AWSServiceRoleFor. 10989// 10990// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 10991// Name (ARN) for the organization. 10992// 10993// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 10994// 10995// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 10996// tag. You can’t add, edit, or delete system tag keys because they're 10997// reserved for AWS use. System tags don’t count against your tags per 10998// resource limit. 10999// 11000// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 11001// for the operation. 11002// 11003// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 11004// than allowed. 11005// 11006// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 11007// value than allowed. 11008// 11009// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 11010// than allowed. 11011// 11012// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 11013// value than allowed. 11014// 11015// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 11016// between entities in the same root. 11017// 11018// * ServiceException 11019// AWS Organizations can't complete your request because of an internal service 11020// error. Try again later. 11021// 11022// * TooManyRequestsException 11023// You have sent too many requests in too short a period of time. The quota 11024// helps protect against denial-of-service attacks. Try again later. 11025// 11026// For information about quotas that affect AWS Organizations, see Quotas for 11027// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 11028// the AWS Organizations User Guide. 11029// 11030// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListRoots 11031func (c *Organizations) ListRoots(input *ListRootsInput) (*ListRootsOutput, error) { 11032 req, out := c.ListRootsRequest(input) 11033 return out, req.Send() 11034} 11035 11036// ListRootsWithContext is the same as ListRoots with the addition of 11037// the ability to pass a context and additional request options. 11038// 11039// See ListRoots for details on how to use this API operation. 11040// 11041// The context must be non-nil and will be used for request cancellation. If 11042// the context is nil a panic will occur. In the future the SDK may create 11043// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 11044// for more information on using Contexts. 11045func (c *Organizations) ListRootsWithContext(ctx aws.Context, input *ListRootsInput, opts ...request.Option) (*ListRootsOutput, error) { 11046 req, out := c.ListRootsRequest(input) 11047 req.SetContext(ctx) 11048 req.ApplyOptions(opts...) 11049 return out, req.Send() 11050} 11051 11052// ListRootsPages iterates over the pages of a ListRoots operation, 11053// calling the "fn" function with the response data for each page. To stop 11054// iterating, return false from the fn function. 11055// 11056// See ListRoots method for more information on how to use this operation. 11057// 11058// Note: This operation can generate multiple requests to a service. 11059// 11060// // Example iterating over at most 3 pages of a ListRoots operation. 11061// pageNum := 0 11062// err := client.ListRootsPages(params, 11063// func(page *organizations.ListRootsOutput, lastPage bool) bool { 11064// pageNum++ 11065// fmt.Println(page) 11066// return pageNum <= 3 11067// }) 11068// 11069func (c *Organizations) ListRootsPages(input *ListRootsInput, fn func(*ListRootsOutput, bool) bool) error { 11070 return c.ListRootsPagesWithContext(aws.BackgroundContext(), input, fn) 11071} 11072 11073// ListRootsPagesWithContext same as ListRootsPages except 11074// it takes a Context and allows setting request options on the pages. 11075// 11076// The context must be non-nil and will be used for request cancellation. If 11077// the context is nil a panic will occur. In the future the SDK may create 11078// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 11079// for more information on using Contexts. 11080func (c *Organizations) ListRootsPagesWithContext(ctx aws.Context, input *ListRootsInput, fn func(*ListRootsOutput, bool) bool, opts ...request.Option) error { 11081 p := request.Pagination{ 11082 NewRequest: func() (*request.Request, error) { 11083 var inCpy *ListRootsInput 11084 if input != nil { 11085 tmp := *input 11086 inCpy = &tmp 11087 } 11088 req, _ := c.ListRootsRequest(inCpy) 11089 req.SetContext(ctx) 11090 req.ApplyOptions(opts...) 11091 return req, nil 11092 }, 11093 } 11094 11095 for p.Next() { 11096 if !fn(p.Page().(*ListRootsOutput), !p.HasNextPage()) { 11097 break 11098 } 11099 } 11100 11101 return p.Err() 11102} 11103 11104const opListTagsForResource = "ListTagsForResource" 11105 11106// ListTagsForResourceRequest generates a "aws/request.Request" representing the 11107// client's request for the ListTagsForResource operation. The "output" return 11108// value will be populated with the request's response once the request completes 11109// successfully. 11110// 11111// Use "Send" method on the returned Request to send the API call to the service. 11112// the "output" return value is not valid until after Send returns without error. 11113// 11114// See ListTagsForResource for more information on using the ListTagsForResource 11115// API call, and error handling. 11116// 11117// This method is useful when you want to inject custom logic or configuration 11118// into the SDK's request lifecycle. Such as custom headers, or retry logic. 11119// 11120// 11121// // Example sending a request using the ListTagsForResourceRequest method. 11122// req, resp := client.ListTagsForResourceRequest(params) 11123// 11124// err := req.Send() 11125// if err == nil { // resp is now filled 11126// fmt.Println(resp) 11127// } 11128// 11129// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTagsForResource 11130func (c *Organizations) ListTagsForResourceRequest(input *ListTagsForResourceInput) (req *request.Request, output *ListTagsForResourceOutput) { 11131 op := &request.Operation{ 11132 Name: opListTagsForResource, 11133 HTTPMethod: "POST", 11134 HTTPPath: "/", 11135 Paginator: &request.Paginator{ 11136 InputTokens: []string{"NextToken"}, 11137 OutputTokens: []string{"NextToken"}, 11138 LimitToken: "", 11139 TruncationToken: "", 11140 }, 11141 } 11142 11143 if input == nil { 11144 input = &ListTagsForResourceInput{} 11145 } 11146 11147 output = &ListTagsForResourceOutput{} 11148 req = c.newRequest(op, input, output) 11149 return 11150} 11151 11152// ListTagsForResource API operation for AWS Organizations. 11153// 11154// Lists tags for the specified resource. 11155// 11156// Currently, you can list tags on an account in AWS Organizations. 11157// 11158// This operation can be called only from the organization's master account 11159// or by a member account that is a delegated administrator for an AWS service. 11160// 11161// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 11162// with awserr.Error's Code and Message methods to get detailed information about 11163// the error. 11164// 11165// See the AWS API reference guide for AWS Organizations's 11166// API operation ListTagsForResource for usage and error information. 11167// 11168// Returned Error Types: 11169// * AccessDeniedException 11170// You don't have permissions to perform the requested operation. The user or 11171// role that is making the request must have at least one IAM permissions policy 11172// attached that grants the required permissions. For more information, see 11173// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 11174// in the IAM User Guide. 11175// 11176// * AWSOrganizationsNotInUseException 11177// Your account isn't a member of an organization. To make this request, you 11178// must use the credentials of an account that belongs to an organization. 11179// 11180// * TargetNotFoundException 11181// We can't find a root, OU, or account with the TargetId that you specified. 11182// 11183// * InvalidInputException 11184// The requested operation failed because you provided invalid values for one 11185// or more of the request parameters. This exception includes a reason that 11186// contains additional information about the violated limit: 11187// 11188// Some of the reasons in the following list might not be applicable to this 11189// specific API or operation. 11190// 11191// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 11192// can't be modified. 11193// 11194// * INPUT_REQUIRED: You must include a value for all required parameters. 11195// 11196// * INVALID_ENUM: You specified an invalid value. 11197// 11198// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 11199// characters. 11200// 11201// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 11202// at least one invalid value. 11203// 11204// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 11205// from the response to a previous call of the operation. 11206// 11207// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 11208// organization, or email) as a party. 11209// 11210// * INVALID_PATTERN: You provided a value that doesn't match the required 11211// pattern. 11212// 11213// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 11214// match the required pattern. 11215// 11216// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 11217// name can't begin with the reserved prefix AWSServiceRoleFor. 11218// 11219// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 11220// Name (ARN) for the organization. 11221// 11222// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 11223// 11224// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 11225// tag. You can’t add, edit, or delete system tag keys because they're 11226// reserved for AWS use. System tags don’t count against your tags per 11227// resource limit. 11228// 11229// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 11230// for the operation. 11231// 11232// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 11233// than allowed. 11234// 11235// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 11236// value than allowed. 11237// 11238// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 11239// than allowed. 11240// 11241// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 11242// value than allowed. 11243// 11244// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 11245// between entities in the same root. 11246// 11247// * ServiceException 11248// AWS Organizations can't complete your request because of an internal service 11249// error. Try again later. 11250// 11251// * TooManyRequestsException 11252// You have sent too many requests in too short a period of time. The quota 11253// helps protect against denial-of-service attacks. Try again later. 11254// 11255// For information about quotas that affect AWS Organizations, see Quotas for 11256// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 11257// the AWS Organizations User Guide. 11258// 11259// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTagsForResource 11260func (c *Organizations) ListTagsForResource(input *ListTagsForResourceInput) (*ListTagsForResourceOutput, error) { 11261 req, out := c.ListTagsForResourceRequest(input) 11262 return out, req.Send() 11263} 11264 11265// ListTagsForResourceWithContext is the same as ListTagsForResource with the addition of 11266// the ability to pass a context and additional request options. 11267// 11268// See ListTagsForResource for details on how to use this API operation. 11269// 11270// The context must be non-nil and will be used for request cancellation. If 11271// the context is nil a panic will occur. In the future the SDK may create 11272// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 11273// for more information on using Contexts. 11274func (c *Organizations) ListTagsForResourceWithContext(ctx aws.Context, input *ListTagsForResourceInput, opts ...request.Option) (*ListTagsForResourceOutput, error) { 11275 req, out := c.ListTagsForResourceRequest(input) 11276 req.SetContext(ctx) 11277 req.ApplyOptions(opts...) 11278 return out, req.Send() 11279} 11280 11281// ListTagsForResourcePages iterates over the pages of a ListTagsForResource operation, 11282// calling the "fn" function with the response data for each page. To stop 11283// iterating, return false from the fn function. 11284// 11285// See ListTagsForResource method for more information on how to use this operation. 11286// 11287// Note: This operation can generate multiple requests to a service. 11288// 11289// // Example iterating over at most 3 pages of a ListTagsForResource operation. 11290// pageNum := 0 11291// err := client.ListTagsForResourcePages(params, 11292// func(page *organizations.ListTagsForResourceOutput, lastPage bool) bool { 11293// pageNum++ 11294// fmt.Println(page) 11295// return pageNum <= 3 11296// }) 11297// 11298func (c *Organizations) ListTagsForResourcePages(input *ListTagsForResourceInput, fn func(*ListTagsForResourceOutput, bool) bool) error { 11299 return c.ListTagsForResourcePagesWithContext(aws.BackgroundContext(), input, fn) 11300} 11301 11302// ListTagsForResourcePagesWithContext same as ListTagsForResourcePages except 11303// it takes a Context and allows setting request options on the pages. 11304// 11305// The context must be non-nil and will be used for request cancellation. If 11306// the context is nil a panic will occur. In the future the SDK may create 11307// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 11308// for more information on using Contexts. 11309func (c *Organizations) ListTagsForResourcePagesWithContext(ctx aws.Context, input *ListTagsForResourceInput, fn func(*ListTagsForResourceOutput, bool) bool, opts ...request.Option) error { 11310 p := request.Pagination{ 11311 NewRequest: func() (*request.Request, error) { 11312 var inCpy *ListTagsForResourceInput 11313 if input != nil { 11314 tmp := *input 11315 inCpy = &tmp 11316 } 11317 req, _ := c.ListTagsForResourceRequest(inCpy) 11318 req.SetContext(ctx) 11319 req.ApplyOptions(opts...) 11320 return req, nil 11321 }, 11322 } 11323 11324 for p.Next() { 11325 if !fn(p.Page().(*ListTagsForResourceOutput), !p.HasNextPage()) { 11326 break 11327 } 11328 } 11329 11330 return p.Err() 11331} 11332 11333const opListTargetsForPolicy = "ListTargetsForPolicy" 11334 11335// ListTargetsForPolicyRequest generates a "aws/request.Request" representing the 11336// client's request for the ListTargetsForPolicy operation. The "output" return 11337// value will be populated with the request's response once the request completes 11338// successfully. 11339// 11340// Use "Send" method on the returned Request to send the API call to the service. 11341// the "output" return value is not valid until after Send returns without error. 11342// 11343// See ListTargetsForPolicy for more information on using the ListTargetsForPolicy 11344// API call, and error handling. 11345// 11346// This method is useful when you want to inject custom logic or configuration 11347// into the SDK's request lifecycle. Such as custom headers, or retry logic. 11348// 11349// 11350// // Example sending a request using the ListTargetsForPolicyRequest method. 11351// req, resp := client.ListTargetsForPolicyRequest(params) 11352// 11353// err := req.Send() 11354// if err == nil { // resp is now filled 11355// fmt.Println(resp) 11356// } 11357// 11358// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTargetsForPolicy 11359func (c *Organizations) ListTargetsForPolicyRequest(input *ListTargetsForPolicyInput) (req *request.Request, output *ListTargetsForPolicyOutput) { 11360 op := &request.Operation{ 11361 Name: opListTargetsForPolicy, 11362 HTTPMethod: "POST", 11363 HTTPPath: "/", 11364 Paginator: &request.Paginator{ 11365 InputTokens: []string{"NextToken"}, 11366 OutputTokens: []string{"NextToken"}, 11367 LimitToken: "MaxResults", 11368 TruncationToken: "", 11369 }, 11370 } 11371 11372 if input == nil { 11373 input = &ListTargetsForPolicyInput{} 11374 } 11375 11376 output = &ListTargetsForPolicyOutput{} 11377 req = c.newRequest(op, input, output) 11378 return 11379} 11380 11381// ListTargetsForPolicy API operation for AWS Organizations. 11382// 11383// Lists all the roots, organizational units (OUs), and accounts that the specified 11384// policy is attached to. 11385// 11386// Always check the NextToken response parameter for a null value when calling 11387// a List* operation. These operations can occasionally return an empty set 11388// of results even when there are more results available. The NextToken response 11389// parameter value is null only when there are no more results to display. 11390// 11391// This operation can be called only from the organization's master account 11392// or by a member account that is a delegated administrator for an AWS service. 11393// 11394// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 11395// with awserr.Error's Code and Message methods to get detailed information about 11396// the error. 11397// 11398// See the AWS API reference guide for AWS Organizations's 11399// API operation ListTargetsForPolicy for usage and error information. 11400// 11401// Returned Error Types: 11402// * AccessDeniedException 11403// You don't have permissions to perform the requested operation. The user or 11404// role that is making the request must have at least one IAM permissions policy 11405// attached that grants the required permissions. For more information, see 11406// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 11407// in the IAM User Guide. 11408// 11409// * AWSOrganizationsNotInUseException 11410// Your account isn't a member of an organization. To make this request, you 11411// must use the credentials of an account that belongs to an organization. 11412// 11413// * InvalidInputException 11414// The requested operation failed because you provided invalid values for one 11415// or more of the request parameters. This exception includes a reason that 11416// contains additional information about the violated limit: 11417// 11418// Some of the reasons in the following list might not be applicable to this 11419// specific API or operation. 11420// 11421// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 11422// can't be modified. 11423// 11424// * INPUT_REQUIRED: You must include a value for all required parameters. 11425// 11426// * INVALID_ENUM: You specified an invalid value. 11427// 11428// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 11429// characters. 11430// 11431// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 11432// at least one invalid value. 11433// 11434// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 11435// from the response to a previous call of the operation. 11436// 11437// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 11438// organization, or email) as a party. 11439// 11440// * INVALID_PATTERN: You provided a value that doesn't match the required 11441// pattern. 11442// 11443// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 11444// match the required pattern. 11445// 11446// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 11447// name can't begin with the reserved prefix AWSServiceRoleFor. 11448// 11449// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 11450// Name (ARN) for the organization. 11451// 11452// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 11453// 11454// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 11455// tag. You can’t add, edit, or delete system tag keys because they're 11456// reserved for AWS use. System tags don’t count against your tags per 11457// resource limit. 11458// 11459// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 11460// for the operation. 11461// 11462// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 11463// than allowed. 11464// 11465// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 11466// value than allowed. 11467// 11468// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 11469// than allowed. 11470// 11471// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 11472// value than allowed. 11473// 11474// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 11475// between entities in the same root. 11476// 11477// * PolicyNotFoundException 11478// We can't find a policy with the PolicyId that you specified. 11479// 11480// * ServiceException 11481// AWS Organizations can't complete your request because of an internal service 11482// error. Try again later. 11483// 11484// * TooManyRequestsException 11485// You have sent too many requests in too short a period of time. The quota 11486// helps protect against denial-of-service attacks. Try again later. 11487// 11488// For information about quotas that affect AWS Organizations, see Quotas for 11489// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 11490// the AWS Organizations User Guide. 11491// 11492// * UnsupportedAPIEndpointException 11493// This action isn't available in the current AWS Region. 11494// 11495// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTargetsForPolicy 11496func (c *Organizations) ListTargetsForPolicy(input *ListTargetsForPolicyInput) (*ListTargetsForPolicyOutput, error) { 11497 req, out := c.ListTargetsForPolicyRequest(input) 11498 return out, req.Send() 11499} 11500 11501// ListTargetsForPolicyWithContext is the same as ListTargetsForPolicy with the addition of 11502// the ability to pass a context and additional request options. 11503// 11504// See ListTargetsForPolicy for details on how to use this API operation. 11505// 11506// The context must be non-nil and will be used for request cancellation. If 11507// the context is nil a panic will occur. In the future the SDK may create 11508// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 11509// for more information on using Contexts. 11510func (c *Organizations) ListTargetsForPolicyWithContext(ctx aws.Context, input *ListTargetsForPolicyInput, opts ...request.Option) (*ListTargetsForPolicyOutput, error) { 11511 req, out := c.ListTargetsForPolicyRequest(input) 11512 req.SetContext(ctx) 11513 req.ApplyOptions(opts...) 11514 return out, req.Send() 11515} 11516 11517// ListTargetsForPolicyPages iterates over the pages of a ListTargetsForPolicy operation, 11518// calling the "fn" function with the response data for each page. To stop 11519// iterating, return false from the fn function. 11520// 11521// See ListTargetsForPolicy method for more information on how to use this operation. 11522// 11523// Note: This operation can generate multiple requests to a service. 11524// 11525// // Example iterating over at most 3 pages of a ListTargetsForPolicy operation. 11526// pageNum := 0 11527// err := client.ListTargetsForPolicyPages(params, 11528// func(page *organizations.ListTargetsForPolicyOutput, lastPage bool) bool { 11529// pageNum++ 11530// fmt.Println(page) 11531// return pageNum <= 3 11532// }) 11533// 11534func (c *Organizations) ListTargetsForPolicyPages(input *ListTargetsForPolicyInput, fn func(*ListTargetsForPolicyOutput, bool) bool) error { 11535 return c.ListTargetsForPolicyPagesWithContext(aws.BackgroundContext(), input, fn) 11536} 11537 11538// ListTargetsForPolicyPagesWithContext same as ListTargetsForPolicyPages except 11539// it takes a Context and allows setting request options on the pages. 11540// 11541// The context must be non-nil and will be used for request cancellation. If 11542// the context is nil a panic will occur. In the future the SDK may create 11543// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 11544// for more information on using Contexts. 11545func (c *Organizations) ListTargetsForPolicyPagesWithContext(ctx aws.Context, input *ListTargetsForPolicyInput, fn func(*ListTargetsForPolicyOutput, bool) bool, opts ...request.Option) error { 11546 p := request.Pagination{ 11547 NewRequest: func() (*request.Request, error) { 11548 var inCpy *ListTargetsForPolicyInput 11549 if input != nil { 11550 tmp := *input 11551 inCpy = &tmp 11552 } 11553 req, _ := c.ListTargetsForPolicyRequest(inCpy) 11554 req.SetContext(ctx) 11555 req.ApplyOptions(opts...) 11556 return req, nil 11557 }, 11558 } 11559 11560 for p.Next() { 11561 if !fn(p.Page().(*ListTargetsForPolicyOutput), !p.HasNextPage()) { 11562 break 11563 } 11564 } 11565 11566 return p.Err() 11567} 11568 11569const opMoveAccount = "MoveAccount" 11570 11571// MoveAccountRequest generates a "aws/request.Request" representing the 11572// client's request for the MoveAccount operation. The "output" return 11573// value will be populated with the request's response once the request completes 11574// successfully. 11575// 11576// Use "Send" method on the returned Request to send the API call to the service. 11577// the "output" return value is not valid until after Send returns without error. 11578// 11579// See MoveAccount for more information on using the MoveAccount 11580// API call, and error handling. 11581// 11582// This method is useful when you want to inject custom logic or configuration 11583// into the SDK's request lifecycle. Such as custom headers, or retry logic. 11584// 11585// 11586// // Example sending a request using the MoveAccountRequest method. 11587// req, resp := client.MoveAccountRequest(params) 11588// 11589// err := req.Send() 11590// if err == nil { // resp is now filled 11591// fmt.Println(resp) 11592// } 11593// 11594// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/MoveAccount 11595func (c *Organizations) MoveAccountRequest(input *MoveAccountInput) (req *request.Request, output *MoveAccountOutput) { 11596 op := &request.Operation{ 11597 Name: opMoveAccount, 11598 HTTPMethod: "POST", 11599 HTTPPath: "/", 11600 } 11601 11602 if input == nil { 11603 input = &MoveAccountInput{} 11604 } 11605 11606 output = &MoveAccountOutput{} 11607 req = c.newRequest(op, input, output) 11608 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 11609 return 11610} 11611 11612// MoveAccount API operation for AWS Organizations. 11613// 11614// Moves an account from its current source parent root or organizational unit 11615// (OU) to the specified destination parent root or OU. 11616// 11617// This operation can be called only from the organization's master account. 11618// 11619// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 11620// with awserr.Error's Code and Message methods to get detailed information about 11621// the error. 11622// 11623// See the AWS API reference guide for AWS Organizations's 11624// API operation MoveAccount for usage and error information. 11625// 11626// Returned Error Types: 11627// * AccessDeniedException 11628// You don't have permissions to perform the requested operation. The user or 11629// role that is making the request must have at least one IAM permissions policy 11630// attached that grants the required permissions. For more information, see 11631// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 11632// in the IAM User Guide. 11633// 11634// * InvalidInputException 11635// The requested operation failed because you provided invalid values for one 11636// or more of the request parameters. This exception includes a reason that 11637// contains additional information about the violated limit: 11638// 11639// Some of the reasons in the following list might not be applicable to this 11640// specific API or operation. 11641// 11642// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 11643// can't be modified. 11644// 11645// * INPUT_REQUIRED: You must include a value for all required parameters. 11646// 11647// * INVALID_ENUM: You specified an invalid value. 11648// 11649// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 11650// characters. 11651// 11652// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 11653// at least one invalid value. 11654// 11655// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 11656// from the response to a previous call of the operation. 11657// 11658// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 11659// organization, or email) as a party. 11660// 11661// * INVALID_PATTERN: You provided a value that doesn't match the required 11662// pattern. 11663// 11664// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 11665// match the required pattern. 11666// 11667// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 11668// name can't begin with the reserved prefix AWSServiceRoleFor. 11669// 11670// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 11671// Name (ARN) for the organization. 11672// 11673// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 11674// 11675// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 11676// tag. You can’t add, edit, or delete system tag keys because they're 11677// reserved for AWS use. System tags don’t count against your tags per 11678// resource limit. 11679// 11680// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 11681// for the operation. 11682// 11683// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 11684// than allowed. 11685// 11686// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 11687// value than allowed. 11688// 11689// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 11690// than allowed. 11691// 11692// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 11693// value than allowed. 11694// 11695// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 11696// between entities in the same root. 11697// 11698// * SourceParentNotFoundException 11699// We can't find a source root or OU with the ParentId that you specified. 11700// 11701// * DestinationParentNotFoundException 11702// We can't find the destination container (a root or OU) with the ParentId 11703// that you specified. 11704// 11705// * DuplicateAccountException 11706// That account is already present in the specified destination. 11707// 11708// * AccountNotFoundException 11709// We can't find an AWS account with the AccountId that you specified, or the 11710// account whose credentials you used to make this request isn't a member of 11711// an organization. 11712// 11713// * TooManyRequestsException 11714// You have sent too many requests in too short a period of time. The quota 11715// helps protect against denial-of-service attacks. Try again later. 11716// 11717// For information about quotas that affect AWS Organizations, see Quotas for 11718// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 11719// the AWS Organizations User Guide. 11720// 11721// * ConcurrentModificationException 11722// The target of the operation is currently being modified by a different request. 11723// Try again later. 11724// 11725// * AWSOrganizationsNotInUseException 11726// Your account isn't a member of an organization. To make this request, you 11727// must use the credentials of an account that belongs to an organization. 11728// 11729// * ServiceException 11730// AWS Organizations can't complete your request because of an internal service 11731// error. Try again later. 11732// 11733// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/MoveAccount 11734func (c *Organizations) MoveAccount(input *MoveAccountInput) (*MoveAccountOutput, error) { 11735 req, out := c.MoveAccountRequest(input) 11736 return out, req.Send() 11737} 11738 11739// MoveAccountWithContext is the same as MoveAccount with the addition of 11740// the ability to pass a context and additional request options. 11741// 11742// See MoveAccount for details on how to use this API operation. 11743// 11744// The context must be non-nil and will be used for request cancellation. If 11745// the context is nil a panic will occur. In the future the SDK may create 11746// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 11747// for more information on using Contexts. 11748func (c *Organizations) MoveAccountWithContext(ctx aws.Context, input *MoveAccountInput, opts ...request.Option) (*MoveAccountOutput, error) { 11749 req, out := c.MoveAccountRequest(input) 11750 req.SetContext(ctx) 11751 req.ApplyOptions(opts...) 11752 return out, req.Send() 11753} 11754 11755const opRegisterDelegatedAdministrator = "RegisterDelegatedAdministrator" 11756 11757// RegisterDelegatedAdministratorRequest generates a "aws/request.Request" representing the 11758// client's request for the RegisterDelegatedAdministrator operation. The "output" return 11759// value will be populated with the request's response once the request completes 11760// successfully. 11761// 11762// Use "Send" method on the returned Request to send the API call to the service. 11763// the "output" return value is not valid until after Send returns without error. 11764// 11765// See RegisterDelegatedAdministrator for more information on using the RegisterDelegatedAdministrator 11766// API call, and error handling. 11767// 11768// This method is useful when you want to inject custom logic or configuration 11769// into the SDK's request lifecycle. Such as custom headers, or retry logic. 11770// 11771// 11772// // Example sending a request using the RegisterDelegatedAdministratorRequest method. 11773// req, resp := client.RegisterDelegatedAdministratorRequest(params) 11774// 11775// err := req.Send() 11776// if err == nil { // resp is now filled 11777// fmt.Println(resp) 11778// } 11779// 11780// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RegisterDelegatedAdministrator 11781func (c *Organizations) RegisterDelegatedAdministratorRequest(input *RegisterDelegatedAdministratorInput) (req *request.Request, output *RegisterDelegatedAdministratorOutput) { 11782 op := &request.Operation{ 11783 Name: opRegisterDelegatedAdministrator, 11784 HTTPMethod: "POST", 11785 HTTPPath: "/", 11786 } 11787 11788 if input == nil { 11789 input = &RegisterDelegatedAdministratorInput{} 11790 } 11791 11792 output = &RegisterDelegatedAdministratorOutput{} 11793 req = c.newRequest(op, input, output) 11794 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 11795 return 11796} 11797 11798// RegisterDelegatedAdministrator API operation for AWS Organizations. 11799// 11800// Enables the specified member account to administer the Organizations features 11801// of the specified AWS service. It grants read-only access to AWS Organizations 11802// service data. The account still requires IAM permissions to access and administer 11803// the AWS service. 11804// 11805// You can run this action only for AWS services that support this feature. 11806// For a current list of services that support it, see the column Supports Delegated 11807// Administrator in the table at AWS Services that you can use with AWS Organizations 11808// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrated-services-list.html) 11809// in the AWS Organizations User Guide. 11810// 11811// This operation can be called only from the organization's master account. 11812// 11813// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 11814// with awserr.Error's Code and Message methods to get detailed information about 11815// the error. 11816// 11817// See the AWS API reference guide for AWS Organizations's 11818// API operation RegisterDelegatedAdministrator for usage and error information. 11819// 11820// Returned Error Types: 11821// * AccessDeniedException 11822// You don't have permissions to perform the requested operation. The user or 11823// role that is making the request must have at least one IAM permissions policy 11824// attached that grants the required permissions. For more information, see 11825// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 11826// in the IAM User Guide. 11827// 11828// * AccountAlreadyRegisteredException 11829// The specified account is already a delegated administrator for this AWS service. 11830// 11831// * AccountNotFoundException 11832// We can't find an AWS account with the AccountId that you specified, or the 11833// account whose credentials you used to make this request isn't a member of 11834// an organization. 11835// 11836// * AWSOrganizationsNotInUseException 11837// Your account isn't a member of an organization. To make this request, you 11838// must use the credentials of an account that belongs to an organization. 11839// 11840// * ConcurrentModificationException 11841// The target of the operation is currently being modified by a different request. 11842// Try again later. 11843// 11844// * ConstraintViolationException 11845// Performing this operation violates a minimum or maximum value limit. For 11846// example, attempting to remove the last service control policy (SCP) from 11847// an OU or root, inviting or creating too many accounts to the organization, 11848// or attaching too many policies to an account, OU, or root. This exception 11849// includes a reason that contains additional information about the violated 11850// limit: 11851// 11852// Some of the reasons in the following list might not be applicable to this 11853// specific API or operation. 11854// 11855// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master 11856// account from the organization. You can't remove the master account. Instead, 11857// after you remove all member accounts, delete the organization itself. 11858// 11859// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 11860// from the organization that doesn't yet have enough information to exist 11861// as a standalone account. This account requires you to first agree to the 11862// AWS Customer Agreement. Follow the steps at Removing a member account 11863// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 11864// the AWS Organizations User Guide. 11865// 11866// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 11867// an account from the organization that doesn't yet have enough information 11868// to exist as a standalone account. This account requires you to first complete 11869// phone verification. Follow the steps at Removing a member account from 11870// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 11871// in the AWS Organizations User Guide. 11872// 11873// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 11874// of accounts that you can create in one day. 11875// 11876// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 11877// the number of accounts in an organization. If you need more accounts, 11878// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 11879// request an increase in your limit. Or the number of invitations that you 11880// tried to send would cause you to exceed the limit of accounts in your 11881// organization. Send fewer invitations or contact AWS Support to request 11882// an increase in the number of accounts. Deleted and closed accounts still 11883// count toward your limit. If you get this exception when running a command 11884// immediately after creating the organization, wait one hour and try again. 11885// After an hour, if the command continues to fail with this error, contact 11886// AWS Support (https://console.aws.amazon.com/support/home#/). 11887// 11888// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 11889// register the master account of the organization as a delegated administrator 11890// for an AWS service integrated with Organizations. You can designate only 11891// a member account as a delegated administrator. 11892// 11893// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 11894// an account that is registered as a delegated administrator for a service 11895// integrated with your organization. To complete this operation, you must 11896// first deregister this account as a delegated administrator. 11897// 11898// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 11899// organization in the specified region, you must enable all features mode. 11900// 11901// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 11902// an AWS account as a delegated administrator for an AWS service that already 11903// has a delegated administrator. To complete this operation, you must first 11904// deregister any existing delegated administrators for this service. 11905// 11906// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 11907// valid for a limited period of time. You must resubmit the request and 11908// generate a new verfication code. 11909// 11910// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 11911// handshakes that you can send in one day. 11912// 11913// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 11914// in this organization, you first must migrate the organization's master 11915// account to the marketplace that corresponds to the master account's address. 11916// For example, accounts with India addresses must be associated with the 11917// AISPL marketplace. All accounts in an organization must be associated 11918// with the same marketplace. 11919// 11920// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 11921// in China. To create an organization, the master must have an valid business 11922// license. For more information, contact customer support. 11923// 11924// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 11925// must first provide a valid contact address and phone number for the master 11926// account. Then try the operation again. 11927// 11928// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 11929// master account must have an associated account in the AWS GovCloud (US-West) 11930// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 11931// in the AWS GovCloud User Guide. 11932// 11933// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 11934// with this master account, you first must associate a valid payment instrument, 11935// such as a credit card, with the account. Follow the steps at To leave 11936// an organization when all required account information has not yet been 11937// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 11938// in the AWS Organizations User Guide. 11939// 11940// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 11941// to register more delegated administrators than allowed for the service 11942// principal. 11943// 11944// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 11945// number of policies of a certain type that can be attached to an entity 11946// at one time. 11947// 11948// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 11949// on this resource. 11950// 11951// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 11952// with this member account, you first must associate a valid payment instrument, 11953// such as a credit card, with the account. Follow the steps at To leave 11954// an organization when all required account information has not yet been 11955// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 11956// in the AWS Organizations User Guide. 11957// 11958// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 11959// policy from an entity that would cause the entity to have fewer than the 11960// minimum number of policies of a certain type required. 11961// 11962// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 11963// that requires the organization to be configured to support all features. 11964// An organization that supports only consolidated billing features can't 11965// perform this operation. 11966// 11967// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 11968// too many levels deep. 11969// 11970// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 11971// that you can have in an organization. 11972// 11973// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 11974// is larger than the maximum size. 11975// 11976// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 11977// policies that you can have in an organization. 11978// 11979// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 11980// tags that are not compliant with the tag policy requirements for this 11981// account. 11982// 11983// * InvalidInputException 11984// The requested operation failed because you provided invalid values for one 11985// or more of the request parameters. This exception includes a reason that 11986// contains additional information about the violated limit: 11987// 11988// Some of the reasons in the following list might not be applicable to this 11989// specific API or operation. 11990// 11991// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 11992// can't be modified. 11993// 11994// * INPUT_REQUIRED: You must include a value for all required parameters. 11995// 11996// * INVALID_ENUM: You specified an invalid value. 11997// 11998// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 11999// characters. 12000// 12001// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 12002// at least one invalid value. 12003// 12004// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 12005// from the response to a previous call of the operation. 12006// 12007// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 12008// organization, or email) as a party. 12009// 12010// * INVALID_PATTERN: You provided a value that doesn't match the required 12011// pattern. 12012// 12013// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 12014// match the required pattern. 12015// 12016// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 12017// name can't begin with the reserved prefix AWSServiceRoleFor. 12018// 12019// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 12020// Name (ARN) for the organization. 12021// 12022// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 12023// 12024// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 12025// tag. You can’t add, edit, or delete system tag keys because they're 12026// reserved for AWS use. System tags don’t count against your tags per 12027// resource limit. 12028// 12029// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 12030// for the operation. 12031// 12032// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 12033// than allowed. 12034// 12035// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 12036// value than allowed. 12037// 12038// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 12039// than allowed. 12040// 12041// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 12042// value than allowed. 12043// 12044// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 12045// between entities in the same root. 12046// 12047// * TooManyRequestsException 12048// You have sent too many requests in too short a period of time. The quota 12049// helps protect against denial-of-service attacks. Try again later. 12050// 12051// For information about quotas that affect AWS Organizations, see Quotas for 12052// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 12053// the AWS Organizations User Guide. 12054// 12055// * ServiceException 12056// AWS Organizations can't complete your request because of an internal service 12057// error. Try again later. 12058// 12059// * UnsupportedAPIEndpointException 12060// This action isn't available in the current AWS Region. 12061// 12062// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RegisterDelegatedAdministrator 12063func (c *Organizations) RegisterDelegatedAdministrator(input *RegisterDelegatedAdministratorInput) (*RegisterDelegatedAdministratorOutput, error) { 12064 req, out := c.RegisterDelegatedAdministratorRequest(input) 12065 return out, req.Send() 12066} 12067 12068// RegisterDelegatedAdministratorWithContext is the same as RegisterDelegatedAdministrator with the addition of 12069// the ability to pass a context and additional request options. 12070// 12071// See RegisterDelegatedAdministrator for details on how to use this API operation. 12072// 12073// The context must be non-nil and will be used for request cancellation. If 12074// the context is nil a panic will occur. In the future the SDK may create 12075// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 12076// for more information on using Contexts. 12077func (c *Organizations) RegisterDelegatedAdministratorWithContext(ctx aws.Context, input *RegisterDelegatedAdministratorInput, opts ...request.Option) (*RegisterDelegatedAdministratorOutput, error) { 12078 req, out := c.RegisterDelegatedAdministratorRequest(input) 12079 req.SetContext(ctx) 12080 req.ApplyOptions(opts...) 12081 return out, req.Send() 12082} 12083 12084const opRemoveAccountFromOrganization = "RemoveAccountFromOrganization" 12085 12086// RemoveAccountFromOrganizationRequest generates a "aws/request.Request" representing the 12087// client's request for the RemoveAccountFromOrganization operation. The "output" return 12088// value will be populated with the request's response once the request completes 12089// successfully. 12090// 12091// Use "Send" method on the returned Request to send the API call to the service. 12092// the "output" return value is not valid until after Send returns without error. 12093// 12094// See RemoveAccountFromOrganization for more information on using the RemoveAccountFromOrganization 12095// API call, and error handling. 12096// 12097// This method is useful when you want to inject custom logic or configuration 12098// into the SDK's request lifecycle. Such as custom headers, or retry logic. 12099// 12100// 12101// // Example sending a request using the RemoveAccountFromOrganizationRequest method. 12102// req, resp := client.RemoveAccountFromOrganizationRequest(params) 12103// 12104// err := req.Send() 12105// if err == nil { // resp is now filled 12106// fmt.Println(resp) 12107// } 12108// 12109// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RemoveAccountFromOrganization 12110func (c *Organizations) RemoveAccountFromOrganizationRequest(input *RemoveAccountFromOrganizationInput) (req *request.Request, output *RemoveAccountFromOrganizationOutput) { 12111 op := &request.Operation{ 12112 Name: opRemoveAccountFromOrganization, 12113 HTTPMethod: "POST", 12114 HTTPPath: "/", 12115 } 12116 12117 if input == nil { 12118 input = &RemoveAccountFromOrganizationInput{} 12119 } 12120 12121 output = &RemoveAccountFromOrganizationOutput{} 12122 req = c.newRequest(op, input, output) 12123 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 12124 return 12125} 12126 12127// RemoveAccountFromOrganization API operation for AWS Organizations. 12128// 12129// Removes the specified account from the organization. 12130// 12131// The removed account becomes a standalone account that isn't a member of any 12132// organization. It's no longer subject to any policies and is responsible for 12133// its own bill payments. The organization's master account is no longer charged 12134// for any expenses accrued by the member account after it's removed from the 12135// organization. 12136// 12137// This operation can be called only from the organization's master account. 12138// Member accounts can remove themselves with LeaveOrganization instead. 12139// 12140// You can remove an account from your organization only if the account is configured 12141// with the information required to operate as a standalone account. When you 12142// create an account in an organization using the AWS Organizations console, 12143// API, or CLI commands, the information required of standalone accounts is 12144// not automatically collected. For an account that you want to make standalone, 12145// you must accept the end user license agreement (EULA), choose a support plan, 12146// provide and verify the required contact information, and provide a current 12147// payment method. AWS uses the payment method to charge for any billable (not 12148// free tier) AWS activity that occurs while the account isn't attached to an 12149// organization. To remove an account that doesn't yet have this information, 12150// you must sign in as the member account and follow the steps at To leave an 12151// organization when all required account information has not yet been provided 12152// (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 12153// in the AWS Organizations User Guide. 12154// 12155// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 12156// with awserr.Error's Code and Message methods to get detailed information about 12157// the error. 12158// 12159// See the AWS API reference guide for AWS Organizations's 12160// API operation RemoveAccountFromOrganization for usage and error information. 12161// 12162// Returned Error Types: 12163// * AccessDeniedException 12164// You don't have permissions to perform the requested operation. The user or 12165// role that is making the request must have at least one IAM permissions policy 12166// attached that grants the required permissions. For more information, see 12167// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 12168// in the IAM User Guide. 12169// 12170// * AccountNotFoundException 12171// We can't find an AWS account with the AccountId that you specified, or the 12172// account whose credentials you used to make this request isn't a member of 12173// an organization. 12174// 12175// * AWSOrganizationsNotInUseException 12176// Your account isn't a member of an organization. To make this request, you 12177// must use the credentials of an account that belongs to an organization. 12178// 12179// * ConcurrentModificationException 12180// The target of the operation is currently being modified by a different request. 12181// Try again later. 12182// 12183// * ConstraintViolationException 12184// Performing this operation violates a minimum or maximum value limit. For 12185// example, attempting to remove the last service control policy (SCP) from 12186// an OU or root, inviting or creating too many accounts to the organization, 12187// or attaching too many policies to an account, OU, or root. This exception 12188// includes a reason that contains additional information about the violated 12189// limit: 12190// 12191// Some of the reasons in the following list might not be applicable to this 12192// specific API or operation. 12193// 12194// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master 12195// account from the organization. You can't remove the master account. Instead, 12196// after you remove all member accounts, delete the organization itself. 12197// 12198// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 12199// from the organization that doesn't yet have enough information to exist 12200// as a standalone account. This account requires you to first agree to the 12201// AWS Customer Agreement. Follow the steps at Removing a member account 12202// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 12203// the AWS Organizations User Guide. 12204// 12205// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 12206// an account from the organization that doesn't yet have enough information 12207// to exist as a standalone account. This account requires you to first complete 12208// phone verification. Follow the steps at Removing a member account from 12209// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 12210// in the AWS Organizations User Guide. 12211// 12212// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 12213// of accounts that you can create in one day. 12214// 12215// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 12216// the number of accounts in an organization. If you need more accounts, 12217// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 12218// request an increase in your limit. Or the number of invitations that you 12219// tried to send would cause you to exceed the limit of accounts in your 12220// organization. Send fewer invitations or contact AWS Support to request 12221// an increase in the number of accounts. Deleted and closed accounts still 12222// count toward your limit. If you get this exception when running a command 12223// immediately after creating the organization, wait one hour and try again. 12224// After an hour, if the command continues to fail with this error, contact 12225// AWS Support (https://console.aws.amazon.com/support/home#/). 12226// 12227// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 12228// register the master account of the organization as a delegated administrator 12229// for an AWS service integrated with Organizations. You can designate only 12230// a member account as a delegated administrator. 12231// 12232// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 12233// an account that is registered as a delegated administrator for a service 12234// integrated with your organization. To complete this operation, you must 12235// first deregister this account as a delegated administrator. 12236// 12237// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 12238// organization in the specified region, you must enable all features mode. 12239// 12240// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 12241// an AWS account as a delegated administrator for an AWS service that already 12242// has a delegated administrator. To complete this operation, you must first 12243// deregister any existing delegated administrators for this service. 12244// 12245// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 12246// valid for a limited period of time. You must resubmit the request and 12247// generate a new verfication code. 12248// 12249// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 12250// handshakes that you can send in one day. 12251// 12252// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 12253// in this organization, you first must migrate the organization's master 12254// account to the marketplace that corresponds to the master account's address. 12255// For example, accounts with India addresses must be associated with the 12256// AISPL marketplace. All accounts in an organization must be associated 12257// with the same marketplace. 12258// 12259// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 12260// in China. To create an organization, the master must have an valid business 12261// license. For more information, contact customer support. 12262// 12263// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 12264// must first provide a valid contact address and phone number for the master 12265// account. Then try the operation again. 12266// 12267// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 12268// master account must have an associated account in the AWS GovCloud (US-West) 12269// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 12270// in the AWS GovCloud User Guide. 12271// 12272// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 12273// with this master account, you first must associate a valid payment instrument, 12274// such as a credit card, with the account. Follow the steps at To leave 12275// an organization when all required account information has not yet been 12276// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 12277// in the AWS Organizations User Guide. 12278// 12279// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 12280// to register more delegated administrators than allowed for the service 12281// principal. 12282// 12283// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 12284// number of policies of a certain type that can be attached to an entity 12285// at one time. 12286// 12287// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 12288// on this resource. 12289// 12290// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 12291// with this member account, you first must associate a valid payment instrument, 12292// such as a credit card, with the account. Follow the steps at To leave 12293// an organization when all required account information has not yet been 12294// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 12295// in the AWS Organizations User Guide. 12296// 12297// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 12298// policy from an entity that would cause the entity to have fewer than the 12299// minimum number of policies of a certain type required. 12300// 12301// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 12302// that requires the organization to be configured to support all features. 12303// An organization that supports only consolidated billing features can't 12304// perform this operation. 12305// 12306// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 12307// too many levels deep. 12308// 12309// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 12310// that you can have in an organization. 12311// 12312// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 12313// is larger than the maximum size. 12314// 12315// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 12316// policies that you can have in an organization. 12317// 12318// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 12319// tags that are not compliant with the tag policy requirements for this 12320// account. 12321// 12322// * InvalidInputException 12323// The requested operation failed because you provided invalid values for one 12324// or more of the request parameters. This exception includes a reason that 12325// contains additional information about the violated limit: 12326// 12327// Some of the reasons in the following list might not be applicable to this 12328// specific API or operation. 12329// 12330// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 12331// can't be modified. 12332// 12333// * INPUT_REQUIRED: You must include a value for all required parameters. 12334// 12335// * INVALID_ENUM: You specified an invalid value. 12336// 12337// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 12338// characters. 12339// 12340// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 12341// at least one invalid value. 12342// 12343// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 12344// from the response to a previous call of the operation. 12345// 12346// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 12347// organization, or email) as a party. 12348// 12349// * INVALID_PATTERN: You provided a value that doesn't match the required 12350// pattern. 12351// 12352// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 12353// match the required pattern. 12354// 12355// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 12356// name can't begin with the reserved prefix AWSServiceRoleFor. 12357// 12358// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 12359// Name (ARN) for the organization. 12360// 12361// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 12362// 12363// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 12364// tag. You can’t add, edit, or delete system tag keys because they're 12365// reserved for AWS use. System tags don’t count against your tags per 12366// resource limit. 12367// 12368// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 12369// for the operation. 12370// 12371// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 12372// than allowed. 12373// 12374// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 12375// value than allowed. 12376// 12377// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 12378// than allowed. 12379// 12380// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 12381// value than allowed. 12382// 12383// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 12384// between entities in the same root. 12385// 12386// * MasterCannotLeaveOrganizationException 12387// You can't remove a master account from an organization. If you want the master 12388// account to become a member account in another organization, you must first 12389// delete the current organization of the master account. 12390// 12391// * ServiceException 12392// AWS Organizations can't complete your request because of an internal service 12393// error. Try again later. 12394// 12395// * TooManyRequestsException 12396// You have sent too many requests in too short a period of time. The quota 12397// helps protect against denial-of-service attacks. Try again later. 12398// 12399// For information about quotas that affect AWS Organizations, see Quotas for 12400// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 12401// the AWS Organizations User Guide. 12402// 12403// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RemoveAccountFromOrganization 12404func (c *Organizations) RemoveAccountFromOrganization(input *RemoveAccountFromOrganizationInput) (*RemoveAccountFromOrganizationOutput, error) { 12405 req, out := c.RemoveAccountFromOrganizationRequest(input) 12406 return out, req.Send() 12407} 12408 12409// RemoveAccountFromOrganizationWithContext is the same as RemoveAccountFromOrganization with the addition of 12410// the ability to pass a context and additional request options. 12411// 12412// See RemoveAccountFromOrganization for details on how to use this API operation. 12413// 12414// The context must be non-nil and will be used for request cancellation. If 12415// the context is nil a panic will occur. In the future the SDK may create 12416// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 12417// for more information on using Contexts. 12418func (c *Organizations) RemoveAccountFromOrganizationWithContext(ctx aws.Context, input *RemoveAccountFromOrganizationInput, opts ...request.Option) (*RemoveAccountFromOrganizationOutput, error) { 12419 req, out := c.RemoveAccountFromOrganizationRequest(input) 12420 req.SetContext(ctx) 12421 req.ApplyOptions(opts...) 12422 return out, req.Send() 12423} 12424 12425const opTagResource = "TagResource" 12426 12427// TagResourceRequest generates a "aws/request.Request" representing the 12428// client's request for the TagResource operation. The "output" return 12429// value will be populated with the request's response once the request completes 12430// successfully. 12431// 12432// Use "Send" method on the returned Request to send the API call to the service. 12433// the "output" return value is not valid until after Send returns without error. 12434// 12435// See TagResource for more information on using the TagResource 12436// API call, and error handling. 12437// 12438// This method is useful when you want to inject custom logic or configuration 12439// into the SDK's request lifecycle. Such as custom headers, or retry logic. 12440// 12441// 12442// // Example sending a request using the TagResourceRequest method. 12443// req, resp := client.TagResourceRequest(params) 12444// 12445// err := req.Send() 12446// if err == nil { // resp is now filled 12447// fmt.Println(resp) 12448// } 12449// 12450// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/TagResource 12451func (c *Organizations) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) { 12452 op := &request.Operation{ 12453 Name: opTagResource, 12454 HTTPMethod: "POST", 12455 HTTPPath: "/", 12456 } 12457 12458 if input == nil { 12459 input = &TagResourceInput{} 12460 } 12461 12462 output = &TagResourceOutput{} 12463 req = c.newRequest(op, input, output) 12464 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 12465 return 12466} 12467 12468// TagResource API operation for AWS Organizations. 12469// 12470// Adds one or more tags to the specified resource. 12471// 12472// Currently, you can tag and untag accounts in AWS Organizations. 12473// 12474// This operation can be called only from the organization's master account. 12475// 12476// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 12477// with awserr.Error's Code and Message methods to get detailed information about 12478// the error. 12479// 12480// See the AWS API reference guide for AWS Organizations's 12481// API operation TagResource for usage and error information. 12482// 12483// Returned Error Types: 12484// * AccessDeniedException 12485// You don't have permissions to perform the requested operation. The user or 12486// role that is making the request must have at least one IAM permissions policy 12487// attached that grants the required permissions. For more information, see 12488// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 12489// in the IAM User Guide. 12490// 12491// * ConcurrentModificationException 12492// The target of the operation is currently being modified by a different request. 12493// Try again later. 12494// 12495// * AWSOrganizationsNotInUseException 12496// Your account isn't a member of an organization. To make this request, you 12497// must use the credentials of an account that belongs to an organization. 12498// 12499// * TargetNotFoundException 12500// We can't find a root, OU, or account with the TargetId that you specified. 12501// 12502// * ConstraintViolationException 12503// Performing this operation violates a minimum or maximum value limit. For 12504// example, attempting to remove the last service control policy (SCP) from 12505// an OU or root, inviting or creating too many accounts to the organization, 12506// or attaching too many policies to an account, OU, or root. This exception 12507// includes a reason that contains additional information about the violated 12508// limit: 12509// 12510// Some of the reasons in the following list might not be applicable to this 12511// specific API or operation. 12512// 12513// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master 12514// account from the organization. You can't remove the master account. Instead, 12515// after you remove all member accounts, delete the organization itself. 12516// 12517// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 12518// from the organization that doesn't yet have enough information to exist 12519// as a standalone account. This account requires you to first agree to the 12520// AWS Customer Agreement. Follow the steps at Removing a member account 12521// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 12522// the AWS Organizations User Guide. 12523// 12524// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 12525// an account from the organization that doesn't yet have enough information 12526// to exist as a standalone account. This account requires you to first complete 12527// phone verification. Follow the steps at Removing a member account from 12528// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 12529// in the AWS Organizations User Guide. 12530// 12531// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 12532// of accounts that you can create in one day. 12533// 12534// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 12535// the number of accounts in an organization. If you need more accounts, 12536// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 12537// request an increase in your limit. Or the number of invitations that you 12538// tried to send would cause you to exceed the limit of accounts in your 12539// organization. Send fewer invitations or contact AWS Support to request 12540// an increase in the number of accounts. Deleted and closed accounts still 12541// count toward your limit. If you get this exception when running a command 12542// immediately after creating the organization, wait one hour and try again. 12543// After an hour, if the command continues to fail with this error, contact 12544// AWS Support (https://console.aws.amazon.com/support/home#/). 12545// 12546// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 12547// register the master account of the organization as a delegated administrator 12548// for an AWS service integrated with Organizations. You can designate only 12549// a member account as a delegated administrator. 12550// 12551// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 12552// an account that is registered as a delegated administrator for a service 12553// integrated with your organization. To complete this operation, you must 12554// first deregister this account as a delegated administrator. 12555// 12556// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 12557// organization in the specified region, you must enable all features mode. 12558// 12559// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 12560// an AWS account as a delegated administrator for an AWS service that already 12561// has a delegated administrator. To complete this operation, you must first 12562// deregister any existing delegated administrators for this service. 12563// 12564// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 12565// valid for a limited period of time. You must resubmit the request and 12566// generate a new verfication code. 12567// 12568// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 12569// handshakes that you can send in one day. 12570// 12571// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 12572// in this organization, you first must migrate the organization's master 12573// account to the marketplace that corresponds to the master account's address. 12574// For example, accounts with India addresses must be associated with the 12575// AISPL marketplace. All accounts in an organization must be associated 12576// with the same marketplace. 12577// 12578// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 12579// in China. To create an organization, the master must have an valid business 12580// license. For more information, contact customer support. 12581// 12582// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 12583// must first provide a valid contact address and phone number for the master 12584// account. Then try the operation again. 12585// 12586// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 12587// master account must have an associated account in the AWS GovCloud (US-West) 12588// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 12589// in the AWS GovCloud User Guide. 12590// 12591// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 12592// with this master account, you first must associate a valid payment instrument, 12593// such as a credit card, with the account. Follow the steps at To leave 12594// an organization when all required account information has not yet been 12595// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 12596// in the AWS Organizations User Guide. 12597// 12598// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 12599// to register more delegated administrators than allowed for the service 12600// principal. 12601// 12602// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 12603// number of policies of a certain type that can be attached to an entity 12604// at one time. 12605// 12606// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 12607// on this resource. 12608// 12609// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 12610// with this member account, you first must associate a valid payment instrument, 12611// such as a credit card, with the account. Follow the steps at To leave 12612// an organization when all required account information has not yet been 12613// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 12614// in the AWS Organizations User Guide. 12615// 12616// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 12617// policy from an entity that would cause the entity to have fewer than the 12618// minimum number of policies of a certain type required. 12619// 12620// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 12621// that requires the organization to be configured to support all features. 12622// An organization that supports only consolidated billing features can't 12623// perform this operation. 12624// 12625// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 12626// too many levels deep. 12627// 12628// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 12629// that you can have in an organization. 12630// 12631// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 12632// is larger than the maximum size. 12633// 12634// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 12635// policies that you can have in an organization. 12636// 12637// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 12638// tags that are not compliant with the tag policy requirements for this 12639// account. 12640// 12641// * InvalidInputException 12642// The requested operation failed because you provided invalid values for one 12643// or more of the request parameters. This exception includes a reason that 12644// contains additional information about the violated limit: 12645// 12646// Some of the reasons in the following list might not be applicable to this 12647// specific API or operation. 12648// 12649// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 12650// can't be modified. 12651// 12652// * INPUT_REQUIRED: You must include a value for all required parameters. 12653// 12654// * INVALID_ENUM: You specified an invalid value. 12655// 12656// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 12657// characters. 12658// 12659// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 12660// at least one invalid value. 12661// 12662// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 12663// from the response to a previous call of the operation. 12664// 12665// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 12666// organization, or email) as a party. 12667// 12668// * INVALID_PATTERN: You provided a value that doesn't match the required 12669// pattern. 12670// 12671// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 12672// match the required pattern. 12673// 12674// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 12675// name can't begin with the reserved prefix AWSServiceRoleFor. 12676// 12677// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 12678// Name (ARN) for the organization. 12679// 12680// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 12681// 12682// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 12683// tag. You can’t add, edit, or delete system tag keys because they're 12684// reserved for AWS use. System tags don’t count against your tags per 12685// resource limit. 12686// 12687// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 12688// for the operation. 12689// 12690// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 12691// than allowed. 12692// 12693// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 12694// value than allowed. 12695// 12696// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 12697// than allowed. 12698// 12699// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 12700// value than allowed. 12701// 12702// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 12703// between entities in the same root. 12704// 12705// * ServiceException 12706// AWS Organizations can't complete your request because of an internal service 12707// error. Try again later. 12708// 12709// * TooManyRequestsException 12710// You have sent too many requests in too short a period of time. The quota 12711// helps protect against denial-of-service attacks. Try again later. 12712// 12713// For information about quotas that affect AWS Organizations, see Quotas for 12714// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 12715// the AWS Organizations User Guide. 12716// 12717// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/TagResource 12718func (c *Organizations) TagResource(input *TagResourceInput) (*TagResourceOutput, error) { 12719 req, out := c.TagResourceRequest(input) 12720 return out, req.Send() 12721} 12722 12723// TagResourceWithContext is the same as TagResource with the addition of 12724// the ability to pass a context and additional request options. 12725// 12726// See TagResource for details on how to use this API operation. 12727// 12728// The context must be non-nil and will be used for request cancellation. If 12729// the context is nil a panic will occur. In the future the SDK may create 12730// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 12731// for more information on using Contexts. 12732func (c *Organizations) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) { 12733 req, out := c.TagResourceRequest(input) 12734 req.SetContext(ctx) 12735 req.ApplyOptions(opts...) 12736 return out, req.Send() 12737} 12738 12739const opUntagResource = "UntagResource" 12740 12741// UntagResourceRequest generates a "aws/request.Request" representing the 12742// client's request for the UntagResource operation. The "output" return 12743// value will be populated with the request's response once the request completes 12744// successfully. 12745// 12746// Use "Send" method on the returned Request to send the API call to the service. 12747// the "output" return value is not valid until after Send returns without error. 12748// 12749// See UntagResource for more information on using the UntagResource 12750// API call, and error handling. 12751// 12752// This method is useful when you want to inject custom logic or configuration 12753// into the SDK's request lifecycle. Such as custom headers, or retry logic. 12754// 12755// 12756// // Example sending a request using the UntagResourceRequest method. 12757// req, resp := client.UntagResourceRequest(params) 12758// 12759// err := req.Send() 12760// if err == nil { // resp is now filled 12761// fmt.Println(resp) 12762// } 12763// 12764// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UntagResource 12765func (c *Organizations) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) { 12766 op := &request.Operation{ 12767 Name: opUntagResource, 12768 HTTPMethod: "POST", 12769 HTTPPath: "/", 12770 } 12771 12772 if input == nil { 12773 input = &UntagResourceInput{} 12774 } 12775 12776 output = &UntagResourceOutput{} 12777 req = c.newRequest(op, input, output) 12778 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 12779 return 12780} 12781 12782// UntagResource API operation for AWS Organizations. 12783// 12784// Removes a tag from the specified resource. 12785// 12786// Currently, you can tag and untag accounts in AWS Organizations. 12787// 12788// This operation can be called only from the organization's master account. 12789// 12790// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 12791// with awserr.Error's Code and Message methods to get detailed information about 12792// the error. 12793// 12794// See the AWS API reference guide for AWS Organizations's 12795// API operation UntagResource for usage and error information. 12796// 12797// Returned Error Types: 12798// * AccessDeniedException 12799// You don't have permissions to perform the requested operation. The user or 12800// role that is making the request must have at least one IAM permissions policy 12801// attached that grants the required permissions. For more information, see 12802// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 12803// in the IAM User Guide. 12804// 12805// * ConcurrentModificationException 12806// The target of the operation is currently being modified by a different request. 12807// Try again later. 12808// 12809// * AWSOrganizationsNotInUseException 12810// Your account isn't a member of an organization. To make this request, you 12811// must use the credentials of an account that belongs to an organization. 12812// 12813// * TargetNotFoundException 12814// We can't find a root, OU, or account with the TargetId that you specified. 12815// 12816// * ConstraintViolationException 12817// Performing this operation violates a minimum or maximum value limit. For 12818// example, attempting to remove the last service control policy (SCP) from 12819// an OU or root, inviting or creating too many accounts to the organization, 12820// or attaching too many policies to an account, OU, or root. This exception 12821// includes a reason that contains additional information about the violated 12822// limit: 12823// 12824// Some of the reasons in the following list might not be applicable to this 12825// specific API or operation. 12826// 12827// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master 12828// account from the organization. You can't remove the master account. Instead, 12829// after you remove all member accounts, delete the organization itself. 12830// 12831// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 12832// from the organization that doesn't yet have enough information to exist 12833// as a standalone account. This account requires you to first agree to the 12834// AWS Customer Agreement. Follow the steps at Removing a member account 12835// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 12836// the AWS Organizations User Guide. 12837// 12838// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 12839// an account from the organization that doesn't yet have enough information 12840// to exist as a standalone account. This account requires you to first complete 12841// phone verification. Follow the steps at Removing a member account from 12842// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 12843// in the AWS Organizations User Guide. 12844// 12845// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 12846// of accounts that you can create in one day. 12847// 12848// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 12849// the number of accounts in an organization. If you need more accounts, 12850// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 12851// request an increase in your limit. Or the number of invitations that you 12852// tried to send would cause you to exceed the limit of accounts in your 12853// organization. Send fewer invitations or contact AWS Support to request 12854// an increase in the number of accounts. Deleted and closed accounts still 12855// count toward your limit. If you get this exception when running a command 12856// immediately after creating the organization, wait one hour and try again. 12857// After an hour, if the command continues to fail with this error, contact 12858// AWS Support (https://console.aws.amazon.com/support/home#/). 12859// 12860// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 12861// register the master account of the organization as a delegated administrator 12862// for an AWS service integrated with Organizations. You can designate only 12863// a member account as a delegated administrator. 12864// 12865// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 12866// an account that is registered as a delegated administrator for a service 12867// integrated with your organization. To complete this operation, you must 12868// first deregister this account as a delegated administrator. 12869// 12870// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 12871// organization in the specified region, you must enable all features mode. 12872// 12873// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 12874// an AWS account as a delegated administrator for an AWS service that already 12875// has a delegated administrator. To complete this operation, you must first 12876// deregister any existing delegated administrators for this service. 12877// 12878// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 12879// valid for a limited period of time. You must resubmit the request and 12880// generate a new verfication code. 12881// 12882// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 12883// handshakes that you can send in one day. 12884// 12885// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 12886// in this organization, you first must migrate the organization's master 12887// account to the marketplace that corresponds to the master account's address. 12888// For example, accounts with India addresses must be associated with the 12889// AISPL marketplace. All accounts in an organization must be associated 12890// with the same marketplace. 12891// 12892// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 12893// in China. To create an organization, the master must have an valid business 12894// license. For more information, contact customer support. 12895// 12896// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 12897// must first provide a valid contact address and phone number for the master 12898// account. Then try the operation again. 12899// 12900// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 12901// master account must have an associated account in the AWS GovCloud (US-West) 12902// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 12903// in the AWS GovCloud User Guide. 12904// 12905// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 12906// with this master account, you first must associate a valid payment instrument, 12907// such as a credit card, with the account. Follow the steps at To leave 12908// an organization when all required account information has not yet been 12909// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 12910// in the AWS Organizations User Guide. 12911// 12912// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 12913// to register more delegated administrators than allowed for the service 12914// principal. 12915// 12916// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 12917// number of policies of a certain type that can be attached to an entity 12918// at one time. 12919// 12920// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 12921// on this resource. 12922// 12923// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 12924// with this member account, you first must associate a valid payment instrument, 12925// such as a credit card, with the account. Follow the steps at To leave 12926// an organization when all required account information has not yet been 12927// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 12928// in the AWS Organizations User Guide. 12929// 12930// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 12931// policy from an entity that would cause the entity to have fewer than the 12932// minimum number of policies of a certain type required. 12933// 12934// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 12935// that requires the organization to be configured to support all features. 12936// An organization that supports only consolidated billing features can't 12937// perform this operation. 12938// 12939// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 12940// too many levels deep. 12941// 12942// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 12943// that you can have in an organization. 12944// 12945// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 12946// is larger than the maximum size. 12947// 12948// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 12949// policies that you can have in an organization. 12950// 12951// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 12952// tags that are not compliant with the tag policy requirements for this 12953// account. 12954// 12955// * InvalidInputException 12956// The requested operation failed because you provided invalid values for one 12957// or more of the request parameters. This exception includes a reason that 12958// contains additional information about the violated limit: 12959// 12960// Some of the reasons in the following list might not be applicable to this 12961// specific API or operation. 12962// 12963// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 12964// can't be modified. 12965// 12966// * INPUT_REQUIRED: You must include a value for all required parameters. 12967// 12968// * INVALID_ENUM: You specified an invalid value. 12969// 12970// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 12971// characters. 12972// 12973// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 12974// at least one invalid value. 12975// 12976// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 12977// from the response to a previous call of the operation. 12978// 12979// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 12980// organization, or email) as a party. 12981// 12982// * INVALID_PATTERN: You provided a value that doesn't match the required 12983// pattern. 12984// 12985// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 12986// match the required pattern. 12987// 12988// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 12989// name can't begin with the reserved prefix AWSServiceRoleFor. 12990// 12991// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 12992// Name (ARN) for the organization. 12993// 12994// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 12995// 12996// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 12997// tag. You can’t add, edit, or delete system tag keys because they're 12998// reserved for AWS use. System tags don’t count against your tags per 12999// resource limit. 13000// 13001// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 13002// for the operation. 13003// 13004// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 13005// than allowed. 13006// 13007// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 13008// value than allowed. 13009// 13010// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 13011// than allowed. 13012// 13013// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 13014// value than allowed. 13015// 13016// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 13017// between entities in the same root. 13018// 13019// * ServiceException 13020// AWS Organizations can't complete your request because of an internal service 13021// error. Try again later. 13022// 13023// * TooManyRequestsException 13024// You have sent too many requests in too short a period of time. The quota 13025// helps protect against denial-of-service attacks. Try again later. 13026// 13027// For information about quotas that affect AWS Organizations, see Quotas for 13028// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 13029// the AWS Organizations User Guide. 13030// 13031// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UntagResource 13032func (c *Organizations) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) { 13033 req, out := c.UntagResourceRequest(input) 13034 return out, req.Send() 13035} 13036 13037// UntagResourceWithContext is the same as UntagResource with the addition of 13038// the ability to pass a context and additional request options. 13039// 13040// See UntagResource for details on how to use this API operation. 13041// 13042// The context must be non-nil and will be used for request cancellation. If 13043// the context is nil a panic will occur. In the future the SDK may create 13044// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 13045// for more information on using Contexts. 13046func (c *Organizations) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) { 13047 req, out := c.UntagResourceRequest(input) 13048 req.SetContext(ctx) 13049 req.ApplyOptions(opts...) 13050 return out, req.Send() 13051} 13052 13053const opUpdateOrganizationalUnit = "UpdateOrganizationalUnit" 13054 13055// UpdateOrganizationalUnitRequest generates a "aws/request.Request" representing the 13056// client's request for the UpdateOrganizationalUnit operation. The "output" return 13057// value will be populated with the request's response once the request completes 13058// successfully. 13059// 13060// Use "Send" method on the returned Request to send the API call to the service. 13061// the "output" return value is not valid until after Send returns without error. 13062// 13063// See UpdateOrganizationalUnit for more information on using the UpdateOrganizationalUnit 13064// API call, and error handling. 13065// 13066// This method is useful when you want to inject custom logic or configuration 13067// into the SDK's request lifecycle. Such as custom headers, or retry logic. 13068// 13069// 13070// // Example sending a request using the UpdateOrganizationalUnitRequest method. 13071// req, resp := client.UpdateOrganizationalUnitRequest(params) 13072// 13073// err := req.Send() 13074// if err == nil { // resp is now filled 13075// fmt.Println(resp) 13076// } 13077// 13078// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdateOrganizationalUnit 13079func (c *Organizations) UpdateOrganizationalUnitRequest(input *UpdateOrganizationalUnitInput) (req *request.Request, output *UpdateOrganizationalUnitOutput) { 13080 op := &request.Operation{ 13081 Name: opUpdateOrganizationalUnit, 13082 HTTPMethod: "POST", 13083 HTTPPath: "/", 13084 } 13085 13086 if input == nil { 13087 input = &UpdateOrganizationalUnitInput{} 13088 } 13089 13090 output = &UpdateOrganizationalUnitOutput{} 13091 req = c.newRequest(op, input, output) 13092 return 13093} 13094 13095// UpdateOrganizationalUnit API operation for AWS Organizations. 13096// 13097// Renames the specified organizational unit (OU). The ID and ARN don't change. 13098// The child OUs and accounts remain in place, and any attached policies of 13099// the OU remain attached. 13100// 13101// This operation can be called only from the organization's master account. 13102// 13103// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 13104// with awserr.Error's Code and Message methods to get detailed information about 13105// the error. 13106// 13107// See the AWS API reference guide for AWS Organizations's 13108// API operation UpdateOrganizationalUnit for usage and error information. 13109// 13110// Returned Error Types: 13111// * AccessDeniedException 13112// You don't have permissions to perform the requested operation. The user or 13113// role that is making the request must have at least one IAM permissions policy 13114// attached that grants the required permissions. For more information, see 13115// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 13116// in the IAM User Guide. 13117// 13118// * AWSOrganizationsNotInUseException 13119// Your account isn't a member of an organization. To make this request, you 13120// must use the credentials of an account that belongs to an organization. 13121// 13122// * ConcurrentModificationException 13123// The target of the operation is currently being modified by a different request. 13124// Try again later. 13125// 13126// * DuplicateOrganizationalUnitException 13127// An OU with the same name already exists. 13128// 13129// * InvalidInputException 13130// The requested operation failed because you provided invalid values for one 13131// or more of the request parameters. This exception includes a reason that 13132// contains additional information about the violated limit: 13133// 13134// Some of the reasons in the following list might not be applicable to this 13135// specific API or operation. 13136// 13137// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 13138// can't be modified. 13139// 13140// * INPUT_REQUIRED: You must include a value for all required parameters. 13141// 13142// * INVALID_ENUM: You specified an invalid value. 13143// 13144// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 13145// characters. 13146// 13147// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 13148// at least one invalid value. 13149// 13150// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 13151// from the response to a previous call of the operation. 13152// 13153// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 13154// organization, or email) as a party. 13155// 13156// * INVALID_PATTERN: You provided a value that doesn't match the required 13157// pattern. 13158// 13159// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 13160// match the required pattern. 13161// 13162// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 13163// name can't begin with the reserved prefix AWSServiceRoleFor. 13164// 13165// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 13166// Name (ARN) for the organization. 13167// 13168// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 13169// 13170// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 13171// tag. You can’t add, edit, or delete system tag keys because they're 13172// reserved for AWS use. System tags don’t count against your tags per 13173// resource limit. 13174// 13175// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 13176// for the operation. 13177// 13178// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 13179// than allowed. 13180// 13181// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 13182// value than allowed. 13183// 13184// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 13185// than allowed. 13186// 13187// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 13188// value than allowed. 13189// 13190// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 13191// between entities in the same root. 13192// 13193// * OrganizationalUnitNotFoundException 13194// We can't find an OU with the OrganizationalUnitId that you specified. 13195// 13196// * ServiceException 13197// AWS Organizations can't complete your request because of an internal service 13198// error. Try again later. 13199// 13200// * TooManyRequestsException 13201// You have sent too many requests in too short a period of time. The quota 13202// helps protect against denial-of-service attacks. Try again later. 13203// 13204// For information about quotas that affect AWS Organizations, see Quotas for 13205// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 13206// the AWS Organizations User Guide. 13207// 13208// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdateOrganizationalUnit 13209func (c *Organizations) UpdateOrganizationalUnit(input *UpdateOrganizationalUnitInput) (*UpdateOrganizationalUnitOutput, error) { 13210 req, out := c.UpdateOrganizationalUnitRequest(input) 13211 return out, req.Send() 13212} 13213 13214// UpdateOrganizationalUnitWithContext is the same as UpdateOrganizationalUnit with the addition of 13215// the ability to pass a context and additional request options. 13216// 13217// See UpdateOrganizationalUnit for details on how to use this API operation. 13218// 13219// The context must be non-nil and will be used for request cancellation. If 13220// the context is nil a panic will occur. In the future the SDK may create 13221// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 13222// for more information on using Contexts. 13223func (c *Organizations) UpdateOrganizationalUnitWithContext(ctx aws.Context, input *UpdateOrganizationalUnitInput, opts ...request.Option) (*UpdateOrganizationalUnitOutput, error) { 13224 req, out := c.UpdateOrganizationalUnitRequest(input) 13225 req.SetContext(ctx) 13226 req.ApplyOptions(opts...) 13227 return out, req.Send() 13228} 13229 13230const opUpdatePolicy = "UpdatePolicy" 13231 13232// UpdatePolicyRequest generates a "aws/request.Request" representing the 13233// client's request for the UpdatePolicy operation. The "output" return 13234// value will be populated with the request's response once the request completes 13235// successfully. 13236// 13237// Use "Send" method on the returned Request to send the API call to the service. 13238// the "output" return value is not valid until after Send returns without error. 13239// 13240// See UpdatePolicy for more information on using the UpdatePolicy 13241// API call, and error handling. 13242// 13243// This method is useful when you want to inject custom logic or configuration 13244// into the SDK's request lifecycle. Such as custom headers, or retry logic. 13245// 13246// 13247// // Example sending a request using the UpdatePolicyRequest method. 13248// req, resp := client.UpdatePolicyRequest(params) 13249// 13250// err := req.Send() 13251// if err == nil { // resp is now filled 13252// fmt.Println(resp) 13253// } 13254// 13255// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdatePolicy 13256func (c *Organizations) UpdatePolicyRequest(input *UpdatePolicyInput) (req *request.Request, output *UpdatePolicyOutput) { 13257 op := &request.Operation{ 13258 Name: opUpdatePolicy, 13259 HTTPMethod: "POST", 13260 HTTPPath: "/", 13261 } 13262 13263 if input == nil { 13264 input = &UpdatePolicyInput{} 13265 } 13266 13267 output = &UpdatePolicyOutput{} 13268 req = c.newRequest(op, input, output) 13269 return 13270} 13271 13272// UpdatePolicy API operation for AWS Organizations. 13273// 13274// Updates an existing policy with a new name, description, or content. If you 13275// don't supply any parameter, that value remains unchanged. You can't change 13276// a policy's type. 13277// 13278// This operation can be called only from the organization's master account. 13279// 13280// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 13281// with awserr.Error's Code and Message methods to get detailed information about 13282// the error. 13283// 13284// See the AWS API reference guide for AWS Organizations's 13285// API operation UpdatePolicy for usage and error information. 13286// 13287// Returned Error Types: 13288// * AccessDeniedException 13289// You don't have permissions to perform the requested operation. The user or 13290// role that is making the request must have at least one IAM permissions policy 13291// attached that grants the required permissions. For more information, see 13292// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 13293// in the IAM User Guide. 13294// 13295// * AWSOrganizationsNotInUseException 13296// Your account isn't a member of an organization. To make this request, you 13297// must use the credentials of an account that belongs to an organization. 13298// 13299// * ConcurrentModificationException 13300// The target of the operation is currently being modified by a different request. 13301// Try again later. 13302// 13303// * ConstraintViolationException 13304// Performing this operation violates a minimum or maximum value limit. For 13305// example, attempting to remove the last service control policy (SCP) from 13306// an OU or root, inviting or creating too many accounts to the organization, 13307// or attaching too many policies to an account, OU, or root. This exception 13308// includes a reason that contains additional information about the violated 13309// limit: 13310// 13311// Some of the reasons in the following list might not be applicable to this 13312// specific API or operation. 13313// 13314// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master 13315// account from the organization. You can't remove the master account. Instead, 13316// after you remove all member accounts, delete the organization itself. 13317// 13318// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 13319// from the organization that doesn't yet have enough information to exist 13320// as a standalone account. This account requires you to first agree to the 13321// AWS Customer Agreement. Follow the steps at Removing a member account 13322// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 13323// the AWS Organizations User Guide. 13324// 13325// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 13326// an account from the organization that doesn't yet have enough information 13327// to exist as a standalone account. This account requires you to first complete 13328// phone verification. Follow the steps at Removing a member account from 13329// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 13330// in the AWS Organizations User Guide. 13331// 13332// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 13333// of accounts that you can create in one day. 13334// 13335// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 13336// the number of accounts in an organization. If you need more accounts, 13337// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 13338// request an increase in your limit. Or the number of invitations that you 13339// tried to send would cause you to exceed the limit of accounts in your 13340// organization. Send fewer invitations or contact AWS Support to request 13341// an increase in the number of accounts. Deleted and closed accounts still 13342// count toward your limit. If you get this exception when running a command 13343// immediately after creating the organization, wait one hour and try again. 13344// After an hour, if the command continues to fail with this error, contact 13345// AWS Support (https://console.aws.amazon.com/support/home#/). 13346// 13347// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 13348// register the master account of the organization as a delegated administrator 13349// for an AWS service integrated with Organizations. You can designate only 13350// a member account as a delegated administrator. 13351// 13352// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 13353// an account that is registered as a delegated administrator for a service 13354// integrated with your organization. To complete this operation, you must 13355// first deregister this account as a delegated administrator. 13356// 13357// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 13358// organization in the specified region, you must enable all features mode. 13359// 13360// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 13361// an AWS account as a delegated administrator for an AWS service that already 13362// has a delegated administrator. To complete this operation, you must first 13363// deregister any existing delegated administrators for this service. 13364// 13365// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 13366// valid for a limited period of time. You must resubmit the request and 13367// generate a new verfication code. 13368// 13369// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 13370// handshakes that you can send in one day. 13371// 13372// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 13373// in this organization, you first must migrate the organization's master 13374// account to the marketplace that corresponds to the master account's address. 13375// For example, accounts with India addresses must be associated with the 13376// AISPL marketplace. All accounts in an organization must be associated 13377// with the same marketplace. 13378// 13379// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 13380// in China. To create an organization, the master must have an valid business 13381// license. For more information, contact customer support. 13382// 13383// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 13384// must first provide a valid contact address and phone number for the master 13385// account. Then try the operation again. 13386// 13387// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 13388// master account must have an associated account in the AWS GovCloud (US-West) 13389// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 13390// in the AWS GovCloud User Guide. 13391// 13392// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 13393// with this master account, you first must associate a valid payment instrument, 13394// such as a credit card, with the account. Follow the steps at To leave 13395// an organization when all required account information has not yet been 13396// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 13397// in the AWS Organizations User Guide. 13398// 13399// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 13400// to register more delegated administrators than allowed for the service 13401// principal. 13402// 13403// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 13404// number of policies of a certain type that can be attached to an entity 13405// at one time. 13406// 13407// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 13408// on this resource. 13409// 13410// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 13411// with this member account, you first must associate a valid payment instrument, 13412// such as a credit card, with the account. Follow the steps at To leave 13413// an organization when all required account information has not yet been 13414// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 13415// in the AWS Organizations User Guide. 13416// 13417// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 13418// policy from an entity that would cause the entity to have fewer than the 13419// minimum number of policies of a certain type required. 13420// 13421// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 13422// that requires the organization to be configured to support all features. 13423// An organization that supports only consolidated billing features can't 13424// perform this operation. 13425// 13426// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 13427// too many levels deep. 13428// 13429// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 13430// that you can have in an organization. 13431// 13432// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 13433// is larger than the maximum size. 13434// 13435// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 13436// policies that you can have in an organization. 13437// 13438// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 13439// tags that are not compliant with the tag policy requirements for this 13440// account. 13441// 13442// * DuplicatePolicyException 13443// A policy with the same name already exists. 13444// 13445// * InvalidInputException 13446// The requested operation failed because you provided invalid values for one 13447// or more of the request parameters. This exception includes a reason that 13448// contains additional information about the violated limit: 13449// 13450// Some of the reasons in the following list might not be applicable to this 13451// specific API or operation. 13452// 13453// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 13454// can't be modified. 13455// 13456// * INPUT_REQUIRED: You must include a value for all required parameters. 13457// 13458// * INVALID_ENUM: You specified an invalid value. 13459// 13460// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 13461// characters. 13462// 13463// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 13464// at least one invalid value. 13465// 13466// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 13467// from the response to a previous call of the operation. 13468// 13469// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 13470// organization, or email) as a party. 13471// 13472// * INVALID_PATTERN: You provided a value that doesn't match the required 13473// pattern. 13474// 13475// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 13476// match the required pattern. 13477// 13478// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 13479// name can't begin with the reserved prefix AWSServiceRoleFor. 13480// 13481// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 13482// Name (ARN) for the organization. 13483// 13484// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 13485// 13486// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 13487// tag. You can’t add, edit, or delete system tag keys because they're 13488// reserved for AWS use. System tags don’t count against your tags per 13489// resource limit. 13490// 13491// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 13492// for the operation. 13493// 13494// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 13495// than allowed. 13496// 13497// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 13498// value than allowed. 13499// 13500// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 13501// than allowed. 13502// 13503// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 13504// value than allowed. 13505// 13506// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 13507// between entities in the same root. 13508// 13509// * MalformedPolicyDocumentException 13510// The provided policy document doesn't meet the requirements of the specified 13511// policy type. For example, the syntax might be incorrect. For details about 13512// service control policy syntax, see Service Control Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html) 13513// in the AWS Organizations User Guide. 13514// 13515// * PolicyNotFoundException 13516// We can't find a policy with the PolicyId that you specified. 13517// 13518// * ServiceException 13519// AWS Organizations can't complete your request because of an internal service 13520// error. Try again later. 13521// 13522// * TooManyRequestsException 13523// You have sent too many requests in too short a period of time. The quota 13524// helps protect against denial-of-service attacks. Try again later. 13525// 13526// For information about quotas that affect AWS Organizations, see Quotas for 13527// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 13528// the AWS Organizations User Guide. 13529// 13530// * UnsupportedAPIEndpointException 13531// This action isn't available in the current AWS Region. 13532// 13533// * PolicyChangesInProgressException 13534// Changes to the effective policy are in progress, and its contents can't be 13535// returned. Try the operation again later. 13536// 13537// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdatePolicy 13538func (c *Organizations) UpdatePolicy(input *UpdatePolicyInput) (*UpdatePolicyOutput, error) { 13539 req, out := c.UpdatePolicyRequest(input) 13540 return out, req.Send() 13541} 13542 13543// UpdatePolicyWithContext is the same as UpdatePolicy with the addition of 13544// the ability to pass a context and additional request options. 13545// 13546// See UpdatePolicy for details on how to use this API operation. 13547// 13548// The context must be non-nil and will be used for request cancellation. If 13549// the context is nil a panic will occur. In the future the SDK may create 13550// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 13551// for more information on using Contexts. 13552func (c *Organizations) UpdatePolicyWithContext(ctx aws.Context, input *UpdatePolicyInput, opts ...request.Option) (*UpdatePolicyOutput, error) { 13553 req, out := c.UpdatePolicyRequest(input) 13554 req.SetContext(ctx) 13555 req.ApplyOptions(opts...) 13556 return out, req.Send() 13557} 13558 13559// Your account isn't a member of an organization. To make this request, you 13560// must use the credentials of an account that belongs to an organization. 13561type AWSOrganizationsNotInUseException struct { 13562 _ struct{} `type:"structure"` 13563 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 13564 13565 Message_ *string `locationName:"Message" type:"string"` 13566} 13567 13568// String returns the string representation 13569func (s AWSOrganizationsNotInUseException) String() string { 13570 return awsutil.Prettify(s) 13571} 13572 13573// GoString returns the string representation 13574func (s AWSOrganizationsNotInUseException) GoString() string { 13575 return s.String() 13576} 13577 13578func newErrorAWSOrganizationsNotInUseException(v protocol.ResponseMetadata) error { 13579 return &AWSOrganizationsNotInUseException{ 13580 RespMetadata: v, 13581 } 13582} 13583 13584// Code returns the exception type name. 13585func (s *AWSOrganizationsNotInUseException) Code() string { 13586 return "AWSOrganizationsNotInUseException" 13587} 13588 13589// Message returns the exception's message. 13590func (s *AWSOrganizationsNotInUseException) Message() string { 13591 if s.Message_ != nil { 13592 return *s.Message_ 13593 } 13594 return "" 13595} 13596 13597// OrigErr always returns nil, satisfies awserr.Error interface. 13598func (s *AWSOrganizationsNotInUseException) OrigErr() error { 13599 return nil 13600} 13601 13602func (s *AWSOrganizationsNotInUseException) Error() string { 13603 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 13604} 13605 13606// Status code returns the HTTP status code for the request's response error. 13607func (s *AWSOrganizationsNotInUseException) StatusCode() int { 13608 return s.RespMetadata.StatusCode 13609} 13610 13611// RequestID returns the service's response RequestID for request. 13612func (s *AWSOrganizationsNotInUseException) RequestID() string { 13613 return s.RespMetadata.RequestID 13614} 13615 13616type AcceptHandshakeInput struct { 13617 _ struct{} `type:"structure"` 13618 13619 // The unique identifier (ID) of the handshake that you want to accept. 13620 // 13621 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 13622 // requires "h-" followed by from 8 to 32 lowercase letters or digits. 13623 // 13624 // HandshakeId is a required field 13625 HandshakeId *string `type:"string" required:"true"` 13626} 13627 13628// String returns the string representation 13629func (s AcceptHandshakeInput) String() string { 13630 return awsutil.Prettify(s) 13631} 13632 13633// GoString returns the string representation 13634func (s AcceptHandshakeInput) GoString() string { 13635 return s.String() 13636} 13637 13638// Validate inspects the fields of the type to determine if they are valid. 13639func (s *AcceptHandshakeInput) Validate() error { 13640 invalidParams := request.ErrInvalidParams{Context: "AcceptHandshakeInput"} 13641 if s.HandshakeId == nil { 13642 invalidParams.Add(request.NewErrParamRequired("HandshakeId")) 13643 } 13644 13645 if invalidParams.Len() > 0 { 13646 return invalidParams 13647 } 13648 return nil 13649} 13650 13651// SetHandshakeId sets the HandshakeId field's value. 13652func (s *AcceptHandshakeInput) SetHandshakeId(v string) *AcceptHandshakeInput { 13653 s.HandshakeId = &v 13654 return s 13655} 13656 13657type AcceptHandshakeOutput struct { 13658 _ struct{} `type:"structure"` 13659 13660 // A structure that contains details about the accepted handshake. 13661 Handshake *Handshake `type:"structure"` 13662} 13663 13664// String returns the string representation 13665func (s AcceptHandshakeOutput) String() string { 13666 return awsutil.Prettify(s) 13667} 13668 13669// GoString returns the string representation 13670func (s AcceptHandshakeOutput) GoString() string { 13671 return s.String() 13672} 13673 13674// SetHandshake sets the Handshake field's value. 13675func (s *AcceptHandshakeOutput) SetHandshake(v *Handshake) *AcceptHandshakeOutput { 13676 s.Handshake = v 13677 return s 13678} 13679 13680// You don't have permissions to perform the requested operation. The user or 13681// role that is making the request must have at least one IAM permissions policy 13682// attached that grants the required permissions. For more information, see 13683// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 13684// in the IAM User Guide. 13685type AccessDeniedException struct { 13686 _ struct{} `type:"structure"` 13687 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 13688 13689 Message_ *string `locationName:"Message" type:"string"` 13690} 13691 13692// String returns the string representation 13693func (s AccessDeniedException) String() string { 13694 return awsutil.Prettify(s) 13695} 13696 13697// GoString returns the string representation 13698func (s AccessDeniedException) GoString() string { 13699 return s.String() 13700} 13701 13702func newErrorAccessDeniedException(v protocol.ResponseMetadata) error { 13703 return &AccessDeniedException{ 13704 RespMetadata: v, 13705 } 13706} 13707 13708// Code returns the exception type name. 13709func (s *AccessDeniedException) Code() string { 13710 return "AccessDeniedException" 13711} 13712 13713// Message returns the exception's message. 13714func (s *AccessDeniedException) Message() string { 13715 if s.Message_ != nil { 13716 return *s.Message_ 13717 } 13718 return "" 13719} 13720 13721// OrigErr always returns nil, satisfies awserr.Error interface. 13722func (s *AccessDeniedException) OrigErr() error { 13723 return nil 13724} 13725 13726func (s *AccessDeniedException) Error() string { 13727 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 13728} 13729 13730// Status code returns the HTTP status code for the request's response error. 13731func (s *AccessDeniedException) StatusCode() int { 13732 return s.RespMetadata.StatusCode 13733} 13734 13735// RequestID returns the service's response RequestID for request. 13736func (s *AccessDeniedException) RequestID() string { 13737 return s.RespMetadata.RequestID 13738} 13739 13740// The operation that you attempted requires you to have the iam:CreateServiceLinkedRole 13741// for organizations.amazonaws.com permission so that AWS Organizations can 13742// create the required service-linked role. You don't have that permission. 13743type AccessDeniedForDependencyException struct { 13744 _ struct{} `type:"structure"` 13745 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 13746 13747 Message_ *string `locationName:"Message" type:"string"` 13748 13749 Reason *string `type:"string" enum:"AccessDeniedForDependencyExceptionReason"` 13750} 13751 13752// String returns the string representation 13753func (s AccessDeniedForDependencyException) String() string { 13754 return awsutil.Prettify(s) 13755} 13756 13757// GoString returns the string representation 13758func (s AccessDeniedForDependencyException) GoString() string { 13759 return s.String() 13760} 13761 13762func newErrorAccessDeniedForDependencyException(v protocol.ResponseMetadata) error { 13763 return &AccessDeniedForDependencyException{ 13764 RespMetadata: v, 13765 } 13766} 13767 13768// Code returns the exception type name. 13769func (s *AccessDeniedForDependencyException) Code() string { 13770 return "AccessDeniedForDependencyException" 13771} 13772 13773// Message returns the exception's message. 13774func (s *AccessDeniedForDependencyException) Message() string { 13775 if s.Message_ != nil { 13776 return *s.Message_ 13777 } 13778 return "" 13779} 13780 13781// OrigErr always returns nil, satisfies awserr.Error interface. 13782func (s *AccessDeniedForDependencyException) OrigErr() error { 13783 return nil 13784} 13785 13786func (s *AccessDeniedForDependencyException) Error() string { 13787 return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) 13788} 13789 13790// Status code returns the HTTP status code for the request's response error. 13791func (s *AccessDeniedForDependencyException) StatusCode() int { 13792 return s.RespMetadata.StatusCode 13793} 13794 13795// RequestID returns the service's response RequestID for request. 13796func (s *AccessDeniedForDependencyException) RequestID() string { 13797 return s.RespMetadata.RequestID 13798} 13799 13800// Contains information about an AWS account that is a member of an organization. 13801type Account struct { 13802 _ struct{} `type:"structure"` 13803 13804 // The Amazon Resource Name (ARN) of the account. 13805 // 13806 // For more information about ARNs in Organizations, see ARN Formats Supported 13807 // by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) 13808 // in the AWS Organizations User Guide. 13809 Arn *string `type:"string"` 13810 13811 // The email address associated with the AWS account. 13812 // 13813 // The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is 13814 // a string of characters that represents a standard internet email address. 13815 Email *string `min:"6" type:"string" sensitive:"true"` 13816 13817 // The unique identifier (ID) of the account. 13818 // 13819 // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string 13820 // requires exactly 12 digits. 13821 Id *string `type:"string"` 13822 13823 // The method by which the account joined the organization. 13824 JoinedMethod *string `type:"string" enum:"AccountJoinedMethod"` 13825 13826 // The date the account became a part of the organization. 13827 JoinedTimestamp *time.Time `type:"timestamp"` 13828 13829 // The friendly name of the account. 13830 // 13831 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 13832 // this parameter is a string of any of the characters in the ASCII character 13833 // range. 13834 Name *string `min:"1" type:"string" sensitive:"true"` 13835 13836 // The status of the account in the organization. 13837 Status *string `type:"string" enum:"AccountStatus"` 13838} 13839 13840// String returns the string representation 13841func (s Account) String() string { 13842 return awsutil.Prettify(s) 13843} 13844 13845// GoString returns the string representation 13846func (s Account) GoString() string { 13847 return s.String() 13848} 13849 13850// SetArn sets the Arn field's value. 13851func (s *Account) SetArn(v string) *Account { 13852 s.Arn = &v 13853 return s 13854} 13855 13856// SetEmail sets the Email field's value. 13857func (s *Account) SetEmail(v string) *Account { 13858 s.Email = &v 13859 return s 13860} 13861 13862// SetId sets the Id field's value. 13863func (s *Account) SetId(v string) *Account { 13864 s.Id = &v 13865 return s 13866} 13867 13868// SetJoinedMethod sets the JoinedMethod field's value. 13869func (s *Account) SetJoinedMethod(v string) *Account { 13870 s.JoinedMethod = &v 13871 return s 13872} 13873 13874// SetJoinedTimestamp sets the JoinedTimestamp field's value. 13875func (s *Account) SetJoinedTimestamp(v time.Time) *Account { 13876 s.JoinedTimestamp = &v 13877 return s 13878} 13879 13880// SetName sets the Name field's value. 13881func (s *Account) SetName(v string) *Account { 13882 s.Name = &v 13883 return s 13884} 13885 13886// SetStatus sets the Status field's value. 13887func (s *Account) SetStatus(v string) *Account { 13888 s.Status = &v 13889 return s 13890} 13891 13892// The specified account is already a delegated administrator for this AWS service. 13893type AccountAlreadyRegisteredException struct { 13894 _ struct{} `type:"structure"` 13895 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 13896 13897 Message_ *string `locationName:"Message" type:"string"` 13898} 13899 13900// String returns the string representation 13901func (s AccountAlreadyRegisteredException) String() string { 13902 return awsutil.Prettify(s) 13903} 13904 13905// GoString returns the string representation 13906func (s AccountAlreadyRegisteredException) GoString() string { 13907 return s.String() 13908} 13909 13910func newErrorAccountAlreadyRegisteredException(v protocol.ResponseMetadata) error { 13911 return &AccountAlreadyRegisteredException{ 13912 RespMetadata: v, 13913 } 13914} 13915 13916// Code returns the exception type name. 13917func (s *AccountAlreadyRegisteredException) Code() string { 13918 return "AccountAlreadyRegisteredException" 13919} 13920 13921// Message returns the exception's message. 13922func (s *AccountAlreadyRegisteredException) Message() string { 13923 if s.Message_ != nil { 13924 return *s.Message_ 13925 } 13926 return "" 13927} 13928 13929// OrigErr always returns nil, satisfies awserr.Error interface. 13930func (s *AccountAlreadyRegisteredException) OrigErr() error { 13931 return nil 13932} 13933 13934func (s *AccountAlreadyRegisteredException) Error() string { 13935 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 13936} 13937 13938// Status code returns the HTTP status code for the request's response error. 13939func (s *AccountAlreadyRegisteredException) StatusCode() int { 13940 return s.RespMetadata.StatusCode 13941} 13942 13943// RequestID returns the service's response RequestID for request. 13944func (s *AccountAlreadyRegisteredException) RequestID() string { 13945 return s.RespMetadata.RequestID 13946} 13947 13948// We can't find an AWS account with the AccountId that you specified, or the 13949// account whose credentials you used to make this request isn't a member of 13950// an organization. 13951type AccountNotFoundException struct { 13952 _ struct{} `type:"structure"` 13953 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 13954 13955 Message_ *string `locationName:"Message" type:"string"` 13956} 13957 13958// String returns the string representation 13959func (s AccountNotFoundException) String() string { 13960 return awsutil.Prettify(s) 13961} 13962 13963// GoString returns the string representation 13964func (s AccountNotFoundException) GoString() string { 13965 return s.String() 13966} 13967 13968func newErrorAccountNotFoundException(v protocol.ResponseMetadata) error { 13969 return &AccountNotFoundException{ 13970 RespMetadata: v, 13971 } 13972} 13973 13974// Code returns the exception type name. 13975func (s *AccountNotFoundException) Code() string { 13976 return "AccountNotFoundException" 13977} 13978 13979// Message returns the exception's message. 13980func (s *AccountNotFoundException) Message() string { 13981 if s.Message_ != nil { 13982 return *s.Message_ 13983 } 13984 return "" 13985} 13986 13987// OrigErr always returns nil, satisfies awserr.Error interface. 13988func (s *AccountNotFoundException) OrigErr() error { 13989 return nil 13990} 13991 13992func (s *AccountNotFoundException) Error() string { 13993 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 13994} 13995 13996// Status code returns the HTTP status code for the request's response error. 13997func (s *AccountNotFoundException) StatusCode() int { 13998 return s.RespMetadata.StatusCode 13999} 14000 14001// RequestID returns the service's response RequestID for request. 14002func (s *AccountNotFoundException) RequestID() string { 14003 return s.RespMetadata.RequestID 14004} 14005 14006// The specified account is not a delegated administrator for this AWS service. 14007type AccountNotRegisteredException struct { 14008 _ struct{} `type:"structure"` 14009 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 14010 14011 Message_ *string `locationName:"Message" type:"string"` 14012} 14013 14014// String returns the string representation 14015func (s AccountNotRegisteredException) String() string { 14016 return awsutil.Prettify(s) 14017} 14018 14019// GoString returns the string representation 14020func (s AccountNotRegisteredException) GoString() string { 14021 return s.String() 14022} 14023 14024func newErrorAccountNotRegisteredException(v protocol.ResponseMetadata) error { 14025 return &AccountNotRegisteredException{ 14026 RespMetadata: v, 14027 } 14028} 14029 14030// Code returns the exception type name. 14031func (s *AccountNotRegisteredException) Code() string { 14032 return "AccountNotRegisteredException" 14033} 14034 14035// Message returns the exception's message. 14036func (s *AccountNotRegisteredException) Message() string { 14037 if s.Message_ != nil { 14038 return *s.Message_ 14039 } 14040 return "" 14041} 14042 14043// OrigErr always returns nil, satisfies awserr.Error interface. 14044func (s *AccountNotRegisteredException) OrigErr() error { 14045 return nil 14046} 14047 14048func (s *AccountNotRegisteredException) Error() string { 14049 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 14050} 14051 14052// Status code returns the HTTP status code for the request's response error. 14053func (s *AccountNotRegisteredException) StatusCode() int { 14054 return s.RespMetadata.StatusCode 14055} 14056 14057// RequestID returns the service's response RequestID for request. 14058func (s *AccountNotRegisteredException) RequestID() string { 14059 return s.RespMetadata.RequestID 14060} 14061 14062// You can't invite an existing account to your organization until you verify 14063// that you own the email address associated with the master account. For more 14064// information, see Email Address Verification (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_create.html#about-email-verification) 14065// in the AWS Organizations User Guide. 14066type AccountOwnerNotVerifiedException struct { 14067 _ struct{} `type:"structure"` 14068 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 14069 14070 Message_ *string `locationName:"Message" type:"string"` 14071} 14072 14073// String returns the string representation 14074func (s AccountOwnerNotVerifiedException) String() string { 14075 return awsutil.Prettify(s) 14076} 14077 14078// GoString returns the string representation 14079func (s AccountOwnerNotVerifiedException) GoString() string { 14080 return s.String() 14081} 14082 14083func newErrorAccountOwnerNotVerifiedException(v protocol.ResponseMetadata) error { 14084 return &AccountOwnerNotVerifiedException{ 14085 RespMetadata: v, 14086 } 14087} 14088 14089// Code returns the exception type name. 14090func (s *AccountOwnerNotVerifiedException) Code() string { 14091 return "AccountOwnerNotVerifiedException" 14092} 14093 14094// Message returns the exception's message. 14095func (s *AccountOwnerNotVerifiedException) Message() string { 14096 if s.Message_ != nil { 14097 return *s.Message_ 14098 } 14099 return "" 14100} 14101 14102// OrigErr always returns nil, satisfies awserr.Error interface. 14103func (s *AccountOwnerNotVerifiedException) OrigErr() error { 14104 return nil 14105} 14106 14107func (s *AccountOwnerNotVerifiedException) Error() string { 14108 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 14109} 14110 14111// Status code returns the HTTP status code for the request's response error. 14112func (s *AccountOwnerNotVerifiedException) StatusCode() int { 14113 return s.RespMetadata.StatusCode 14114} 14115 14116// RequestID returns the service's response RequestID for request. 14117func (s *AccountOwnerNotVerifiedException) RequestID() string { 14118 return s.RespMetadata.RequestID 14119} 14120 14121// This account is already a member of an organization. An account can belong 14122// to only one organization at a time. 14123type AlreadyInOrganizationException struct { 14124 _ struct{} `type:"structure"` 14125 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 14126 14127 Message_ *string `locationName:"Message" type:"string"` 14128} 14129 14130// String returns the string representation 14131func (s AlreadyInOrganizationException) String() string { 14132 return awsutil.Prettify(s) 14133} 14134 14135// GoString returns the string representation 14136func (s AlreadyInOrganizationException) GoString() string { 14137 return s.String() 14138} 14139 14140func newErrorAlreadyInOrganizationException(v protocol.ResponseMetadata) error { 14141 return &AlreadyInOrganizationException{ 14142 RespMetadata: v, 14143 } 14144} 14145 14146// Code returns the exception type name. 14147func (s *AlreadyInOrganizationException) Code() string { 14148 return "AlreadyInOrganizationException" 14149} 14150 14151// Message returns the exception's message. 14152func (s *AlreadyInOrganizationException) Message() string { 14153 if s.Message_ != nil { 14154 return *s.Message_ 14155 } 14156 return "" 14157} 14158 14159// OrigErr always returns nil, satisfies awserr.Error interface. 14160func (s *AlreadyInOrganizationException) OrigErr() error { 14161 return nil 14162} 14163 14164func (s *AlreadyInOrganizationException) Error() string { 14165 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 14166} 14167 14168// Status code returns the HTTP status code for the request's response error. 14169func (s *AlreadyInOrganizationException) StatusCode() int { 14170 return s.RespMetadata.StatusCode 14171} 14172 14173// RequestID returns the service's response RequestID for request. 14174func (s *AlreadyInOrganizationException) RequestID() string { 14175 return s.RespMetadata.RequestID 14176} 14177 14178type AttachPolicyInput struct { 14179 _ struct{} `type:"structure"` 14180 14181 // The unique identifier (ID) of the policy that you want to attach to the target. 14182 // You can get the ID for the policy by calling the ListPolicies operation. 14183 // 14184 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 14185 // requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits, 14186 // or the underscore character (_). 14187 // 14188 // PolicyId is a required field 14189 PolicyId *string `type:"string" required:"true"` 14190 14191 // The unique identifier (ID) of the root, OU, or account that you want to attach 14192 // the policy to. You can get the ID by calling the ListRoots, ListOrganizationalUnitsForParent, 14193 // or ListAccounts operations. 14194 // 14195 // The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string 14196 // requires one of the following: 14197 // 14198 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 14199 // letters or digits. 14200 // 14201 // * Account - A string that consists of exactly 12 digits. 14202 // 14203 // * Organizational unit (OU) - A string that begins with "ou-" followed 14204 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 14205 // OU is in). This string is followed by a second "-" dash and from 8 to 14206 // 32 additional lowercase letters or digits. 14207 // 14208 // TargetId is a required field 14209 TargetId *string `type:"string" required:"true"` 14210} 14211 14212// String returns the string representation 14213func (s AttachPolicyInput) String() string { 14214 return awsutil.Prettify(s) 14215} 14216 14217// GoString returns the string representation 14218func (s AttachPolicyInput) GoString() string { 14219 return s.String() 14220} 14221 14222// Validate inspects the fields of the type to determine if they are valid. 14223func (s *AttachPolicyInput) Validate() error { 14224 invalidParams := request.ErrInvalidParams{Context: "AttachPolicyInput"} 14225 if s.PolicyId == nil { 14226 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 14227 } 14228 if s.TargetId == nil { 14229 invalidParams.Add(request.NewErrParamRequired("TargetId")) 14230 } 14231 14232 if invalidParams.Len() > 0 { 14233 return invalidParams 14234 } 14235 return nil 14236} 14237 14238// SetPolicyId sets the PolicyId field's value. 14239func (s *AttachPolicyInput) SetPolicyId(v string) *AttachPolicyInput { 14240 s.PolicyId = &v 14241 return s 14242} 14243 14244// SetTargetId sets the TargetId field's value. 14245func (s *AttachPolicyInput) SetTargetId(v string) *AttachPolicyInput { 14246 s.TargetId = &v 14247 return s 14248} 14249 14250type AttachPolicyOutput struct { 14251 _ struct{} `type:"structure"` 14252} 14253 14254// String returns the string representation 14255func (s AttachPolicyOutput) String() string { 14256 return awsutil.Prettify(s) 14257} 14258 14259// GoString returns the string representation 14260func (s AttachPolicyOutput) GoString() string { 14261 return s.String() 14262} 14263 14264type CancelHandshakeInput struct { 14265 _ struct{} `type:"structure"` 14266 14267 // The unique identifier (ID) of the handshake that you want to cancel. You 14268 // can get the ID from the ListHandshakesForOrganization operation. 14269 // 14270 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 14271 // requires "h-" followed by from 8 to 32 lowercase letters or digits. 14272 // 14273 // HandshakeId is a required field 14274 HandshakeId *string `type:"string" required:"true"` 14275} 14276 14277// String returns the string representation 14278func (s CancelHandshakeInput) String() string { 14279 return awsutil.Prettify(s) 14280} 14281 14282// GoString returns the string representation 14283func (s CancelHandshakeInput) GoString() string { 14284 return s.String() 14285} 14286 14287// Validate inspects the fields of the type to determine if they are valid. 14288func (s *CancelHandshakeInput) Validate() error { 14289 invalidParams := request.ErrInvalidParams{Context: "CancelHandshakeInput"} 14290 if s.HandshakeId == nil { 14291 invalidParams.Add(request.NewErrParamRequired("HandshakeId")) 14292 } 14293 14294 if invalidParams.Len() > 0 { 14295 return invalidParams 14296 } 14297 return nil 14298} 14299 14300// SetHandshakeId sets the HandshakeId field's value. 14301func (s *CancelHandshakeInput) SetHandshakeId(v string) *CancelHandshakeInput { 14302 s.HandshakeId = &v 14303 return s 14304} 14305 14306type CancelHandshakeOutput struct { 14307 _ struct{} `type:"structure"` 14308 14309 // A structure that contains details about the handshake that you canceled. 14310 Handshake *Handshake `type:"structure"` 14311} 14312 14313// String returns the string representation 14314func (s CancelHandshakeOutput) String() string { 14315 return awsutil.Prettify(s) 14316} 14317 14318// GoString returns the string representation 14319func (s CancelHandshakeOutput) GoString() string { 14320 return s.String() 14321} 14322 14323// SetHandshake sets the Handshake field's value. 14324func (s *CancelHandshakeOutput) SetHandshake(v *Handshake) *CancelHandshakeOutput { 14325 s.Handshake = v 14326 return s 14327} 14328 14329// Contains a list of child entities, either OUs or accounts. 14330type Child struct { 14331 _ struct{} `type:"structure"` 14332 14333 // The unique identifier (ID) of this child entity. 14334 // 14335 // The regex pattern (http://wikipedia.org/wiki/regex) for a child ID string 14336 // requires one of the following: 14337 // 14338 // * Account: A string that consists of exactly 12 digits. 14339 // 14340 // * Organizational unit (OU): A string that begins with "ou-" followed by 14341 // from 4 to 32 lower-case letters or digits (the ID of the root that contains 14342 // the OU). This string is followed by a second "-" dash and from 8 to 32 14343 // additional lower-case letters or digits. 14344 Id *string `type:"string"` 14345 14346 // The type of this child entity. 14347 Type *string `type:"string" enum:"ChildType"` 14348} 14349 14350// String returns the string representation 14351func (s Child) String() string { 14352 return awsutil.Prettify(s) 14353} 14354 14355// GoString returns the string representation 14356func (s Child) GoString() string { 14357 return s.String() 14358} 14359 14360// SetId sets the Id field's value. 14361func (s *Child) SetId(v string) *Child { 14362 s.Id = &v 14363 return s 14364} 14365 14366// SetType sets the Type field's value. 14367func (s *Child) SetType(v string) *Child { 14368 s.Type = &v 14369 return s 14370} 14371 14372// We can't find an organizational unit (OU) or AWS account with the ChildId 14373// that you specified. 14374type ChildNotFoundException struct { 14375 _ struct{} `type:"structure"` 14376 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 14377 14378 Message_ *string `locationName:"Message" type:"string"` 14379} 14380 14381// String returns the string representation 14382func (s ChildNotFoundException) String() string { 14383 return awsutil.Prettify(s) 14384} 14385 14386// GoString returns the string representation 14387func (s ChildNotFoundException) GoString() string { 14388 return s.String() 14389} 14390 14391func newErrorChildNotFoundException(v protocol.ResponseMetadata) error { 14392 return &ChildNotFoundException{ 14393 RespMetadata: v, 14394 } 14395} 14396 14397// Code returns the exception type name. 14398func (s *ChildNotFoundException) Code() string { 14399 return "ChildNotFoundException" 14400} 14401 14402// Message returns the exception's message. 14403func (s *ChildNotFoundException) Message() string { 14404 if s.Message_ != nil { 14405 return *s.Message_ 14406 } 14407 return "" 14408} 14409 14410// OrigErr always returns nil, satisfies awserr.Error interface. 14411func (s *ChildNotFoundException) OrigErr() error { 14412 return nil 14413} 14414 14415func (s *ChildNotFoundException) Error() string { 14416 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 14417} 14418 14419// Status code returns the HTTP status code for the request's response error. 14420func (s *ChildNotFoundException) StatusCode() int { 14421 return s.RespMetadata.StatusCode 14422} 14423 14424// RequestID returns the service's response RequestID for request. 14425func (s *ChildNotFoundException) RequestID() string { 14426 return s.RespMetadata.RequestID 14427} 14428 14429// The target of the operation is currently being modified by a different request. 14430// Try again later. 14431type ConcurrentModificationException struct { 14432 _ struct{} `type:"structure"` 14433 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 14434 14435 Message_ *string `locationName:"Message" type:"string"` 14436} 14437 14438// String returns the string representation 14439func (s ConcurrentModificationException) String() string { 14440 return awsutil.Prettify(s) 14441} 14442 14443// GoString returns the string representation 14444func (s ConcurrentModificationException) GoString() string { 14445 return s.String() 14446} 14447 14448func newErrorConcurrentModificationException(v protocol.ResponseMetadata) error { 14449 return &ConcurrentModificationException{ 14450 RespMetadata: v, 14451 } 14452} 14453 14454// Code returns the exception type name. 14455func (s *ConcurrentModificationException) Code() string { 14456 return "ConcurrentModificationException" 14457} 14458 14459// Message returns the exception's message. 14460func (s *ConcurrentModificationException) Message() string { 14461 if s.Message_ != nil { 14462 return *s.Message_ 14463 } 14464 return "" 14465} 14466 14467// OrigErr always returns nil, satisfies awserr.Error interface. 14468func (s *ConcurrentModificationException) OrigErr() error { 14469 return nil 14470} 14471 14472func (s *ConcurrentModificationException) Error() string { 14473 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 14474} 14475 14476// Status code returns the HTTP status code for the request's response error. 14477func (s *ConcurrentModificationException) StatusCode() int { 14478 return s.RespMetadata.StatusCode 14479} 14480 14481// RequestID returns the service's response RequestID for request. 14482func (s *ConcurrentModificationException) RequestID() string { 14483 return s.RespMetadata.RequestID 14484} 14485 14486// Performing this operation violates a minimum or maximum value limit. For 14487// example, attempting to remove the last service control policy (SCP) from 14488// an OU or root, inviting or creating too many accounts to the organization, 14489// or attaching too many policies to an account, OU, or root. This exception 14490// includes a reason that contains additional information about the violated 14491// limit: 14492// 14493// Some of the reasons in the following list might not be applicable to this 14494// specific API or operation. 14495// 14496// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the master 14497// account from the organization. You can't remove the master account. Instead, 14498// after you remove all member accounts, delete the organization itself. 14499// 14500// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 14501// from the organization that doesn't yet have enough information to exist 14502// as a standalone account. This account requires you to first agree to the 14503// AWS Customer Agreement. Follow the steps at Removing a member account 14504// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 14505// the AWS Organizations User Guide. 14506// 14507// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 14508// an account from the organization that doesn't yet have enough information 14509// to exist as a standalone account. This account requires you to first complete 14510// phone verification. Follow the steps at Removing a member account from 14511// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 14512// in the AWS Organizations User Guide. 14513// 14514// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 14515// of accounts that you can create in one day. 14516// 14517// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 14518// the number of accounts in an organization. If you need more accounts, 14519// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 14520// request an increase in your limit. Or the number of invitations that you 14521// tried to send would cause you to exceed the limit of accounts in your 14522// organization. Send fewer invitations or contact AWS Support to request 14523// an increase in the number of accounts. Deleted and closed accounts still 14524// count toward your limit. If you get this exception when running a command 14525// immediately after creating the organization, wait one hour and try again. 14526// After an hour, if the command continues to fail with this error, contact 14527// AWS Support (https://console.aws.amazon.com/support/home#/). 14528// 14529// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 14530// register the master account of the organization as a delegated administrator 14531// for an AWS service integrated with Organizations. You can designate only 14532// a member account as a delegated administrator. 14533// 14534// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 14535// an account that is registered as a delegated administrator for a service 14536// integrated with your organization. To complete this operation, you must 14537// first deregister this account as a delegated administrator. 14538// 14539// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 14540// organization in the specified region, you must enable all features mode. 14541// 14542// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 14543// an AWS account as a delegated administrator for an AWS service that already 14544// has a delegated administrator. To complete this operation, you must first 14545// deregister any existing delegated administrators for this service. 14546// 14547// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 14548// valid for a limited period of time. You must resubmit the request and 14549// generate a new verfication code. 14550// 14551// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 14552// handshakes that you can send in one day. 14553// 14554// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 14555// in this organization, you first must migrate the organization's master 14556// account to the marketplace that corresponds to the master account's address. 14557// For example, accounts with India addresses must be associated with the 14558// AISPL marketplace. All accounts in an organization must be associated 14559// with the same marketplace. 14560// 14561// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 14562// in China. To create an organization, the master must have an valid business 14563// license. For more information, contact customer support. 14564// 14565// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 14566// must first provide a valid contact address and phone number for the master 14567// account. Then try the operation again. 14568// 14569// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 14570// master account must have an associated account in the AWS GovCloud (US-West) 14571// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 14572// in the AWS GovCloud User Guide. 14573// 14574// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 14575// with this master account, you first must associate a valid payment instrument, 14576// such as a credit card, with the account. Follow the steps at To leave 14577// an organization when all required account information has not yet been 14578// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 14579// in the AWS Organizations User Guide. 14580// 14581// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 14582// to register more delegated administrators than allowed for the service 14583// principal. 14584// 14585// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 14586// number of policies of a certain type that can be attached to an entity 14587// at one time. 14588// 14589// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 14590// on this resource. 14591// 14592// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 14593// with this member account, you first must associate a valid payment instrument, 14594// such as a credit card, with the account. Follow the steps at To leave 14595// an organization when all required account information has not yet been 14596// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 14597// in the AWS Organizations User Guide. 14598// 14599// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 14600// policy from an entity that would cause the entity to have fewer than the 14601// minimum number of policies of a certain type required. 14602// 14603// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 14604// that requires the organization to be configured to support all features. 14605// An organization that supports only consolidated billing features can't 14606// perform this operation. 14607// 14608// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 14609// too many levels deep. 14610// 14611// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 14612// that you can have in an organization. 14613// 14614// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 14615// is larger than the maximum size. 14616// 14617// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 14618// policies that you can have in an organization. 14619// 14620// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 14621// tags that are not compliant with the tag policy requirements for this 14622// account. 14623type ConstraintViolationException struct { 14624 _ struct{} `type:"structure"` 14625 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 14626 14627 Message_ *string `locationName:"Message" type:"string"` 14628 14629 Reason *string `type:"string" enum:"ConstraintViolationExceptionReason"` 14630} 14631 14632// String returns the string representation 14633func (s ConstraintViolationException) String() string { 14634 return awsutil.Prettify(s) 14635} 14636 14637// GoString returns the string representation 14638func (s ConstraintViolationException) GoString() string { 14639 return s.String() 14640} 14641 14642func newErrorConstraintViolationException(v protocol.ResponseMetadata) error { 14643 return &ConstraintViolationException{ 14644 RespMetadata: v, 14645 } 14646} 14647 14648// Code returns the exception type name. 14649func (s *ConstraintViolationException) Code() string { 14650 return "ConstraintViolationException" 14651} 14652 14653// Message returns the exception's message. 14654func (s *ConstraintViolationException) Message() string { 14655 if s.Message_ != nil { 14656 return *s.Message_ 14657 } 14658 return "" 14659} 14660 14661// OrigErr always returns nil, satisfies awserr.Error interface. 14662func (s *ConstraintViolationException) OrigErr() error { 14663 return nil 14664} 14665 14666func (s *ConstraintViolationException) Error() string { 14667 return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) 14668} 14669 14670// Status code returns the HTTP status code for the request's response error. 14671func (s *ConstraintViolationException) StatusCode() int { 14672 return s.RespMetadata.StatusCode 14673} 14674 14675// RequestID returns the service's response RequestID for request. 14676func (s *ConstraintViolationException) RequestID() string { 14677 return s.RespMetadata.RequestID 14678} 14679 14680type CreateAccountInput struct { 14681 _ struct{} `type:"structure"` 14682 14683 // The friendly name of the member account. 14684 // 14685 // AccountName is a required field 14686 AccountName *string `min:"1" type:"string" required:"true" sensitive:"true"` 14687 14688 // The email address of the owner to assign to the new member account. This 14689 // email address must not already be associated with another AWS account. You 14690 // must use a valid email address to complete account creation. You can't access 14691 // the root user of the account or remove an account that was created with an 14692 // invalid email address. 14693 // 14694 // Email is a required field 14695 Email *string `min:"6" type:"string" required:"true" sensitive:"true"` 14696 14697 // If set to ALLOW, the new account enables IAM users to access account billing 14698 // information if they have the required permissions. If set to DENY, only the 14699 // root user of the new account can access account billing information. For 14700 // more information, see Activating Access to the Billing and Cost Management 14701 // Console (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate) 14702 // in the AWS Billing and Cost Management User Guide. 14703 // 14704 // If you don't specify this parameter, the value defaults to ALLOW, and IAM 14705 // users and roles with the required permissions can access billing information 14706 // for the new account. 14707 IamUserAccessToBilling *string `type:"string" enum:"IAMUserAccessToBilling"` 14708 14709 // (Optional) 14710 // 14711 // The name of an IAM role that AWS Organizations automatically preconfigures 14712 // in the new member account. This role trusts the master account, allowing 14713 // users in the master account to assume the role, as permitted by the master 14714 // account administrator. The role has administrator permissions in the new 14715 // member account. 14716 // 14717 // If you don't specify this parameter, the role name defaults to OrganizationAccountAccessRole. 14718 // 14719 // For more information about how to use this role to access the member account, 14720 // see the following links: 14721 // 14722 // * Accessing and Administering the Member Accounts in Your Organization 14723 // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role) 14724 // in the AWS Organizations User Guide 14725 // 14726 // * Steps 2 and 3 in Tutorial: Delegate Access Across AWS Accounts Using 14727 // IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html) 14728 // in the IAM User Guide 14729 // 14730 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 14731 // this parameter. The pattern can include uppercase letters, lowercase letters, 14732 // digits with no spaces, and any of the following characters: =,.@- 14733 RoleName *string `type:"string"` 14734} 14735 14736// String returns the string representation 14737func (s CreateAccountInput) String() string { 14738 return awsutil.Prettify(s) 14739} 14740 14741// GoString returns the string representation 14742func (s CreateAccountInput) GoString() string { 14743 return s.String() 14744} 14745 14746// Validate inspects the fields of the type to determine if they are valid. 14747func (s *CreateAccountInput) Validate() error { 14748 invalidParams := request.ErrInvalidParams{Context: "CreateAccountInput"} 14749 if s.AccountName == nil { 14750 invalidParams.Add(request.NewErrParamRequired("AccountName")) 14751 } 14752 if s.AccountName != nil && len(*s.AccountName) < 1 { 14753 invalidParams.Add(request.NewErrParamMinLen("AccountName", 1)) 14754 } 14755 if s.Email == nil { 14756 invalidParams.Add(request.NewErrParamRequired("Email")) 14757 } 14758 if s.Email != nil && len(*s.Email) < 6 { 14759 invalidParams.Add(request.NewErrParamMinLen("Email", 6)) 14760 } 14761 14762 if invalidParams.Len() > 0 { 14763 return invalidParams 14764 } 14765 return nil 14766} 14767 14768// SetAccountName sets the AccountName field's value. 14769func (s *CreateAccountInput) SetAccountName(v string) *CreateAccountInput { 14770 s.AccountName = &v 14771 return s 14772} 14773 14774// SetEmail sets the Email field's value. 14775func (s *CreateAccountInput) SetEmail(v string) *CreateAccountInput { 14776 s.Email = &v 14777 return s 14778} 14779 14780// SetIamUserAccessToBilling sets the IamUserAccessToBilling field's value. 14781func (s *CreateAccountInput) SetIamUserAccessToBilling(v string) *CreateAccountInput { 14782 s.IamUserAccessToBilling = &v 14783 return s 14784} 14785 14786// SetRoleName sets the RoleName field's value. 14787func (s *CreateAccountInput) SetRoleName(v string) *CreateAccountInput { 14788 s.RoleName = &v 14789 return s 14790} 14791 14792type CreateAccountOutput struct { 14793 _ struct{} `type:"structure"` 14794 14795 // A structure that contains details about the request to create an account. 14796 // This response structure might not be fully populated when you first receive 14797 // it because account creation is an asynchronous process. You can pass the 14798 // returned CreateAccountStatus ID as a parameter to DescribeCreateAccountStatus 14799 // to get status about the progress of the request at later times. You can also 14800 // check the AWS CloudTrail log for the CreateAccountResult event. For more 14801 // information, see Monitoring the Activity in Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_monitoring.html) 14802 // in the AWS Organizations User Guide. 14803 CreateAccountStatus *CreateAccountStatus `type:"structure"` 14804} 14805 14806// String returns the string representation 14807func (s CreateAccountOutput) String() string { 14808 return awsutil.Prettify(s) 14809} 14810 14811// GoString returns the string representation 14812func (s CreateAccountOutput) GoString() string { 14813 return s.String() 14814} 14815 14816// SetCreateAccountStatus sets the CreateAccountStatus field's value. 14817func (s *CreateAccountOutput) SetCreateAccountStatus(v *CreateAccountStatus) *CreateAccountOutput { 14818 s.CreateAccountStatus = v 14819 return s 14820} 14821 14822// Contains the status about a CreateAccount or CreateGovCloudAccount request 14823// to create an AWS account or an AWS GovCloud (US) account in an organization. 14824type CreateAccountStatus struct { 14825 _ struct{} `type:"structure"` 14826 14827 // If the account was created successfully, the unique identifier (ID) of the 14828 // new account. 14829 // 14830 // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string 14831 // requires exactly 12 digits. 14832 AccountId *string `type:"string"` 14833 14834 // The account name given to the account when it was created. 14835 AccountName *string `min:"1" type:"string" sensitive:"true"` 14836 14837 // The date and time that the account was created and the request completed. 14838 CompletedTimestamp *time.Time `type:"timestamp"` 14839 14840 // If the request failed, a description of the reason for the failure. 14841 // 14842 // * ACCOUNT_LIMIT_EXCEEDED: The account could not be created because you 14843 // have reached the limit on the number of accounts in your organization. 14844 // 14845 // * EMAIL_ALREADY_EXISTS: The account could not be created because another 14846 // AWS account with that email address already exists. 14847 // 14848 // * GOVCLOUD_ACCOUNT_ALREADY_EXISTS: The account in the AWS GovCloud (US) 14849 // Region could not be created because this Region already includes an account 14850 // with that email address. 14851 // 14852 // * INVALID_ADDRESS: The account could not be created because the address 14853 // you provided is not valid. 14854 // 14855 // * INVALID_EMAIL: The account could not be created because the email address 14856 // you provided is not valid. 14857 // 14858 // * INTERNAL_FAILURE: The account could not be created because of an internal 14859 // failure. Try again later. If the problem persists, contact Customer Support. 14860 FailureReason *string `type:"string" enum:"CreateAccountFailureReason"` 14861 14862 // If the account was created successfully, the unique identifier (ID) of the 14863 // new account in the AWS GovCloud (US) Region. 14864 GovCloudAccountId *string `type:"string"` 14865 14866 // The unique identifier (ID) that references this request. You get this value 14867 // from the response of the initial CreateAccount request to create the account. 14868 // 14869 // The regex pattern (http://wikipedia.org/wiki/regex) for a create account 14870 // request ID string requires "car-" followed by from 8 to 32 lower-case letters 14871 // or digits. 14872 Id *string `type:"string"` 14873 14874 // The date and time that the request was made for the account creation. 14875 RequestedTimestamp *time.Time `type:"timestamp"` 14876 14877 // The status of the request. 14878 State *string `type:"string" enum:"CreateAccountState"` 14879} 14880 14881// String returns the string representation 14882func (s CreateAccountStatus) String() string { 14883 return awsutil.Prettify(s) 14884} 14885 14886// GoString returns the string representation 14887func (s CreateAccountStatus) GoString() string { 14888 return s.String() 14889} 14890 14891// SetAccountId sets the AccountId field's value. 14892func (s *CreateAccountStatus) SetAccountId(v string) *CreateAccountStatus { 14893 s.AccountId = &v 14894 return s 14895} 14896 14897// SetAccountName sets the AccountName field's value. 14898func (s *CreateAccountStatus) SetAccountName(v string) *CreateAccountStatus { 14899 s.AccountName = &v 14900 return s 14901} 14902 14903// SetCompletedTimestamp sets the CompletedTimestamp field's value. 14904func (s *CreateAccountStatus) SetCompletedTimestamp(v time.Time) *CreateAccountStatus { 14905 s.CompletedTimestamp = &v 14906 return s 14907} 14908 14909// SetFailureReason sets the FailureReason field's value. 14910func (s *CreateAccountStatus) SetFailureReason(v string) *CreateAccountStatus { 14911 s.FailureReason = &v 14912 return s 14913} 14914 14915// SetGovCloudAccountId sets the GovCloudAccountId field's value. 14916func (s *CreateAccountStatus) SetGovCloudAccountId(v string) *CreateAccountStatus { 14917 s.GovCloudAccountId = &v 14918 return s 14919} 14920 14921// SetId sets the Id field's value. 14922func (s *CreateAccountStatus) SetId(v string) *CreateAccountStatus { 14923 s.Id = &v 14924 return s 14925} 14926 14927// SetRequestedTimestamp sets the RequestedTimestamp field's value. 14928func (s *CreateAccountStatus) SetRequestedTimestamp(v time.Time) *CreateAccountStatus { 14929 s.RequestedTimestamp = &v 14930 return s 14931} 14932 14933// SetState sets the State field's value. 14934func (s *CreateAccountStatus) SetState(v string) *CreateAccountStatus { 14935 s.State = &v 14936 return s 14937} 14938 14939// We can't find an create account request with the CreateAccountRequestId that 14940// you specified. 14941type CreateAccountStatusNotFoundException struct { 14942 _ struct{} `type:"structure"` 14943 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 14944 14945 Message_ *string `locationName:"Message" type:"string"` 14946} 14947 14948// String returns the string representation 14949func (s CreateAccountStatusNotFoundException) String() string { 14950 return awsutil.Prettify(s) 14951} 14952 14953// GoString returns the string representation 14954func (s CreateAccountStatusNotFoundException) GoString() string { 14955 return s.String() 14956} 14957 14958func newErrorCreateAccountStatusNotFoundException(v protocol.ResponseMetadata) error { 14959 return &CreateAccountStatusNotFoundException{ 14960 RespMetadata: v, 14961 } 14962} 14963 14964// Code returns the exception type name. 14965func (s *CreateAccountStatusNotFoundException) Code() string { 14966 return "CreateAccountStatusNotFoundException" 14967} 14968 14969// Message returns the exception's message. 14970func (s *CreateAccountStatusNotFoundException) Message() string { 14971 if s.Message_ != nil { 14972 return *s.Message_ 14973 } 14974 return "" 14975} 14976 14977// OrigErr always returns nil, satisfies awserr.Error interface. 14978func (s *CreateAccountStatusNotFoundException) OrigErr() error { 14979 return nil 14980} 14981 14982func (s *CreateAccountStatusNotFoundException) Error() string { 14983 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 14984} 14985 14986// Status code returns the HTTP status code for the request's response error. 14987func (s *CreateAccountStatusNotFoundException) StatusCode() int { 14988 return s.RespMetadata.StatusCode 14989} 14990 14991// RequestID returns the service's response RequestID for request. 14992func (s *CreateAccountStatusNotFoundException) RequestID() string { 14993 return s.RespMetadata.RequestID 14994} 14995 14996type CreateGovCloudAccountInput struct { 14997 _ struct{} `type:"structure"` 14998 14999 // The friendly name of the member account. 15000 // 15001 // AccountName is a required field 15002 AccountName *string `min:"1" type:"string" required:"true" sensitive:"true"` 15003 15004 // The email address of the owner to assign to the new member account in the 15005 // commercial Region. This email address must not already be associated with 15006 // another AWS account. You must use a valid email address to complete account 15007 // creation. You can't access the root user of the account or remove an account 15008 // that was created with an invalid email address. Like all request parameters 15009 // for CreateGovCloudAccount, the request for the email address for the AWS 15010 // GovCloud (US) account originates from the commercial Region, not from the 15011 // AWS GovCloud (US) Region. 15012 // 15013 // Email is a required field 15014 Email *string `min:"6" type:"string" required:"true" sensitive:"true"` 15015 15016 // If set to ALLOW, the new linked account in the commercial Region enables 15017 // IAM users to access account billing information if they have the required 15018 // permissions. If set to DENY, only the root user of the new account can access 15019 // account billing information. For more information, see Activating Access 15020 // to the Billing and Cost Management Console (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate) 15021 // in the AWS Billing and Cost Management User Guide. 15022 // 15023 // If you don't specify this parameter, the value defaults to ALLOW, and IAM 15024 // users and roles with the required permissions can access billing information 15025 // for the new account. 15026 IamUserAccessToBilling *string `type:"string" enum:"IAMUserAccessToBilling"` 15027 15028 // (Optional) 15029 // 15030 // The name of an IAM role that AWS Organizations automatically preconfigures 15031 // in the new member accounts in both the AWS GovCloud (US) Region and in the 15032 // commercial Region. This role trusts the master account, allowing users in 15033 // the master account to assume the role, as permitted by the master account 15034 // administrator. The role has administrator permissions in the new member account. 15035 // 15036 // If you don't specify this parameter, the role name defaults to OrganizationAccountAccessRole. 15037 // 15038 // For more information about how to use this role to access the member account, 15039 // see Accessing and Administering the Member Accounts in Your Organization 15040 // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role) 15041 // in the AWS Organizations User Guide and steps 2 and 3 in Tutorial: Delegate 15042 // Access Across AWS Accounts Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html) 15043 // in the IAM User Guide. 15044 // 15045 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 15046 // this parameter. The pattern can include uppercase letters, lowercase letters, 15047 // digits with no spaces, and any of the following characters: =,.@- 15048 RoleName *string `type:"string"` 15049} 15050 15051// String returns the string representation 15052func (s CreateGovCloudAccountInput) String() string { 15053 return awsutil.Prettify(s) 15054} 15055 15056// GoString returns the string representation 15057func (s CreateGovCloudAccountInput) GoString() string { 15058 return s.String() 15059} 15060 15061// Validate inspects the fields of the type to determine if they are valid. 15062func (s *CreateGovCloudAccountInput) Validate() error { 15063 invalidParams := request.ErrInvalidParams{Context: "CreateGovCloudAccountInput"} 15064 if s.AccountName == nil { 15065 invalidParams.Add(request.NewErrParamRequired("AccountName")) 15066 } 15067 if s.AccountName != nil && len(*s.AccountName) < 1 { 15068 invalidParams.Add(request.NewErrParamMinLen("AccountName", 1)) 15069 } 15070 if s.Email == nil { 15071 invalidParams.Add(request.NewErrParamRequired("Email")) 15072 } 15073 if s.Email != nil && len(*s.Email) < 6 { 15074 invalidParams.Add(request.NewErrParamMinLen("Email", 6)) 15075 } 15076 15077 if invalidParams.Len() > 0 { 15078 return invalidParams 15079 } 15080 return nil 15081} 15082 15083// SetAccountName sets the AccountName field's value. 15084func (s *CreateGovCloudAccountInput) SetAccountName(v string) *CreateGovCloudAccountInput { 15085 s.AccountName = &v 15086 return s 15087} 15088 15089// SetEmail sets the Email field's value. 15090func (s *CreateGovCloudAccountInput) SetEmail(v string) *CreateGovCloudAccountInput { 15091 s.Email = &v 15092 return s 15093} 15094 15095// SetIamUserAccessToBilling sets the IamUserAccessToBilling field's value. 15096func (s *CreateGovCloudAccountInput) SetIamUserAccessToBilling(v string) *CreateGovCloudAccountInput { 15097 s.IamUserAccessToBilling = &v 15098 return s 15099} 15100 15101// SetRoleName sets the RoleName field's value. 15102func (s *CreateGovCloudAccountInput) SetRoleName(v string) *CreateGovCloudAccountInput { 15103 s.RoleName = &v 15104 return s 15105} 15106 15107type CreateGovCloudAccountOutput struct { 15108 _ struct{} `type:"structure"` 15109 15110 // Contains the status about a CreateAccount or CreateGovCloudAccount request 15111 // to create an AWS account or an AWS GovCloud (US) account in an organization. 15112 CreateAccountStatus *CreateAccountStatus `type:"structure"` 15113} 15114 15115// String returns the string representation 15116func (s CreateGovCloudAccountOutput) String() string { 15117 return awsutil.Prettify(s) 15118} 15119 15120// GoString returns the string representation 15121func (s CreateGovCloudAccountOutput) GoString() string { 15122 return s.String() 15123} 15124 15125// SetCreateAccountStatus sets the CreateAccountStatus field's value. 15126func (s *CreateGovCloudAccountOutput) SetCreateAccountStatus(v *CreateAccountStatus) *CreateGovCloudAccountOutput { 15127 s.CreateAccountStatus = v 15128 return s 15129} 15130 15131type CreateOrganizationInput struct { 15132 _ struct{} `type:"structure"` 15133 15134 // Specifies the feature set supported by the new organization. Each feature 15135 // set supports different levels of functionality. 15136 // 15137 // * CONSOLIDATED_BILLING: All member accounts have their bills consolidated 15138 // to and paid by the master account. For more information, see Consolidated 15139 // billing (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-cb-only) 15140 // in the AWS Organizations User Guide. The consolidated billing feature 15141 // subset isn't available for organizations in the AWS GovCloud (US) Region. 15142 // 15143 // * ALL: In addition to all the features supported by the consolidated billing 15144 // feature set, the master account can also apply any policy type to any 15145 // member account in the organization. For more information, see All features 15146 // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-all) 15147 // in the AWS Organizations User Guide. 15148 FeatureSet *string `type:"string" enum:"OrganizationFeatureSet"` 15149} 15150 15151// String returns the string representation 15152func (s CreateOrganizationInput) String() string { 15153 return awsutil.Prettify(s) 15154} 15155 15156// GoString returns the string representation 15157func (s CreateOrganizationInput) GoString() string { 15158 return s.String() 15159} 15160 15161// SetFeatureSet sets the FeatureSet field's value. 15162func (s *CreateOrganizationInput) SetFeatureSet(v string) *CreateOrganizationInput { 15163 s.FeatureSet = &v 15164 return s 15165} 15166 15167type CreateOrganizationOutput struct { 15168 _ struct{} `type:"structure"` 15169 15170 // A structure that contains details about the newly created organization. 15171 Organization *Organization `type:"structure"` 15172} 15173 15174// String returns the string representation 15175func (s CreateOrganizationOutput) String() string { 15176 return awsutil.Prettify(s) 15177} 15178 15179// GoString returns the string representation 15180func (s CreateOrganizationOutput) GoString() string { 15181 return s.String() 15182} 15183 15184// SetOrganization sets the Organization field's value. 15185func (s *CreateOrganizationOutput) SetOrganization(v *Organization) *CreateOrganizationOutput { 15186 s.Organization = v 15187 return s 15188} 15189 15190type CreateOrganizationalUnitInput struct { 15191 _ struct{} `type:"structure"` 15192 15193 // The friendly name to assign to the new OU. 15194 // 15195 // Name is a required field 15196 Name *string `min:"1" type:"string" required:"true"` 15197 15198 // The unique identifier (ID) of the parent root or OU that you want to create 15199 // the new OU in. 15200 // 15201 // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string 15202 // requires one of the following: 15203 // 15204 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 15205 // letters or digits. 15206 // 15207 // * Organizational unit (OU) - A string that begins with "ou-" followed 15208 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 15209 // OU is in). This string is followed by a second "-" dash and from 8 to 15210 // 32 additional lowercase letters or digits. 15211 // 15212 // ParentId is a required field 15213 ParentId *string `type:"string" required:"true"` 15214} 15215 15216// String returns the string representation 15217func (s CreateOrganizationalUnitInput) String() string { 15218 return awsutil.Prettify(s) 15219} 15220 15221// GoString returns the string representation 15222func (s CreateOrganizationalUnitInput) GoString() string { 15223 return s.String() 15224} 15225 15226// Validate inspects the fields of the type to determine if they are valid. 15227func (s *CreateOrganizationalUnitInput) Validate() error { 15228 invalidParams := request.ErrInvalidParams{Context: "CreateOrganizationalUnitInput"} 15229 if s.Name == nil { 15230 invalidParams.Add(request.NewErrParamRequired("Name")) 15231 } 15232 if s.Name != nil && len(*s.Name) < 1 { 15233 invalidParams.Add(request.NewErrParamMinLen("Name", 1)) 15234 } 15235 if s.ParentId == nil { 15236 invalidParams.Add(request.NewErrParamRequired("ParentId")) 15237 } 15238 15239 if invalidParams.Len() > 0 { 15240 return invalidParams 15241 } 15242 return nil 15243} 15244 15245// SetName sets the Name field's value. 15246func (s *CreateOrganizationalUnitInput) SetName(v string) *CreateOrganizationalUnitInput { 15247 s.Name = &v 15248 return s 15249} 15250 15251// SetParentId sets the ParentId field's value. 15252func (s *CreateOrganizationalUnitInput) SetParentId(v string) *CreateOrganizationalUnitInput { 15253 s.ParentId = &v 15254 return s 15255} 15256 15257type CreateOrganizationalUnitOutput struct { 15258 _ struct{} `type:"structure"` 15259 15260 // A structure that contains details about the newly created OU. 15261 OrganizationalUnit *OrganizationalUnit `type:"structure"` 15262} 15263 15264// String returns the string representation 15265func (s CreateOrganizationalUnitOutput) String() string { 15266 return awsutil.Prettify(s) 15267} 15268 15269// GoString returns the string representation 15270func (s CreateOrganizationalUnitOutput) GoString() string { 15271 return s.String() 15272} 15273 15274// SetOrganizationalUnit sets the OrganizationalUnit field's value. 15275func (s *CreateOrganizationalUnitOutput) SetOrganizationalUnit(v *OrganizationalUnit) *CreateOrganizationalUnitOutput { 15276 s.OrganizationalUnit = v 15277 return s 15278} 15279 15280type CreatePolicyInput struct { 15281 _ struct{} `type:"structure"` 15282 15283 // The policy text content to add to the new policy. The text that you supply 15284 // must adhere to the rules of the policy type you specify in the Type parameter. 15285 // 15286 // Content is a required field 15287 Content *string `min:"1" type:"string" required:"true"` 15288 15289 // An optional description to assign to the policy. 15290 // 15291 // Description is a required field 15292 Description *string `type:"string" required:"true"` 15293 15294 // The friendly name to assign to the policy. 15295 // 15296 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 15297 // this parameter is a string of any of the characters in the ASCII character 15298 // range. 15299 // 15300 // Name is a required field 15301 Name *string `min:"1" type:"string" required:"true"` 15302 15303 // The type of policy to create. You can specify one of the following values: 15304 // 15305 // * AISERVICES_OPT_OUT_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html) 15306 // 15307 // * BACKUP_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html) 15308 // 15309 // * SERVICE_CONTROL_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html) 15310 // 15311 // * TAG_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html) 15312 // 15313 // Type is a required field 15314 Type *string `type:"string" required:"true" enum:"PolicyType"` 15315} 15316 15317// String returns the string representation 15318func (s CreatePolicyInput) String() string { 15319 return awsutil.Prettify(s) 15320} 15321 15322// GoString returns the string representation 15323func (s CreatePolicyInput) GoString() string { 15324 return s.String() 15325} 15326 15327// Validate inspects the fields of the type to determine if they are valid. 15328func (s *CreatePolicyInput) Validate() error { 15329 invalidParams := request.ErrInvalidParams{Context: "CreatePolicyInput"} 15330 if s.Content == nil { 15331 invalidParams.Add(request.NewErrParamRequired("Content")) 15332 } 15333 if s.Content != nil && len(*s.Content) < 1 { 15334 invalidParams.Add(request.NewErrParamMinLen("Content", 1)) 15335 } 15336 if s.Description == nil { 15337 invalidParams.Add(request.NewErrParamRequired("Description")) 15338 } 15339 if s.Name == nil { 15340 invalidParams.Add(request.NewErrParamRequired("Name")) 15341 } 15342 if s.Name != nil && len(*s.Name) < 1 { 15343 invalidParams.Add(request.NewErrParamMinLen("Name", 1)) 15344 } 15345 if s.Type == nil { 15346 invalidParams.Add(request.NewErrParamRequired("Type")) 15347 } 15348 15349 if invalidParams.Len() > 0 { 15350 return invalidParams 15351 } 15352 return nil 15353} 15354 15355// SetContent sets the Content field's value. 15356func (s *CreatePolicyInput) SetContent(v string) *CreatePolicyInput { 15357 s.Content = &v 15358 return s 15359} 15360 15361// SetDescription sets the Description field's value. 15362func (s *CreatePolicyInput) SetDescription(v string) *CreatePolicyInput { 15363 s.Description = &v 15364 return s 15365} 15366 15367// SetName sets the Name field's value. 15368func (s *CreatePolicyInput) SetName(v string) *CreatePolicyInput { 15369 s.Name = &v 15370 return s 15371} 15372 15373// SetType sets the Type field's value. 15374func (s *CreatePolicyInput) SetType(v string) *CreatePolicyInput { 15375 s.Type = &v 15376 return s 15377} 15378 15379type CreatePolicyOutput struct { 15380 _ struct{} `type:"structure"` 15381 15382 // A structure that contains details about the newly created policy. 15383 Policy *Policy `type:"structure"` 15384} 15385 15386// String returns the string representation 15387func (s CreatePolicyOutput) String() string { 15388 return awsutil.Prettify(s) 15389} 15390 15391// GoString returns the string representation 15392func (s CreatePolicyOutput) GoString() string { 15393 return s.String() 15394} 15395 15396// SetPolicy sets the Policy field's value. 15397func (s *CreatePolicyOutput) SetPolicy(v *Policy) *CreatePolicyOutput { 15398 s.Policy = v 15399 return s 15400} 15401 15402type DeclineHandshakeInput struct { 15403 _ struct{} `type:"structure"` 15404 15405 // The unique identifier (ID) of the handshake that you want to decline. You 15406 // can get the ID from the ListHandshakesForAccount operation. 15407 // 15408 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 15409 // requires "h-" followed by from 8 to 32 lowercase letters or digits. 15410 // 15411 // HandshakeId is a required field 15412 HandshakeId *string `type:"string" required:"true"` 15413} 15414 15415// String returns the string representation 15416func (s DeclineHandshakeInput) String() string { 15417 return awsutil.Prettify(s) 15418} 15419 15420// GoString returns the string representation 15421func (s DeclineHandshakeInput) GoString() string { 15422 return s.String() 15423} 15424 15425// Validate inspects the fields of the type to determine if they are valid. 15426func (s *DeclineHandshakeInput) Validate() error { 15427 invalidParams := request.ErrInvalidParams{Context: "DeclineHandshakeInput"} 15428 if s.HandshakeId == nil { 15429 invalidParams.Add(request.NewErrParamRequired("HandshakeId")) 15430 } 15431 15432 if invalidParams.Len() > 0 { 15433 return invalidParams 15434 } 15435 return nil 15436} 15437 15438// SetHandshakeId sets the HandshakeId field's value. 15439func (s *DeclineHandshakeInput) SetHandshakeId(v string) *DeclineHandshakeInput { 15440 s.HandshakeId = &v 15441 return s 15442} 15443 15444type DeclineHandshakeOutput struct { 15445 _ struct{} `type:"structure"` 15446 15447 // A structure that contains details about the declined handshake. The state 15448 // is updated to show the value DECLINED. 15449 Handshake *Handshake `type:"structure"` 15450} 15451 15452// String returns the string representation 15453func (s DeclineHandshakeOutput) String() string { 15454 return awsutil.Prettify(s) 15455} 15456 15457// GoString returns the string representation 15458func (s DeclineHandshakeOutput) GoString() string { 15459 return s.String() 15460} 15461 15462// SetHandshake sets the Handshake field's value. 15463func (s *DeclineHandshakeOutput) SetHandshake(v *Handshake) *DeclineHandshakeOutput { 15464 s.Handshake = v 15465 return s 15466} 15467 15468// Contains information about the delegated administrator. 15469type DelegatedAdministrator struct { 15470 _ struct{} `type:"structure"` 15471 15472 // The Amazon Resource Name (ARN) of the delegated administrator's account. 15473 Arn *string `type:"string"` 15474 15475 // The date when the account was made a delegated administrator. 15476 DelegationEnabledDate *time.Time `type:"timestamp"` 15477 15478 // The email address that is associated with the delegated administrator's AWS 15479 // account. 15480 Email *string `min:"6" type:"string" sensitive:"true"` 15481 15482 // The unique identifier (ID) of the delegated administrator's account. 15483 Id *string `type:"string"` 15484 15485 // The method by which the delegated administrator's account joined the organization. 15486 JoinedMethod *string `type:"string" enum:"AccountJoinedMethod"` 15487 15488 // The date when the delegated administrator's account became a part of the 15489 // organization. 15490 JoinedTimestamp *time.Time `type:"timestamp"` 15491 15492 // The friendly name of the delegated administrator's account. 15493 Name *string `min:"1" type:"string" sensitive:"true"` 15494 15495 // The status of the delegated administrator's account in the organization. 15496 Status *string `type:"string" enum:"AccountStatus"` 15497} 15498 15499// String returns the string representation 15500func (s DelegatedAdministrator) String() string { 15501 return awsutil.Prettify(s) 15502} 15503 15504// GoString returns the string representation 15505func (s DelegatedAdministrator) GoString() string { 15506 return s.String() 15507} 15508 15509// SetArn sets the Arn field's value. 15510func (s *DelegatedAdministrator) SetArn(v string) *DelegatedAdministrator { 15511 s.Arn = &v 15512 return s 15513} 15514 15515// SetDelegationEnabledDate sets the DelegationEnabledDate field's value. 15516func (s *DelegatedAdministrator) SetDelegationEnabledDate(v time.Time) *DelegatedAdministrator { 15517 s.DelegationEnabledDate = &v 15518 return s 15519} 15520 15521// SetEmail sets the Email field's value. 15522func (s *DelegatedAdministrator) SetEmail(v string) *DelegatedAdministrator { 15523 s.Email = &v 15524 return s 15525} 15526 15527// SetId sets the Id field's value. 15528func (s *DelegatedAdministrator) SetId(v string) *DelegatedAdministrator { 15529 s.Id = &v 15530 return s 15531} 15532 15533// SetJoinedMethod sets the JoinedMethod field's value. 15534func (s *DelegatedAdministrator) SetJoinedMethod(v string) *DelegatedAdministrator { 15535 s.JoinedMethod = &v 15536 return s 15537} 15538 15539// SetJoinedTimestamp sets the JoinedTimestamp field's value. 15540func (s *DelegatedAdministrator) SetJoinedTimestamp(v time.Time) *DelegatedAdministrator { 15541 s.JoinedTimestamp = &v 15542 return s 15543} 15544 15545// SetName sets the Name field's value. 15546func (s *DelegatedAdministrator) SetName(v string) *DelegatedAdministrator { 15547 s.Name = &v 15548 return s 15549} 15550 15551// SetStatus sets the Status field's value. 15552func (s *DelegatedAdministrator) SetStatus(v string) *DelegatedAdministrator { 15553 s.Status = &v 15554 return s 15555} 15556 15557// Contains information about the AWS service for which the account is a delegated 15558// administrator. 15559type DelegatedService struct { 15560 _ struct{} `type:"structure"` 15561 15562 // The date that the account became a delegated administrator for this service. 15563 DelegationEnabledDate *time.Time `type:"timestamp"` 15564 15565 // The name of a service that can request an operation for the specified service. 15566 // This is typically in the form of a URL, such as: servicename.amazonaws.com. 15567 ServicePrincipal *string `min:"1" type:"string"` 15568} 15569 15570// String returns the string representation 15571func (s DelegatedService) String() string { 15572 return awsutil.Prettify(s) 15573} 15574 15575// GoString returns the string representation 15576func (s DelegatedService) GoString() string { 15577 return s.String() 15578} 15579 15580// SetDelegationEnabledDate sets the DelegationEnabledDate field's value. 15581func (s *DelegatedService) SetDelegationEnabledDate(v time.Time) *DelegatedService { 15582 s.DelegationEnabledDate = &v 15583 return s 15584} 15585 15586// SetServicePrincipal sets the ServicePrincipal field's value. 15587func (s *DelegatedService) SetServicePrincipal(v string) *DelegatedService { 15588 s.ServicePrincipal = &v 15589 return s 15590} 15591 15592type DeleteOrganizationInput struct { 15593 _ struct{} `type:"structure"` 15594} 15595 15596// String returns the string representation 15597func (s DeleteOrganizationInput) String() string { 15598 return awsutil.Prettify(s) 15599} 15600 15601// GoString returns the string representation 15602func (s DeleteOrganizationInput) GoString() string { 15603 return s.String() 15604} 15605 15606type DeleteOrganizationOutput struct { 15607 _ struct{} `type:"structure"` 15608} 15609 15610// String returns the string representation 15611func (s DeleteOrganizationOutput) String() string { 15612 return awsutil.Prettify(s) 15613} 15614 15615// GoString returns the string representation 15616func (s DeleteOrganizationOutput) GoString() string { 15617 return s.String() 15618} 15619 15620type DeleteOrganizationalUnitInput struct { 15621 _ struct{} `type:"structure"` 15622 15623 // The unique identifier (ID) of the organizational unit that you want to delete. 15624 // You can get the ID from the ListOrganizationalUnitsForParent operation. 15625 // 15626 // The regex pattern (http://wikipedia.org/wiki/regex) for an organizational 15627 // unit ID string requires "ou-" followed by from 4 to 32 lowercase letters 15628 // or digits (the ID of the root that contains the OU). This string is followed 15629 // by a second "-" dash and from 8 to 32 additional lowercase letters or digits. 15630 // 15631 // OrganizationalUnitId is a required field 15632 OrganizationalUnitId *string `type:"string" required:"true"` 15633} 15634 15635// String returns the string representation 15636func (s DeleteOrganizationalUnitInput) String() string { 15637 return awsutil.Prettify(s) 15638} 15639 15640// GoString returns the string representation 15641func (s DeleteOrganizationalUnitInput) GoString() string { 15642 return s.String() 15643} 15644 15645// Validate inspects the fields of the type to determine if they are valid. 15646func (s *DeleteOrganizationalUnitInput) Validate() error { 15647 invalidParams := request.ErrInvalidParams{Context: "DeleteOrganizationalUnitInput"} 15648 if s.OrganizationalUnitId == nil { 15649 invalidParams.Add(request.NewErrParamRequired("OrganizationalUnitId")) 15650 } 15651 15652 if invalidParams.Len() > 0 { 15653 return invalidParams 15654 } 15655 return nil 15656} 15657 15658// SetOrganizationalUnitId sets the OrganizationalUnitId field's value. 15659func (s *DeleteOrganizationalUnitInput) SetOrganizationalUnitId(v string) *DeleteOrganizationalUnitInput { 15660 s.OrganizationalUnitId = &v 15661 return s 15662} 15663 15664type DeleteOrganizationalUnitOutput struct { 15665 _ struct{} `type:"structure"` 15666} 15667 15668// String returns the string representation 15669func (s DeleteOrganizationalUnitOutput) String() string { 15670 return awsutil.Prettify(s) 15671} 15672 15673// GoString returns the string representation 15674func (s DeleteOrganizationalUnitOutput) GoString() string { 15675 return s.String() 15676} 15677 15678type DeletePolicyInput struct { 15679 _ struct{} `type:"structure"` 15680 15681 // The unique identifier (ID) of the policy that you want to delete. You can 15682 // get the ID from the ListPolicies or ListPoliciesForTarget operations. 15683 // 15684 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 15685 // requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits, 15686 // or the underscore character (_). 15687 // 15688 // PolicyId is a required field 15689 PolicyId *string `type:"string" required:"true"` 15690} 15691 15692// String returns the string representation 15693func (s DeletePolicyInput) String() string { 15694 return awsutil.Prettify(s) 15695} 15696 15697// GoString returns the string representation 15698func (s DeletePolicyInput) GoString() string { 15699 return s.String() 15700} 15701 15702// Validate inspects the fields of the type to determine if they are valid. 15703func (s *DeletePolicyInput) Validate() error { 15704 invalidParams := request.ErrInvalidParams{Context: "DeletePolicyInput"} 15705 if s.PolicyId == nil { 15706 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 15707 } 15708 15709 if invalidParams.Len() > 0 { 15710 return invalidParams 15711 } 15712 return nil 15713} 15714 15715// SetPolicyId sets the PolicyId field's value. 15716func (s *DeletePolicyInput) SetPolicyId(v string) *DeletePolicyInput { 15717 s.PolicyId = &v 15718 return s 15719} 15720 15721type DeletePolicyOutput struct { 15722 _ struct{} `type:"structure"` 15723} 15724 15725// String returns the string representation 15726func (s DeletePolicyOutput) String() string { 15727 return awsutil.Prettify(s) 15728} 15729 15730// GoString returns the string representation 15731func (s DeletePolicyOutput) GoString() string { 15732 return s.String() 15733} 15734 15735type DeregisterDelegatedAdministratorInput struct { 15736 _ struct{} `type:"structure"` 15737 15738 // The account ID number of the member account in the organization that you 15739 // want to deregister as a delegated administrator. 15740 // 15741 // AccountId is a required field 15742 AccountId *string `type:"string" required:"true"` 15743 15744 // The service principal name of an AWS service for which the account is a delegated 15745 // administrator. 15746 // 15747 // Delegated administrator privileges are revoked for only the specified AWS 15748 // service from the member account. If the specified service is the only service 15749 // for which the member account is a delegated administrator, the operation 15750 // also revokes Organizations read action permissions. 15751 // 15752 // ServicePrincipal is a required field 15753 ServicePrincipal *string `min:"1" type:"string" required:"true"` 15754} 15755 15756// String returns the string representation 15757func (s DeregisterDelegatedAdministratorInput) String() string { 15758 return awsutil.Prettify(s) 15759} 15760 15761// GoString returns the string representation 15762func (s DeregisterDelegatedAdministratorInput) GoString() string { 15763 return s.String() 15764} 15765 15766// Validate inspects the fields of the type to determine if they are valid. 15767func (s *DeregisterDelegatedAdministratorInput) Validate() error { 15768 invalidParams := request.ErrInvalidParams{Context: "DeregisterDelegatedAdministratorInput"} 15769 if s.AccountId == nil { 15770 invalidParams.Add(request.NewErrParamRequired("AccountId")) 15771 } 15772 if s.ServicePrincipal == nil { 15773 invalidParams.Add(request.NewErrParamRequired("ServicePrincipal")) 15774 } 15775 if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 { 15776 invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1)) 15777 } 15778 15779 if invalidParams.Len() > 0 { 15780 return invalidParams 15781 } 15782 return nil 15783} 15784 15785// SetAccountId sets the AccountId field's value. 15786func (s *DeregisterDelegatedAdministratorInput) SetAccountId(v string) *DeregisterDelegatedAdministratorInput { 15787 s.AccountId = &v 15788 return s 15789} 15790 15791// SetServicePrincipal sets the ServicePrincipal field's value. 15792func (s *DeregisterDelegatedAdministratorInput) SetServicePrincipal(v string) *DeregisterDelegatedAdministratorInput { 15793 s.ServicePrincipal = &v 15794 return s 15795} 15796 15797type DeregisterDelegatedAdministratorOutput struct { 15798 _ struct{} `type:"structure"` 15799} 15800 15801// String returns the string representation 15802func (s DeregisterDelegatedAdministratorOutput) String() string { 15803 return awsutil.Prettify(s) 15804} 15805 15806// GoString returns the string representation 15807func (s DeregisterDelegatedAdministratorOutput) GoString() string { 15808 return s.String() 15809} 15810 15811type DescribeAccountInput struct { 15812 _ struct{} `type:"structure"` 15813 15814 // The unique identifier (ID) of the AWS account that you want information about. 15815 // You can get the ID from the ListAccounts or ListAccountsForParent operations. 15816 // 15817 // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string 15818 // requires exactly 12 digits. 15819 // 15820 // AccountId is a required field 15821 AccountId *string `type:"string" required:"true"` 15822} 15823 15824// String returns the string representation 15825func (s DescribeAccountInput) String() string { 15826 return awsutil.Prettify(s) 15827} 15828 15829// GoString returns the string representation 15830func (s DescribeAccountInput) GoString() string { 15831 return s.String() 15832} 15833 15834// Validate inspects the fields of the type to determine if they are valid. 15835func (s *DescribeAccountInput) Validate() error { 15836 invalidParams := request.ErrInvalidParams{Context: "DescribeAccountInput"} 15837 if s.AccountId == nil { 15838 invalidParams.Add(request.NewErrParamRequired("AccountId")) 15839 } 15840 15841 if invalidParams.Len() > 0 { 15842 return invalidParams 15843 } 15844 return nil 15845} 15846 15847// SetAccountId sets the AccountId field's value. 15848func (s *DescribeAccountInput) SetAccountId(v string) *DescribeAccountInput { 15849 s.AccountId = &v 15850 return s 15851} 15852 15853type DescribeAccountOutput struct { 15854 _ struct{} `type:"structure"` 15855 15856 // A structure that contains information about the requested account. 15857 Account *Account `type:"structure"` 15858} 15859 15860// String returns the string representation 15861func (s DescribeAccountOutput) String() string { 15862 return awsutil.Prettify(s) 15863} 15864 15865// GoString returns the string representation 15866func (s DescribeAccountOutput) GoString() string { 15867 return s.String() 15868} 15869 15870// SetAccount sets the Account field's value. 15871func (s *DescribeAccountOutput) SetAccount(v *Account) *DescribeAccountOutput { 15872 s.Account = v 15873 return s 15874} 15875 15876type DescribeCreateAccountStatusInput struct { 15877 _ struct{} `type:"structure"` 15878 15879 // Specifies the operationId that uniquely identifies the request. You can get 15880 // the ID from the response to an earlier CreateAccount request, or from the 15881 // ListCreateAccountStatus operation. 15882 // 15883 // The regex pattern (http://wikipedia.org/wiki/regex) for a create account 15884 // request ID string requires "car-" followed by from 8 to 32 lowercase letters 15885 // or digits. 15886 // 15887 // CreateAccountRequestId is a required field 15888 CreateAccountRequestId *string `type:"string" required:"true"` 15889} 15890 15891// String returns the string representation 15892func (s DescribeCreateAccountStatusInput) String() string { 15893 return awsutil.Prettify(s) 15894} 15895 15896// GoString returns the string representation 15897func (s DescribeCreateAccountStatusInput) GoString() string { 15898 return s.String() 15899} 15900 15901// Validate inspects the fields of the type to determine if they are valid. 15902func (s *DescribeCreateAccountStatusInput) Validate() error { 15903 invalidParams := request.ErrInvalidParams{Context: "DescribeCreateAccountStatusInput"} 15904 if s.CreateAccountRequestId == nil { 15905 invalidParams.Add(request.NewErrParamRequired("CreateAccountRequestId")) 15906 } 15907 15908 if invalidParams.Len() > 0 { 15909 return invalidParams 15910 } 15911 return nil 15912} 15913 15914// SetCreateAccountRequestId sets the CreateAccountRequestId field's value. 15915func (s *DescribeCreateAccountStatusInput) SetCreateAccountRequestId(v string) *DescribeCreateAccountStatusInput { 15916 s.CreateAccountRequestId = &v 15917 return s 15918} 15919 15920type DescribeCreateAccountStatusOutput struct { 15921 _ struct{} `type:"structure"` 15922 15923 // A structure that contains the current status of an account creation request. 15924 CreateAccountStatus *CreateAccountStatus `type:"structure"` 15925} 15926 15927// String returns the string representation 15928func (s DescribeCreateAccountStatusOutput) String() string { 15929 return awsutil.Prettify(s) 15930} 15931 15932// GoString returns the string representation 15933func (s DescribeCreateAccountStatusOutput) GoString() string { 15934 return s.String() 15935} 15936 15937// SetCreateAccountStatus sets the CreateAccountStatus field's value. 15938func (s *DescribeCreateAccountStatusOutput) SetCreateAccountStatus(v *CreateAccountStatus) *DescribeCreateAccountStatusOutput { 15939 s.CreateAccountStatus = v 15940 return s 15941} 15942 15943type DescribeEffectivePolicyInput struct { 15944 _ struct{} `type:"structure"` 15945 15946 // The type of policy that you want information about. You can specify one of 15947 // the following values: 15948 // 15949 // * AISERVICES_OPT_OUT_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html) 15950 // 15951 // * BACKUP_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html) 15952 // 15953 // * TAG_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html) 15954 // 15955 // PolicyType is a required field 15956 PolicyType *string `type:"string" required:"true" enum:"EffectivePolicyType"` 15957 15958 // When you're signed in as the master account, specify the ID of the account 15959 // that you want details about. Specifying an organization root or organizational 15960 // unit (OU) as the target is not supported. 15961 TargetId *string `type:"string"` 15962} 15963 15964// String returns the string representation 15965func (s DescribeEffectivePolicyInput) String() string { 15966 return awsutil.Prettify(s) 15967} 15968 15969// GoString returns the string representation 15970func (s DescribeEffectivePolicyInput) GoString() string { 15971 return s.String() 15972} 15973 15974// Validate inspects the fields of the type to determine if they are valid. 15975func (s *DescribeEffectivePolicyInput) Validate() error { 15976 invalidParams := request.ErrInvalidParams{Context: "DescribeEffectivePolicyInput"} 15977 if s.PolicyType == nil { 15978 invalidParams.Add(request.NewErrParamRequired("PolicyType")) 15979 } 15980 15981 if invalidParams.Len() > 0 { 15982 return invalidParams 15983 } 15984 return nil 15985} 15986 15987// SetPolicyType sets the PolicyType field's value. 15988func (s *DescribeEffectivePolicyInput) SetPolicyType(v string) *DescribeEffectivePolicyInput { 15989 s.PolicyType = &v 15990 return s 15991} 15992 15993// SetTargetId sets the TargetId field's value. 15994func (s *DescribeEffectivePolicyInput) SetTargetId(v string) *DescribeEffectivePolicyInput { 15995 s.TargetId = &v 15996 return s 15997} 15998 15999type DescribeEffectivePolicyOutput struct { 16000 _ struct{} `type:"structure"` 16001 16002 // The contents of the effective policy. 16003 EffectivePolicy *EffectivePolicy `type:"structure"` 16004} 16005 16006// String returns the string representation 16007func (s DescribeEffectivePolicyOutput) String() string { 16008 return awsutil.Prettify(s) 16009} 16010 16011// GoString returns the string representation 16012func (s DescribeEffectivePolicyOutput) GoString() string { 16013 return s.String() 16014} 16015 16016// SetEffectivePolicy sets the EffectivePolicy field's value. 16017func (s *DescribeEffectivePolicyOutput) SetEffectivePolicy(v *EffectivePolicy) *DescribeEffectivePolicyOutput { 16018 s.EffectivePolicy = v 16019 return s 16020} 16021 16022type DescribeHandshakeInput struct { 16023 _ struct{} `type:"structure"` 16024 16025 // The unique identifier (ID) of the handshake that you want information about. 16026 // You can get the ID from the original call to InviteAccountToOrganization, 16027 // or from a call to ListHandshakesForAccount or ListHandshakesForOrganization. 16028 // 16029 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 16030 // requires "h-" followed by from 8 to 32 lowercase letters or digits. 16031 // 16032 // HandshakeId is a required field 16033 HandshakeId *string `type:"string" required:"true"` 16034} 16035 16036// String returns the string representation 16037func (s DescribeHandshakeInput) String() string { 16038 return awsutil.Prettify(s) 16039} 16040 16041// GoString returns the string representation 16042func (s DescribeHandshakeInput) GoString() string { 16043 return s.String() 16044} 16045 16046// Validate inspects the fields of the type to determine if they are valid. 16047func (s *DescribeHandshakeInput) Validate() error { 16048 invalidParams := request.ErrInvalidParams{Context: "DescribeHandshakeInput"} 16049 if s.HandshakeId == nil { 16050 invalidParams.Add(request.NewErrParamRequired("HandshakeId")) 16051 } 16052 16053 if invalidParams.Len() > 0 { 16054 return invalidParams 16055 } 16056 return nil 16057} 16058 16059// SetHandshakeId sets the HandshakeId field's value. 16060func (s *DescribeHandshakeInput) SetHandshakeId(v string) *DescribeHandshakeInput { 16061 s.HandshakeId = &v 16062 return s 16063} 16064 16065type DescribeHandshakeOutput struct { 16066 _ struct{} `type:"structure"` 16067 16068 // A structure that contains information about the specified handshake. 16069 Handshake *Handshake `type:"structure"` 16070} 16071 16072// String returns the string representation 16073func (s DescribeHandshakeOutput) String() string { 16074 return awsutil.Prettify(s) 16075} 16076 16077// GoString returns the string representation 16078func (s DescribeHandshakeOutput) GoString() string { 16079 return s.String() 16080} 16081 16082// SetHandshake sets the Handshake field's value. 16083func (s *DescribeHandshakeOutput) SetHandshake(v *Handshake) *DescribeHandshakeOutput { 16084 s.Handshake = v 16085 return s 16086} 16087 16088type DescribeOrganizationInput struct { 16089 _ struct{} `type:"structure"` 16090} 16091 16092// String returns the string representation 16093func (s DescribeOrganizationInput) String() string { 16094 return awsutil.Prettify(s) 16095} 16096 16097// GoString returns the string representation 16098func (s DescribeOrganizationInput) GoString() string { 16099 return s.String() 16100} 16101 16102type DescribeOrganizationOutput struct { 16103 _ struct{} `type:"structure"` 16104 16105 // A structure that contains information about the organization. 16106 // 16107 // The AvailablePolicyTypes part of the response is deprecated, and you shouldn't 16108 // use it in your apps. It doesn't include any policy type supported by Organizations 16109 // other than SCPs. To determine which policy types are enabled in your organization, 16110 // use the ListRoots operation. 16111 Organization *Organization `type:"structure"` 16112} 16113 16114// String returns the string representation 16115func (s DescribeOrganizationOutput) String() string { 16116 return awsutil.Prettify(s) 16117} 16118 16119// GoString returns the string representation 16120func (s DescribeOrganizationOutput) GoString() string { 16121 return s.String() 16122} 16123 16124// SetOrganization sets the Organization field's value. 16125func (s *DescribeOrganizationOutput) SetOrganization(v *Organization) *DescribeOrganizationOutput { 16126 s.Organization = v 16127 return s 16128} 16129 16130type DescribeOrganizationalUnitInput struct { 16131 _ struct{} `type:"structure"` 16132 16133 // The unique identifier (ID) of the organizational unit that you want details 16134 // about. You can get the ID from the ListOrganizationalUnitsForParent operation. 16135 // 16136 // The regex pattern (http://wikipedia.org/wiki/regex) for an organizational 16137 // unit ID string requires "ou-" followed by from 4 to 32 lowercase letters 16138 // or digits (the ID of the root that contains the OU). This string is followed 16139 // by a second "-" dash and from 8 to 32 additional lowercase letters or digits. 16140 // 16141 // OrganizationalUnitId is a required field 16142 OrganizationalUnitId *string `type:"string" required:"true"` 16143} 16144 16145// String returns the string representation 16146func (s DescribeOrganizationalUnitInput) String() string { 16147 return awsutil.Prettify(s) 16148} 16149 16150// GoString returns the string representation 16151func (s DescribeOrganizationalUnitInput) GoString() string { 16152 return s.String() 16153} 16154 16155// Validate inspects the fields of the type to determine if they are valid. 16156func (s *DescribeOrganizationalUnitInput) Validate() error { 16157 invalidParams := request.ErrInvalidParams{Context: "DescribeOrganizationalUnitInput"} 16158 if s.OrganizationalUnitId == nil { 16159 invalidParams.Add(request.NewErrParamRequired("OrganizationalUnitId")) 16160 } 16161 16162 if invalidParams.Len() > 0 { 16163 return invalidParams 16164 } 16165 return nil 16166} 16167 16168// SetOrganizationalUnitId sets the OrganizationalUnitId field's value. 16169func (s *DescribeOrganizationalUnitInput) SetOrganizationalUnitId(v string) *DescribeOrganizationalUnitInput { 16170 s.OrganizationalUnitId = &v 16171 return s 16172} 16173 16174type DescribeOrganizationalUnitOutput struct { 16175 _ struct{} `type:"structure"` 16176 16177 // A structure that contains details about the specified OU. 16178 OrganizationalUnit *OrganizationalUnit `type:"structure"` 16179} 16180 16181// String returns the string representation 16182func (s DescribeOrganizationalUnitOutput) String() string { 16183 return awsutil.Prettify(s) 16184} 16185 16186// GoString returns the string representation 16187func (s DescribeOrganizationalUnitOutput) GoString() string { 16188 return s.String() 16189} 16190 16191// SetOrganizationalUnit sets the OrganizationalUnit field's value. 16192func (s *DescribeOrganizationalUnitOutput) SetOrganizationalUnit(v *OrganizationalUnit) *DescribeOrganizationalUnitOutput { 16193 s.OrganizationalUnit = v 16194 return s 16195} 16196 16197type DescribePolicyInput struct { 16198 _ struct{} `type:"structure"` 16199 16200 // The unique identifier (ID) of the policy that you want details about. You 16201 // can get the ID from the ListPolicies or ListPoliciesForTarget operations. 16202 // 16203 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 16204 // requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits, 16205 // or the underscore character (_). 16206 // 16207 // PolicyId is a required field 16208 PolicyId *string `type:"string" required:"true"` 16209} 16210 16211// String returns the string representation 16212func (s DescribePolicyInput) String() string { 16213 return awsutil.Prettify(s) 16214} 16215 16216// GoString returns the string representation 16217func (s DescribePolicyInput) GoString() string { 16218 return s.String() 16219} 16220 16221// Validate inspects the fields of the type to determine if they are valid. 16222func (s *DescribePolicyInput) Validate() error { 16223 invalidParams := request.ErrInvalidParams{Context: "DescribePolicyInput"} 16224 if s.PolicyId == nil { 16225 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 16226 } 16227 16228 if invalidParams.Len() > 0 { 16229 return invalidParams 16230 } 16231 return nil 16232} 16233 16234// SetPolicyId sets the PolicyId field's value. 16235func (s *DescribePolicyInput) SetPolicyId(v string) *DescribePolicyInput { 16236 s.PolicyId = &v 16237 return s 16238} 16239 16240type DescribePolicyOutput struct { 16241 _ struct{} `type:"structure"` 16242 16243 // A structure that contains details about the specified policy. 16244 Policy *Policy `type:"structure"` 16245} 16246 16247// String returns the string representation 16248func (s DescribePolicyOutput) String() string { 16249 return awsutil.Prettify(s) 16250} 16251 16252// GoString returns the string representation 16253func (s DescribePolicyOutput) GoString() string { 16254 return s.String() 16255} 16256 16257// SetPolicy sets the Policy field's value. 16258func (s *DescribePolicyOutput) SetPolicy(v *Policy) *DescribePolicyOutput { 16259 s.Policy = v 16260 return s 16261} 16262 16263// We can't find the destination container (a root or OU) with the ParentId 16264// that you specified. 16265type DestinationParentNotFoundException struct { 16266 _ struct{} `type:"structure"` 16267 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 16268 16269 Message_ *string `locationName:"Message" type:"string"` 16270} 16271 16272// String returns the string representation 16273func (s DestinationParentNotFoundException) String() string { 16274 return awsutil.Prettify(s) 16275} 16276 16277// GoString returns the string representation 16278func (s DestinationParentNotFoundException) GoString() string { 16279 return s.String() 16280} 16281 16282func newErrorDestinationParentNotFoundException(v protocol.ResponseMetadata) error { 16283 return &DestinationParentNotFoundException{ 16284 RespMetadata: v, 16285 } 16286} 16287 16288// Code returns the exception type name. 16289func (s *DestinationParentNotFoundException) Code() string { 16290 return "DestinationParentNotFoundException" 16291} 16292 16293// Message returns the exception's message. 16294func (s *DestinationParentNotFoundException) Message() string { 16295 if s.Message_ != nil { 16296 return *s.Message_ 16297 } 16298 return "" 16299} 16300 16301// OrigErr always returns nil, satisfies awserr.Error interface. 16302func (s *DestinationParentNotFoundException) OrigErr() error { 16303 return nil 16304} 16305 16306func (s *DestinationParentNotFoundException) Error() string { 16307 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 16308} 16309 16310// Status code returns the HTTP status code for the request's response error. 16311func (s *DestinationParentNotFoundException) StatusCode() int { 16312 return s.RespMetadata.StatusCode 16313} 16314 16315// RequestID returns the service's response RequestID for request. 16316func (s *DestinationParentNotFoundException) RequestID() string { 16317 return s.RespMetadata.RequestID 16318} 16319 16320type DetachPolicyInput struct { 16321 _ struct{} `type:"structure"` 16322 16323 // The unique identifier (ID) of the policy you want to detach. You can get 16324 // the ID from the ListPolicies or ListPoliciesForTarget operations. 16325 // 16326 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 16327 // requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits, 16328 // or the underscore character (_). 16329 // 16330 // PolicyId is a required field 16331 PolicyId *string `type:"string" required:"true"` 16332 16333 // The unique identifier (ID) of the root, OU, or account that you want to detach 16334 // the policy from. You can get the ID from the ListRoots, ListOrganizationalUnitsForParent, 16335 // or ListAccounts operations. 16336 // 16337 // The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string 16338 // requires one of the following: 16339 // 16340 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 16341 // letters or digits. 16342 // 16343 // * Account - A string that consists of exactly 12 digits. 16344 // 16345 // * Organizational unit (OU) - A string that begins with "ou-" followed 16346 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 16347 // OU is in). This string is followed by a second "-" dash and from 8 to 16348 // 32 additional lowercase letters or digits. 16349 // 16350 // TargetId is a required field 16351 TargetId *string `type:"string" required:"true"` 16352} 16353 16354// String returns the string representation 16355func (s DetachPolicyInput) String() string { 16356 return awsutil.Prettify(s) 16357} 16358 16359// GoString returns the string representation 16360func (s DetachPolicyInput) GoString() string { 16361 return s.String() 16362} 16363 16364// Validate inspects the fields of the type to determine if they are valid. 16365func (s *DetachPolicyInput) Validate() error { 16366 invalidParams := request.ErrInvalidParams{Context: "DetachPolicyInput"} 16367 if s.PolicyId == nil { 16368 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 16369 } 16370 if s.TargetId == nil { 16371 invalidParams.Add(request.NewErrParamRequired("TargetId")) 16372 } 16373 16374 if invalidParams.Len() > 0 { 16375 return invalidParams 16376 } 16377 return nil 16378} 16379 16380// SetPolicyId sets the PolicyId field's value. 16381func (s *DetachPolicyInput) SetPolicyId(v string) *DetachPolicyInput { 16382 s.PolicyId = &v 16383 return s 16384} 16385 16386// SetTargetId sets the TargetId field's value. 16387func (s *DetachPolicyInput) SetTargetId(v string) *DetachPolicyInput { 16388 s.TargetId = &v 16389 return s 16390} 16391 16392type DetachPolicyOutput struct { 16393 _ struct{} `type:"structure"` 16394} 16395 16396// String returns the string representation 16397func (s DetachPolicyOutput) String() string { 16398 return awsutil.Prettify(s) 16399} 16400 16401// GoString returns the string representation 16402func (s DetachPolicyOutput) GoString() string { 16403 return s.String() 16404} 16405 16406type DisableAWSServiceAccessInput struct { 16407 _ struct{} `type:"structure"` 16408 16409 // The service principal name of the AWS service for which you want to disable 16410 // integration with your organization. This is typically in the form of a URL, 16411 // such as service-abbreviation.amazonaws.com. 16412 // 16413 // ServicePrincipal is a required field 16414 ServicePrincipal *string `min:"1" type:"string" required:"true"` 16415} 16416 16417// String returns the string representation 16418func (s DisableAWSServiceAccessInput) String() string { 16419 return awsutil.Prettify(s) 16420} 16421 16422// GoString returns the string representation 16423func (s DisableAWSServiceAccessInput) GoString() string { 16424 return s.String() 16425} 16426 16427// Validate inspects the fields of the type to determine if they are valid. 16428func (s *DisableAWSServiceAccessInput) Validate() error { 16429 invalidParams := request.ErrInvalidParams{Context: "DisableAWSServiceAccessInput"} 16430 if s.ServicePrincipal == nil { 16431 invalidParams.Add(request.NewErrParamRequired("ServicePrincipal")) 16432 } 16433 if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 { 16434 invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1)) 16435 } 16436 16437 if invalidParams.Len() > 0 { 16438 return invalidParams 16439 } 16440 return nil 16441} 16442 16443// SetServicePrincipal sets the ServicePrincipal field's value. 16444func (s *DisableAWSServiceAccessInput) SetServicePrincipal(v string) *DisableAWSServiceAccessInput { 16445 s.ServicePrincipal = &v 16446 return s 16447} 16448 16449type DisableAWSServiceAccessOutput struct { 16450 _ struct{} `type:"structure"` 16451} 16452 16453// String returns the string representation 16454func (s DisableAWSServiceAccessOutput) String() string { 16455 return awsutil.Prettify(s) 16456} 16457 16458// GoString returns the string representation 16459func (s DisableAWSServiceAccessOutput) GoString() string { 16460 return s.String() 16461} 16462 16463type DisablePolicyTypeInput struct { 16464 _ struct{} `type:"structure"` 16465 16466 // The policy type that you want to disable in this root. You can specify one 16467 // of the following values: 16468 // 16469 // * AISERVICES_OPT_OUT_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html) 16470 // 16471 // * BACKUP_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html) 16472 // 16473 // * SERVICE_CONTROL_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html) 16474 // 16475 // * TAG_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html) 16476 // 16477 // PolicyType is a required field 16478 PolicyType *string `type:"string" required:"true" enum:"PolicyType"` 16479 16480 // The unique identifier (ID) of the root in which you want to disable a policy 16481 // type. You can get the ID from the ListRoots operation. 16482 // 16483 // The regex pattern (http://wikipedia.org/wiki/regex) for a root ID string 16484 // requires "r-" followed by from 4 to 32 lowercase letters or digits. 16485 // 16486 // RootId is a required field 16487 RootId *string `type:"string" required:"true"` 16488} 16489 16490// String returns the string representation 16491func (s DisablePolicyTypeInput) String() string { 16492 return awsutil.Prettify(s) 16493} 16494 16495// GoString returns the string representation 16496func (s DisablePolicyTypeInput) GoString() string { 16497 return s.String() 16498} 16499 16500// Validate inspects the fields of the type to determine if they are valid. 16501func (s *DisablePolicyTypeInput) Validate() error { 16502 invalidParams := request.ErrInvalidParams{Context: "DisablePolicyTypeInput"} 16503 if s.PolicyType == nil { 16504 invalidParams.Add(request.NewErrParamRequired("PolicyType")) 16505 } 16506 if s.RootId == nil { 16507 invalidParams.Add(request.NewErrParamRequired("RootId")) 16508 } 16509 16510 if invalidParams.Len() > 0 { 16511 return invalidParams 16512 } 16513 return nil 16514} 16515 16516// SetPolicyType sets the PolicyType field's value. 16517func (s *DisablePolicyTypeInput) SetPolicyType(v string) *DisablePolicyTypeInput { 16518 s.PolicyType = &v 16519 return s 16520} 16521 16522// SetRootId sets the RootId field's value. 16523func (s *DisablePolicyTypeInput) SetRootId(v string) *DisablePolicyTypeInput { 16524 s.RootId = &v 16525 return s 16526} 16527 16528type DisablePolicyTypeOutput struct { 16529 _ struct{} `type:"structure"` 16530 16531 // A structure that shows the root with the updated list of enabled policy types. 16532 Root *Root `type:"structure"` 16533} 16534 16535// String returns the string representation 16536func (s DisablePolicyTypeOutput) String() string { 16537 return awsutil.Prettify(s) 16538} 16539 16540// GoString returns the string representation 16541func (s DisablePolicyTypeOutput) GoString() string { 16542 return s.String() 16543} 16544 16545// SetRoot sets the Root field's value. 16546func (s *DisablePolicyTypeOutput) SetRoot(v *Root) *DisablePolicyTypeOutput { 16547 s.Root = v 16548 return s 16549} 16550 16551// That account is already present in the specified destination. 16552type DuplicateAccountException struct { 16553 _ struct{} `type:"structure"` 16554 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 16555 16556 Message_ *string `locationName:"Message" type:"string"` 16557} 16558 16559// String returns the string representation 16560func (s DuplicateAccountException) String() string { 16561 return awsutil.Prettify(s) 16562} 16563 16564// GoString returns the string representation 16565func (s DuplicateAccountException) GoString() string { 16566 return s.String() 16567} 16568 16569func newErrorDuplicateAccountException(v protocol.ResponseMetadata) error { 16570 return &DuplicateAccountException{ 16571 RespMetadata: v, 16572 } 16573} 16574 16575// Code returns the exception type name. 16576func (s *DuplicateAccountException) Code() string { 16577 return "DuplicateAccountException" 16578} 16579 16580// Message returns the exception's message. 16581func (s *DuplicateAccountException) Message() string { 16582 if s.Message_ != nil { 16583 return *s.Message_ 16584 } 16585 return "" 16586} 16587 16588// OrigErr always returns nil, satisfies awserr.Error interface. 16589func (s *DuplicateAccountException) OrigErr() error { 16590 return nil 16591} 16592 16593func (s *DuplicateAccountException) Error() string { 16594 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 16595} 16596 16597// Status code returns the HTTP status code for the request's response error. 16598func (s *DuplicateAccountException) StatusCode() int { 16599 return s.RespMetadata.StatusCode 16600} 16601 16602// RequestID returns the service's response RequestID for request. 16603func (s *DuplicateAccountException) RequestID() string { 16604 return s.RespMetadata.RequestID 16605} 16606 16607// A handshake with the same action and target already exists. For example, 16608// if you invited an account to join your organization, the invited account 16609// might already have a pending invitation from this organization. If you intend 16610// to resend an invitation to an account, ensure that existing handshakes that 16611// might be considered duplicates are canceled or declined. 16612type DuplicateHandshakeException struct { 16613 _ struct{} `type:"structure"` 16614 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 16615 16616 Message_ *string `locationName:"Message" type:"string"` 16617} 16618 16619// String returns the string representation 16620func (s DuplicateHandshakeException) String() string { 16621 return awsutil.Prettify(s) 16622} 16623 16624// GoString returns the string representation 16625func (s DuplicateHandshakeException) GoString() string { 16626 return s.String() 16627} 16628 16629func newErrorDuplicateHandshakeException(v protocol.ResponseMetadata) error { 16630 return &DuplicateHandshakeException{ 16631 RespMetadata: v, 16632 } 16633} 16634 16635// Code returns the exception type name. 16636func (s *DuplicateHandshakeException) Code() string { 16637 return "DuplicateHandshakeException" 16638} 16639 16640// Message returns the exception's message. 16641func (s *DuplicateHandshakeException) Message() string { 16642 if s.Message_ != nil { 16643 return *s.Message_ 16644 } 16645 return "" 16646} 16647 16648// OrigErr always returns nil, satisfies awserr.Error interface. 16649func (s *DuplicateHandshakeException) OrigErr() error { 16650 return nil 16651} 16652 16653func (s *DuplicateHandshakeException) Error() string { 16654 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 16655} 16656 16657// Status code returns the HTTP status code for the request's response error. 16658func (s *DuplicateHandshakeException) StatusCode() int { 16659 return s.RespMetadata.StatusCode 16660} 16661 16662// RequestID returns the service's response RequestID for request. 16663func (s *DuplicateHandshakeException) RequestID() string { 16664 return s.RespMetadata.RequestID 16665} 16666 16667// An OU with the same name already exists. 16668type DuplicateOrganizationalUnitException struct { 16669 _ struct{} `type:"structure"` 16670 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 16671 16672 Message_ *string `locationName:"Message" type:"string"` 16673} 16674 16675// String returns the string representation 16676func (s DuplicateOrganizationalUnitException) String() string { 16677 return awsutil.Prettify(s) 16678} 16679 16680// GoString returns the string representation 16681func (s DuplicateOrganizationalUnitException) GoString() string { 16682 return s.String() 16683} 16684 16685func newErrorDuplicateOrganizationalUnitException(v protocol.ResponseMetadata) error { 16686 return &DuplicateOrganizationalUnitException{ 16687 RespMetadata: v, 16688 } 16689} 16690 16691// Code returns the exception type name. 16692func (s *DuplicateOrganizationalUnitException) Code() string { 16693 return "DuplicateOrganizationalUnitException" 16694} 16695 16696// Message returns the exception's message. 16697func (s *DuplicateOrganizationalUnitException) Message() string { 16698 if s.Message_ != nil { 16699 return *s.Message_ 16700 } 16701 return "" 16702} 16703 16704// OrigErr always returns nil, satisfies awserr.Error interface. 16705func (s *DuplicateOrganizationalUnitException) OrigErr() error { 16706 return nil 16707} 16708 16709func (s *DuplicateOrganizationalUnitException) Error() string { 16710 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 16711} 16712 16713// Status code returns the HTTP status code for the request's response error. 16714func (s *DuplicateOrganizationalUnitException) StatusCode() int { 16715 return s.RespMetadata.StatusCode 16716} 16717 16718// RequestID returns the service's response RequestID for request. 16719func (s *DuplicateOrganizationalUnitException) RequestID() string { 16720 return s.RespMetadata.RequestID 16721} 16722 16723// The selected policy is already attached to the specified target. 16724type DuplicatePolicyAttachmentException struct { 16725 _ struct{} `type:"structure"` 16726 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 16727 16728 Message_ *string `locationName:"Message" type:"string"` 16729} 16730 16731// String returns the string representation 16732func (s DuplicatePolicyAttachmentException) String() string { 16733 return awsutil.Prettify(s) 16734} 16735 16736// GoString returns the string representation 16737func (s DuplicatePolicyAttachmentException) GoString() string { 16738 return s.String() 16739} 16740 16741func newErrorDuplicatePolicyAttachmentException(v protocol.ResponseMetadata) error { 16742 return &DuplicatePolicyAttachmentException{ 16743 RespMetadata: v, 16744 } 16745} 16746 16747// Code returns the exception type name. 16748func (s *DuplicatePolicyAttachmentException) Code() string { 16749 return "DuplicatePolicyAttachmentException" 16750} 16751 16752// Message returns the exception's message. 16753func (s *DuplicatePolicyAttachmentException) Message() string { 16754 if s.Message_ != nil { 16755 return *s.Message_ 16756 } 16757 return "" 16758} 16759 16760// OrigErr always returns nil, satisfies awserr.Error interface. 16761func (s *DuplicatePolicyAttachmentException) OrigErr() error { 16762 return nil 16763} 16764 16765func (s *DuplicatePolicyAttachmentException) Error() string { 16766 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 16767} 16768 16769// Status code returns the HTTP status code for the request's response error. 16770func (s *DuplicatePolicyAttachmentException) StatusCode() int { 16771 return s.RespMetadata.StatusCode 16772} 16773 16774// RequestID returns the service's response RequestID for request. 16775func (s *DuplicatePolicyAttachmentException) RequestID() string { 16776 return s.RespMetadata.RequestID 16777} 16778 16779// A policy with the same name already exists. 16780type DuplicatePolicyException struct { 16781 _ struct{} `type:"structure"` 16782 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 16783 16784 Message_ *string `locationName:"Message" type:"string"` 16785} 16786 16787// String returns the string representation 16788func (s DuplicatePolicyException) String() string { 16789 return awsutil.Prettify(s) 16790} 16791 16792// GoString returns the string representation 16793func (s DuplicatePolicyException) GoString() string { 16794 return s.String() 16795} 16796 16797func newErrorDuplicatePolicyException(v protocol.ResponseMetadata) error { 16798 return &DuplicatePolicyException{ 16799 RespMetadata: v, 16800 } 16801} 16802 16803// Code returns the exception type name. 16804func (s *DuplicatePolicyException) Code() string { 16805 return "DuplicatePolicyException" 16806} 16807 16808// Message returns the exception's message. 16809func (s *DuplicatePolicyException) Message() string { 16810 if s.Message_ != nil { 16811 return *s.Message_ 16812 } 16813 return "" 16814} 16815 16816// OrigErr always returns nil, satisfies awserr.Error interface. 16817func (s *DuplicatePolicyException) OrigErr() error { 16818 return nil 16819} 16820 16821func (s *DuplicatePolicyException) Error() string { 16822 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 16823} 16824 16825// Status code returns the HTTP status code for the request's response error. 16826func (s *DuplicatePolicyException) StatusCode() int { 16827 return s.RespMetadata.StatusCode 16828} 16829 16830// RequestID returns the service's response RequestID for request. 16831func (s *DuplicatePolicyException) RequestID() string { 16832 return s.RespMetadata.RequestID 16833} 16834 16835// Contains rules to be applied to the affected accounts. The effective policy 16836// is the aggregation of any policies the account inherits, plus any policy 16837// directly attached to the account. 16838type EffectivePolicy struct { 16839 _ struct{} `type:"structure"` 16840 16841 // The time of the last update to this policy. 16842 LastUpdatedTimestamp *time.Time `type:"timestamp"` 16843 16844 // The text content of the policy. 16845 PolicyContent *string `min:"1" type:"string"` 16846 16847 // The policy type. 16848 PolicyType *string `type:"string" enum:"EffectivePolicyType"` 16849 16850 // The account ID of the policy target. 16851 TargetId *string `type:"string"` 16852} 16853 16854// String returns the string representation 16855func (s EffectivePolicy) String() string { 16856 return awsutil.Prettify(s) 16857} 16858 16859// GoString returns the string representation 16860func (s EffectivePolicy) GoString() string { 16861 return s.String() 16862} 16863 16864// SetLastUpdatedTimestamp sets the LastUpdatedTimestamp field's value. 16865func (s *EffectivePolicy) SetLastUpdatedTimestamp(v time.Time) *EffectivePolicy { 16866 s.LastUpdatedTimestamp = &v 16867 return s 16868} 16869 16870// SetPolicyContent sets the PolicyContent field's value. 16871func (s *EffectivePolicy) SetPolicyContent(v string) *EffectivePolicy { 16872 s.PolicyContent = &v 16873 return s 16874} 16875 16876// SetPolicyType sets the PolicyType field's value. 16877func (s *EffectivePolicy) SetPolicyType(v string) *EffectivePolicy { 16878 s.PolicyType = &v 16879 return s 16880} 16881 16882// SetTargetId sets the TargetId field's value. 16883func (s *EffectivePolicy) SetTargetId(v string) *EffectivePolicy { 16884 s.TargetId = &v 16885 return s 16886} 16887 16888// If you ran this action on the master account, this policy type is not enabled. 16889// If you ran the action on a member account, the account doesn't have an effective 16890// policy of this type. Contact the administrator of your organization about 16891// attaching a policy of this type to the account. 16892type EffectivePolicyNotFoundException struct { 16893 _ struct{} `type:"structure"` 16894 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 16895 16896 Message_ *string `locationName:"Message" type:"string"` 16897} 16898 16899// String returns the string representation 16900func (s EffectivePolicyNotFoundException) String() string { 16901 return awsutil.Prettify(s) 16902} 16903 16904// GoString returns the string representation 16905func (s EffectivePolicyNotFoundException) GoString() string { 16906 return s.String() 16907} 16908 16909func newErrorEffectivePolicyNotFoundException(v protocol.ResponseMetadata) error { 16910 return &EffectivePolicyNotFoundException{ 16911 RespMetadata: v, 16912 } 16913} 16914 16915// Code returns the exception type name. 16916func (s *EffectivePolicyNotFoundException) Code() string { 16917 return "EffectivePolicyNotFoundException" 16918} 16919 16920// Message returns the exception's message. 16921func (s *EffectivePolicyNotFoundException) Message() string { 16922 if s.Message_ != nil { 16923 return *s.Message_ 16924 } 16925 return "" 16926} 16927 16928// OrigErr always returns nil, satisfies awserr.Error interface. 16929func (s *EffectivePolicyNotFoundException) OrigErr() error { 16930 return nil 16931} 16932 16933func (s *EffectivePolicyNotFoundException) Error() string { 16934 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 16935} 16936 16937// Status code returns the HTTP status code for the request's response error. 16938func (s *EffectivePolicyNotFoundException) StatusCode() int { 16939 return s.RespMetadata.StatusCode 16940} 16941 16942// RequestID returns the service's response RequestID for request. 16943func (s *EffectivePolicyNotFoundException) RequestID() string { 16944 return s.RespMetadata.RequestID 16945} 16946 16947type EnableAWSServiceAccessInput struct { 16948 _ struct{} `type:"structure"` 16949 16950 // The service principal name of the AWS service for which you want to enable 16951 // integration with your organization. This is typically in the form of a URL, 16952 // such as service-abbreviation.amazonaws.com. 16953 // 16954 // ServicePrincipal is a required field 16955 ServicePrincipal *string `min:"1" type:"string" required:"true"` 16956} 16957 16958// String returns the string representation 16959func (s EnableAWSServiceAccessInput) String() string { 16960 return awsutil.Prettify(s) 16961} 16962 16963// GoString returns the string representation 16964func (s EnableAWSServiceAccessInput) GoString() string { 16965 return s.String() 16966} 16967 16968// Validate inspects the fields of the type to determine if they are valid. 16969func (s *EnableAWSServiceAccessInput) Validate() error { 16970 invalidParams := request.ErrInvalidParams{Context: "EnableAWSServiceAccessInput"} 16971 if s.ServicePrincipal == nil { 16972 invalidParams.Add(request.NewErrParamRequired("ServicePrincipal")) 16973 } 16974 if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 { 16975 invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1)) 16976 } 16977 16978 if invalidParams.Len() > 0 { 16979 return invalidParams 16980 } 16981 return nil 16982} 16983 16984// SetServicePrincipal sets the ServicePrincipal field's value. 16985func (s *EnableAWSServiceAccessInput) SetServicePrincipal(v string) *EnableAWSServiceAccessInput { 16986 s.ServicePrincipal = &v 16987 return s 16988} 16989 16990type EnableAWSServiceAccessOutput struct { 16991 _ struct{} `type:"structure"` 16992} 16993 16994// String returns the string representation 16995func (s EnableAWSServiceAccessOutput) String() string { 16996 return awsutil.Prettify(s) 16997} 16998 16999// GoString returns the string representation 17000func (s EnableAWSServiceAccessOutput) GoString() string { 17001 return s.String() 17002} 17003 17004type EnableAllFeaturesInput struct { 17005 _ struct{} `type:"structure"` 17006} 17007 17008// String returns the string representation 17009func (s EnableAllFeaturesInput) String() string { 17010 return awsutil.Prettify(s) 17011} 17012 17013// GoString returns the string representation 17014func (s EnableAllFeaturesInput) GoString() string { 17015 return s.String() 17016} 17017 17018type EnableAllFeaturesOutput struct { 17019 _ struct{} `type:"structure"` 17020 17021 // A structure that contains details about the handshake created to support 17022 // this request to enable all features in the organization. 17023 Handshake *Handshake `type:"structure"` 17024} 17025 17026// String returns the string representation 17027func (s EnableAllFeaturesOutput) String() string { 17028 return awsutil.Prettify(s) 17029} 17030 17031// GoString returns the string representation 17032func (s EnableAllFeaturesOutput) GoString() string { 17033 return s.String() 17034} 17035 17036// SetHandshake sets the Handshake field's value. 17037func (s *EnableAllFeaturesOutput) SetHandshake(v *Handshake) *EnableAllFeaturesOutput { 17038 s.Handshake = v 17039 return s 17040} 17041 17042type EnablePolicyTypeInput struct { 17043 _ struct{} `type:"structure"` 17044 17045 // The policy type that you want to enable. You can specify one of the following 17046 // values: 17047 // 17048 // * AISERVICES_OPT_OUT_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html) 17049 // 17050 // * BACKUP_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html) 17051 // 17052 // * SERVICE_CONTROL_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html) 17053 // 17054 // * TAG_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html) 17055 // 17056 // PolicyType is a required field 17057 PolicyType *string `type:"string" required:"true" enum:"PolicyType"` 17058 17059 // The unique identifier (ID) of the root in which you want to enable a policy 17060 // type. You can get the ID from the ListRoots operation. 17061 // 17062 // The regex pattern (http://wikipedia.org/wiki/regex) for a root ID string 17063 // requires "r-" followed by from 4 to 32 lowercase letters or digits. 17064 // 17065 // RootId is a required field 17066 RootId *string `type:"string" required:"true"` 17067} 17068 17069// String returns the string representation 17070func (s EnablePolicyTypeInput) String() string { 17071 return awsutil.Prettify(s) 17072} 17073 17074// GoString returns the string representation 17075func (s EnablePolicyTypeInput) GoString() string { 17076 return s.String() 17077} 17078 17079// Validate inspects the fields of the type to determine if they are valid. 17080func (s *EnablePolicyTypeInput) Validate() error { 17081 invalidParams := request.ErrInvalidParams{Context: "EnablePolicyTypeInput"} 17082 if s.PolicyType == nil { 17083 invalidParams.Add(request.NewErrParamRequired("PolicyType")) 17084 } 17085 if s.RootId == nil { 17086 invalidParams.Add(request.NewErrParamRequired("RootId")) 17087 } 17088 17089 if invalidParams.Len() > 0 { 17090 return invalidParams 17091 } 17092 return nil 17093} 17094 17095// SetPolicyType sets the PolicyType field's value. 17096func (s *EnablePolicyTypeInput) SetPolicyType(v string) *EnablePolicyTypeInput { 17097 s.PolicyType = &v 17098 return s 17099} 17100 17101// SetRootId sets the RootId field's value. 17102func (s *EnablePolicyTypeInput) SetRootId(v string) *EnablePolicyTypeInput { 17103 s.RootId = &v 17104 return s 17105} 17106 17107type EnablePolicyTypeOutput struct { 17108 _ struct{} `type:"structure"` 17109 17110 // A structure that shows the root with the updated list of enabled policy types. 17111 Root *Root `type:"structure"` 17112} 17113 17114// String returns the string representation 17115func (s EnablePolicyTypeOutput) String() string { 17116 return awsutil.Prettify(s) 17117} 17118 17119// GoString returns the string representation 17120func (s EnablePolicyTypeOutput) GoString() string { 17121 return s.String() 17122} 17123 17124// SetRoot sets the Root field's value. 17125func (s *EnablePolicyTypeOutput) SetRoot(v *Root) *EnablePolicyTypeOutput { 17126 s.Root = v 17127 return s 17128} 17129 17130// A structure that contains details of a service principal that represents 17131// an AWS service that is enabled to integrate with AWS Organizations. 17132type EnabledServicePrincipal struct { 17133 _ struct{} `type:"structure"` 17134 17135 // The date that the service principal was enabled for integration with AWS 17136 // Organizations. 17137 DateEnabled *time.Time `type:"timestamp"` 17138 17139 // The name of the service principal. This is typically in the form of a URL, 17140 // such as: servicename.amazonaws.com. 17141 ServicePrincipal *string `min:"1" type:"string"` 17142} 17143 17144// String returns the string representation 17145func (s EnabledServicePrincipal) String() string { 17146 return awsutil.Prettify(s) 17147} 17148 17149// GoString returns the string representation 17150func (s EnabledServicePrincipal) GoString() string { 17151 return s.String() 17152} 17153 17154// SetDateEnabled sets the DateEnabled field's value. 17155func (s *EnabledServicePrincipal) SetDateEnabled(v time.Time) *EnabledServicePrincipal { 17156 s.DateEnabled = &v 17157 return s 17158} 17159 17160// SetServicePrincipal sets the ServicePrincipal field's value. 17161func (s *EnabledServicePrincipal) SetServicePrincipal(v string) *EnabledServicePrincipal { 17162 s.ServicePrincipal = &v 17163 return s 17164} 17165 17166// AWS Organizations couldn't perform the operation because your organization 17167// hasn't finished initializing. This can take up to an hour. Try again later. 17168// If after one hour you continue to receive this error, contact AWS Support 17169// (https://console.aws.amazon.com/support/home#/). 17170type FinalizingOrganizationException struct { 17171 _ struct{} `type:"structure"` 17172 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 17173 17174 Message_ *string `locationName:"Message" type:"string"` 17175} 17176 17177// String returns the string representation 17178func (s FinalizingOrganizationException) String() string { 17179 return awsutil.Prettify(s) 17180} 17181 17182// GoString returns the string representation 17183func (s FinalizingOrganizationException) GoString() string { 17184 return s.String() 17185} 17186 17187func newErrorFinalizingOrganizationException(v protocol.ResponseMetadata) error { 17188 return &FinalizingOrganizationException{ 17189 RespMetadata: v, 17190 } 17191} 17192 17193// Code returns the exception type name. 17194func (s *FinalizingOrganizationException) Code() string { 17195 return "FinalizingOrganizationException" 17196} 17197 17198// Message returns the exception's message. 17199func (s *FinalizingOrganizationException) Message() string { 17200 if s.Message_ != nil { 17201 return *s.Message_ 17202 } 17203 return "" 17204} 17205 17206// OrigErr always returns nil, satisfies awserr.Error interface. 17207func (s *FinalizingOrganizationException) OrigErr() error { 17208 return nil 17209} 17210 17211func (s *FinalizingOrganizationException) Error() string { 17212 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 17213} 17214 17215// Status code returns the HTTP status code for the request's response error. 17216func (s *FinalizingOrganizationException) StatusCode() int { 17217 return s.RespMetadata.StatusCode 17218} 17219 17220// RequestID returns the service's response RequestID for request. 17221func (s *FinalizingOrganizationException) RequestID() string { 17222 return s.RespMetadata.RequestID 17223} 17224 17225// Contains information that must be exchanged to securely establish a relationship 17226// between two accounts (an originator and a recipient). For example, when a 17227// master account (the originator) invites another account (the recipient) to 17228// join its organization, the two accounts exchange information as a series 17229// of handshake requests and responses. 17230// 17231// Note: Handshakes that are CANCELED, ACCEPTED, or DECLINED show up in lists 17232// for only 30 days after entering that state After that they are deleted. 17233type Handshake struct { 17234 _ struct{} `type:"structure"` 17235 17236 // The type of handshake, indicating what action occurs when the recipient accepts 17237 // the handshake. The following handshake types are supported: 17238 // 17239 // * INVITE: This type of handshake represents a request to join an organization. 17240 // It is always sent from the master account to only non-member accounts. 17241 // 17242 // * ENABLE_ALL_FEATURES: This type of handshake represents a request to 17243 // enable all features in an organization. It is always sent from the master 17244 // account to only invited member accounts. Created accounts do not receive 17245 // this because those accounts were created by the organization's master 17246 // account and approval is inferred. 17247 // 17248 // * APPROVE_ALL_FEATURES: This type of handshake is sent from the Organizations 17249 // service when all member accounts have approved the ENABLE_ALL_FEATURES 17250 // invitation. It is sent only to the master account and signals the master 17251 // that it can finalize the process to enable all features. 17252 Action *string `type:"string" enum:"ActionType"` 17253 17254 // The Amazon Resource Name (ARN) of a handshake. 17255 // 17256 // For more information about ARNs in Organizations, see ARN Formats Supported 17257 // by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) 17258 // in the AWS Organizations User Guide. 17259 Arn *string `type:"string"` 17260 17261 // The date and time that the handshake expires. If the recipient of the handshake 17262 // request fails to respond before the specified date and time, the handshake 17263 // becomes inactive and is no longer valid. 17264 ExpirationTimestamp *time.Time `type:"timestamp"` 17265 17266 // The unique identifier (ID) of a handshake. The originating account creates 17267 // the ID when it initiates the handshake. 17268 // 17269 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 17270 // requires "h-" followed by from 8 to 32 lower-case letters or digits. 17271 Id *string `type:"string"` 17272 17273 // Information about the two accounts that are participating in the handshake. 17274 Parties []*HandshakeParty `type:"list"` 17275 17276 // The date and time that the handshake request was made. 17277 RequestedTimestamp *time.Time `type:"timestamp"` 17278 17279 // Additional information that is needed to process the handshake. 17280 Resources []*HandshakeResource `type:"list"` 17281 17282 // The current state of the handshake. Use the state to trace the flow of the 17283 // handshake through the process from its creation to its acceptance. The meaning 17284 // of each of the valid values is as follows: 17285 // 17286 // * REQUESTED: This handshake was sent to multiple recipients (applicable 17287 // to only some handshake types) and not all recipients have responded yet. 17288 // The request stays in this state until all recipients respond. 17289 // 17290 // * OPEN: This handshake was sent to multiple recipients (applicable to 17291 // only some policy types) and all recipients have responded, allowing the 17292 // originator to complete the handshake action. 17293 // 17294 // * CANCELED: This handshake is no longer active because it was canceled 17295 // by the originating account. 17296 // 17297 // * ACCEPTED: This handshake is complete because it has been accepted by 17298 // the recipient. 17299 // 17300 // * DECLINED: This handshake is no longer active because it was declined 17301 // by the recipient account. 17302 // 17303 // * EXPIRED: This handshake is no longer active because the originator did 17304 // not receive a response of any kind from the recipient before the expiration 17305 // time (15 days). 17306 State *string `type:"string" enum:"HandshakeState"` 17307} 17308 17309// String returns the string representation 17310func (s Handshake) String() string { 17311 return awsutil.Prettify(s) 17312} 17313 17314// GoString returns the string representation 17315func (s Handshake) GoString() string { 17316 return s.String() 17317} 17318 17319// SetAction sets the Action field's value. 17320func (s *Handshake) SetAction(v string) *Handshake { 17321 s.Action = &v 17322 return s 17323} 17324 17325// SetArn sets the Arn field's value. 17326func (s *Handshake) SetArn(v string) *Handshake { 17327 s.Arn = &v 17328 return s 17329} 17330 17331// SetExpirationTimestamp sets the ExpirationTimestamp field's value. 17332func (s *Handshake) SetExpirationTimestamp(v time.Time) *Handshake { 17333 s.ExpirationTimestamp = &v 17334 return s 17335} 17336 17337// SetId sets the Id field's value. 17338func (s *Handshake) SetId(v string) *Handshake { 17339 s.Id = &v 17340 return s 17341} 17342 17343// SetParties sets the Parties field's value. 17344func (s *Handshake) SetParties(v []*HandshakeParty) *Handshake { 17345 s.Parties = v 17346 return s 17347} 17348 17349// SetRequestedTimestamp sets the RequestedTimestamp field's value. 17350func (s *Handshake) SetRequestedTimestamp(v time.Time) *Handshake { 17351 s.RequestedTimestamp = &v 17352 return s 17353} 17354 17355// SetResources sets the Resources field's value. 17356func (s *Handshake) SetResources(v []*HandshakeResource) *Handshake { 17357 s.Resources = v 17358 return s 17359} 17360 17361// SetState sets the State field's value. 17362func (s *Handshake) SetState(v string) *Handshake { 17363 s.State = &v 17364 return s 17365} 17366 17367// The specified handshake is already in the requested state. For example, you 17368// can't accept a handshake that was already accepted. 17369type HandshakeAlreadyInStateException struct { 17370 _ struct{} `type:"structure"` 17371 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 17372 17373 Message_ *string `locationName:"Message" type:"string"` 17374} 17375 17376// String returns the string representation 17377func (s HandshakeAlreadyInStateException) String() string { 17378 return awsutil.Prettify(s) 17379} 17380 17381// GoString returns the string representation 17382func (s HandshakeAlreadyInStateException) GoString() string { 17383 return s.String() 17384} 17385 17386func newErrorHandshakeAlreadyInStateException(v protocol.ResponseMetadata) error { 17387 return &HandshakeAlreadyInStateException{ 17388 RespMetadata: v, 17389 } 17390} 17391 17392// Code returns the exception type name. 17393func (s *HandshakeAlreadyInStateException) Code() string { 17394 return "HandshakeAlreadyInStateException" 17395} 17396 17397// Message returns the exception's message. 17398func (s *HandshakeAlreadyInStateException) Message() string { 17399 if s.Message_ != nil { 17400 return *s.Message_ 17401 } 17402 return "" 17403} 17404 17405// OrigErr always returns nil, satisfies awserr.Error interface. 17406func (s *HandshakeAlreadyInStateException) OrigErr() error { 17407 return nil 17408} 17409 17410func (s *HandshakeAlreadyInStateException) Error() string { 17411 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 17412} 17413 17414// Status code returns the HTTP status code for the request's response error. 17415func (s *HandshakeAlreadyInStateException) StatusCode() int { 17416 return s.RespMetadata.StatusCode 17417} 17418 17419// RequestID returns the service's response RequestID for request. 17420func (s *HandshakeAlreadyInStateException) RequestID() string { 17421 return s.RespMetadata.RequestID 17422} 17423 17424// The requested operation would violate the constraint identified in the reason 17425// code. 17426// 17427// Some of the reasons in the following list might not be applicable to this 17428// specific API or operation: 17429// 17430// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 17431// the number of accounts in an organization. Note that deleted and closed 17432// accounts still count toward your limit. If you get this exception immediately 17433// after creating the organization, wait one hour and try again. If after 17434// an hour it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/). 17435// 17436// * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because 17437// the invited account is already a member of an organization. 17438// 17439// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 17440// handshakes that you can send in one day. 17441// 17442// * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations 17443// to join an organization while it's in the process of enabling all features. 17444// You can resume inviting accounts after you finalize the process when all 17445// accounts have agreed to the change. 17446// 17447// * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid 17448// because the organization has already enabled all features. 17449// 17450// * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because 17451// the account is from a different marketplace than the accounts in the organization. 17452// For example, accounts with India addresses must be associated with the 17453// AISPL marketplace. All accounts in an organization must be from the same 17454// marketplace. 17455// 17456// * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to 17457// change the membership of an account too quickly after its previous change. 17458// 17459// * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an 17460// account that doesn't have a payment instrument, such as a credit card, 17461// associated with it. 17462type HandshakeConstraintViolationException struct { 17463 _ struct{} `type:"structure"` 17464 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 17465 17466 Message_ *string `locationName:"Message" type:"string"` 17467 17468 Reason *string `type:"string" enum:"HandshakeConstraintViolationExceptionReason"` 17469} 17470 17471// String returns the string representation 17472func (s HandshakeConstraintViolationException) String() string { 17473 return awsutil.Prettify(s) 17474} 17475 17476// GoString returns the string representation 17477func (s HandshakeConstraintViolationException) GoString() string { 17478 return s.String() 17479} 17480 17481func newErrorHandshakeConstraintViolationException(v protocol.ResponseMetadata) error { 17482 return &HandshakeConstraintViolationException{ 17483 RespMetadata: v, 17484 } 17485} 17486 17487// Code returns the exception type name. 17488func (s *HandshakeConstraintViolationException) Code() string { 17489 return "HandshakeConstraintViolationException" 17490} 17491 17492// Message returns the exception's message. 17493func (s *HandshakeConstraintViolationException) Message() string { 17494 if s.Message_ != nil { 17495 return *s.Message_ 17496 } 17497 return "" 17498} 17499 17500// OrigErr always returns nil, satisfies awserr.Error interface. 17501func (s *HandshakeConstraintViolationException) OrigErr() error { 17502 return nil 17503} 17504 17505func (s *HandshakeConstraintViolationException) Error() string { 17506 return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) 17507} 17508 17509// Status code returns the HTTP status code for the request's response error. 17510func (s *HandshakeConstraintViolationException) StatusCode() int { 17511 return s.RespMetadata.StatusCode 17512} 17513 17514// RequestID returns the service's response RequestID for request. 17515func (s *HandshakeConstraintViolationException) RequestID() string { 17516 return s.RespMetadata.RequestID 17517} 17518 17519// Specifies the criteria that are used to select the handshakes for the operation. 17520type HandshakeFilter struct { 17521 _ struct{} `type:"structure"` 17522 17523 // Specifies the type of handshake action. 17524 // 17525 // If you specify ActionType, you cannot also specify ParentHandshakeId. 17526 ActionType *string `type:"string" enum:"ActionType"` 17527 17528 // Specifies the parent handshake. Only used for handshake types that are a 17529 // child of another type. 17530 // 17531 // If you specify ParentHandshakeId, you cannot also specify ActionType. 17532 // 17533 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 17534 // requires "h-" followed by from 8 to 32 lower-case letters or digits. 17535 ParentHandshakeId *string `type:"string"` 17536} 17537 17538// String returns the string representation 17539func (s HandshakeFilter) String() string { 17540 return awsutil.Prettify(s) 17541} 17542 17543// GoString returns the string representation 17544func (s HandshakeFilter) GoString() string { 17545 return s.String() 17546} 17547 17548// SetActionType sets the ActionType field's value. 17549func (s *HandshakeFilter) SetActionType(v string) *HandshakeFilter { 17550 s.ActionType = &v 17551 return s 17552} 17553 17554// SetParentHandshakeId sets the ParentHandshakeId field's value. 17555func (s *HandshakeFilter) SetParentHandshakeId(v string) *HandshakeFilter { 17556 s.ParentHandshakeId = &v 17557 return s 17558} 17559 17560// We can't find a handshake with the HandshakeId that you specified. 17561type HandshakeNotFoundException struct { 17562 _ struct{} `type:"structure"` 17563 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 17564 17565 Message_ *string `locationName:"Message" type:"string"` 17566} 17567 17568// String returns the string representation 17569func (s HandshakeNotFoundException) String() string { 17570 return awsutil.Prettify(s) 17571} 17572 17573// GoString returns the string representation 17574func (s HandshakeNotFoundException) GoString() string { 17575 return s.String() 17576} 17577 17578func newErrorHandshakeNotFoundException(v protocol.ResponseMetadata) error { 17579 return &HandshakeNotFoundException{ 17580 RespMetadata: v, 17581 } 17582} 17583 17584// Code returns the exception type name. 17585func (s *HandshakeNotFoundException) Code() string { 17586 return "HandshakeNotFoundException" 17587} 17588 17589// Message returns the exception's message. 17590func (s *HandshakeNotFoundException) Message() string { 17591 if s.Message_ != nil { 17592 return *s.Message_ 17593 } 17594 return "" 17595} 17596 17597// OrigErr always returns nil, satisfies awserr.Error interface. 17598func (s *HandshakeNotFoundException) OrigErr() error { 17599 return nil 17600} 17601 17602func (s *HandshakeNotFoundException) Error() string { 17603 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 17604} 17605 17606// Status code returns the HTTP status code for the request's response error. 17607func (s *HandshakeNotFoundException) StatusCode() int { 17608 return s.RespMetadata.StatusCode 17609} 17610 17611// RequestID returns the service's response RequestID for request. 17612func (s *HandshakeNotFoundException) RequestID() string { 17613 return s.RespMetadata.RequestID 17614} 17615 17616// Identifies a participant in a handshake. 17617type HandshakeParty struct { 17618 _ struct{} `type:"structure"` 17619 17620 // The unique identifier (ID) for the party. 17621 // 17622 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 17623 // requires "h-" followed by from 8 to 32 lower-case letters or digits. 17624 // 17625 // Id is a required field 17626 Id *string `min:"1" type:"string" required:"true" sensitive:"true"` 17627 17628 // The type of party. 17629 // 17630 // Type is a required field 17631 Type *string `type:"string" required:"true" enum:"HandshakePartyType"` 17632} 17633 17634// String returns the string representation 17635func (s HandshakeParty) String() string { 17636 return awsutil.Prettify(s) 17637} 17638 17639// GoString returns the string representation 17640func (s HandshakeParty) GoString() string { 17641 return s.String() 17642} 17643 17644// Validate inspects the fields of the type to determine if they are valid. 17645func (s *HandshakeParty) Validate() error { 17646 invalidParams := request.ErrInvalidParams{Context: "HandshakeParty"} 17647 if s.Id == nil { 17648 invalidParams.Add(request.NewErrParamRequired("Id")) 17649 } 17650 if s.Id != nil && len(*s.Id) < 1 { 17651 invalidParams.Add(request.NewErrParamMinLen("Id", 1)) 17652 } 17653 if s.Type == nil { 17654 invalidParams.Add(request.NewErrParamRequired("Type")) 17655 } 17656 17657 if invalidParams.Len() > 0 { 17658 return invalidParams 17659 } 17660 return nil 17661} 17662 17663// SetId sets the Id field's value. 17664func (s *HandshakeParty) SetId(v string) *HandshakeParty { 17665 s.Id = &v 17666 return s 17667} 17668 17669// SetType sets the Type field's value. 17670func (s *HandshakeParty) SetType(v string) *HandshakeParty { 17671 s.Type = &v 17672 return s 17673} 17674 17675// Contains additional data that is needed to process a handshake. 17676type HandshakeResource struct { 17677 _ struct{} `type:"structure"` 17678 17679 // When needed, contains an additional array of HandshakeResource objects. 17680 Resources []*HandshakeResource `type:"list"` 17681 17682 // The type of information being passed, specifying how the value is to be interpreted 17683 // by the other party: 17684 // 17685 // * ACCOUNT - Specifies an AWS account ID number. 17686 // 17687 // * ORGANIZATION - Specifies an organization ID number. 17688 // 17689 // * EMAIL - Specifies the email address that is associated with the account 17690 // that receives the handshake. 17691 // 17692 // * OWNER_EMAIL - Specifies the email address associated with the master 17693 // account. Included as information about an organization. 17694 // 17695 // * OWNER_NAME - Specifies the name associated with the master account. 17696 // Included as information about an organization. 17697 // 17698 // * NOTES - Additional text provided by the handshake initiator and intended 17699 // for the recipient to read. 17700 Type *string `type:"string" enum:"HandshakeResourceType"` 17701 17702 // The information that is passed to the other party in the handshake. The format 17703 // of the value string must match the requirements of the specified type. 17704 Value *string `type:"string" sensitive:"true"` 17705} 17706 17707// String returns the string representation 17708func (s HandshakeResource) String() string { 17709 return awsutil.Prettify(s) 17710} 17711 17712// GoString returns the string representation 17713func (s HandshakeResource) GoString() string { 17714 return s.String() 17715} 17716 17717// SetResources sets the Resources field's value. 17718func (s *HandshakeResource) SetResources(v []*HandshakeResource) *HandshakeResource { 17719 s.Resources = v 17720 return s 17721} 17722 17723// SetType sets the Type field's value. 17724func (s *HandshakeResource) SetType(v string) *HandshakeResource { 17725 s.Type = &v 17726 return s 17727} 17728 17729// SetValue sets the Value field's value. 17730func (s *HandshakeResource) SetValue(v string) *HandshakeResource { 17731 s.Value = &v 17732 return s 17733} 17734 17735// You can't perform the operation on the handshake in its current state. For 17736// example, you can't cancel a handshake that was already accepted or accept 17737// a handshake that was already declined. 17738type InvalidHandshakeTransitionException struct { 17739 _ struct{} `type:"structure"` 17740 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 17741 17742 Message_ *string `locationName:"Message" type:"string"` 17743} 17744 17745// String returns the string representation 17746func (s InvalidHandshakeTransitionException) String() string { 17747 return awsutil.Prettify(s) 17748} 17749 17750// GoString returns the string representation 17751func (s InvalidHandshakeTransitionException) GoString() string { 17752 return s.String() 17753} 17754 17755func newErrorInvalidHandshakeTransitionException(v protocol.ResponseMetadata) error { 17756 return &InvalidHandshakeTransitionException{ 17757 RespMetadata: v, 17758 } 17759} 17760 17761// Code returns the exception type name. 17762func (s *InvalidHandshakeTransitionException) Code() string { 17763 return "InvalidHandshakeTransitionException" 17764} 17765 17766// Message returns the exception's message. 17767func (s *InvalidHandshakeTransitionException) Message() string { 17768 if s.Message_ != nil { 17769 return *s.Message_ 17770 } 17771 return "" 17772} 17773 17774// OrigErr always returns nil, satisfies awserr.Error interface. 17775func (s *InvalidHandshakeTransitionException) OrigErr() error { 17776 return nil 17777} 17778 17779func (s *InvalidHandshakeTransitionException) Error() string { 17780 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 17781} 17782 17783// Status code returns the HTTP status code for the request's response error. 17784func (s *InvalidHandshakeTransitionException) StatusCode() int { 17785 return s.RespMetadata.StatusCode 17786} 17787 17788// RequestID returns the service's response RequestID for request. 17789func (s *InvalidHandshakeTransitionException) RequestID() string { 17790 return s.RespMetadata.RequestID 17791} 17792 17793// The requested operation failed because you provided invalid values for one 17794// or more of the request parameters. This exception includes a reason that 17795// contains additional information about the violated limit: 17796// 17797// Some of the reasons in the following list might not be applicable to this 17798// specific API or operation. 17799// 17800// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 17801// can't be modified. 17802// 17803// * INPUT_REQUIRED: You must include a value for all required parameters. 17804// 17805// * INVALID_ENUM: You specified an invalid value. 17806// 17807// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 17808// characters. 17809// 17810// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 17811// at least one invalid value. 17812// 17813// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 17814// from the response to a previous call of the operation. 17815// 17816// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 17817// organization, or email) as a party. 17818// 17819// * INVALID_PATTERN: You provided a value that doesn't match the required 17820// pattern. 17821// 17822// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 17823// match the required pattern. 17824// 17825// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 17826// name can't begin with the reserved prefix AWSServiceRoleFor. 17827// 17828// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 17829// Name (ARN) for the organization. 17830// 17831// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 17832// 17833// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 17834// tag. You can’t add, edit, or delete system tag keys because they're 17835// reserved for AWS use. System tags don’t count against your tags per 17836// resource limit. 17837// 17838// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 17839// for the operation. 17840// 17841// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 17842// than allowed. 17843// 17844// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 17845// value than allowed. 17846// 17847// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 17848// than allowed. 17849// 17850// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 17851// value than allowed. 17852// 17853// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 17854// between entities in the same root. 17855type InvalidInputException struct { 17856 _ struct{} `type:"structure"` 17857 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 17858 17859 Message_ *string `locationName:"Message" type:"string"` 17860 17861 Reason *string `type:"string" enum:"InvalidInputExceptionReason"` 17862} 17863 17864// String returns the string representation 17865func (s InvalidInputException) String() string { 17866 return awsutil.Prettify(s) 17867} 17868 17869// GoString returns the string representation 17870func (s InvalidInputException) GoString() string { 17871 return s.String() 17872} 17873 17874func newErrorInvalidInputException(v protocol.ResponseMetadata) error { 17875 return &InvalidInputException{ 17876 RespMetadata: v, 17877 } 17878} 17879 17880// Code returns the exception type name. 17881func (s *InvalidInputException) Code() string { 17882 return "InvalidInputException" 17883} 17884 17885// Message returns the exception's message. 17886func (s *InvalidInputException) Message() string { 17887 if s.Message_ != nil { 17888 return *s.Message_ 17889 } 17890 return "" 17891} 17892 17893// OrigErr always returns nil, satisfies awserr.Error interface. 17894func (s *InvalidInputException) OrigErr() error { 17895 return nil 17896} 17897 17898func (s *InvalidInputException) Error() string { 17899 return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) 17900} 17901 17902// Status code returns the HTTP status code for the request's response error. 17903func (s *InvalidInputException) StatusCode() int { 17904 return s.RespMetadata.StatusCode 17905} 17906 17907// RequestID returns the service's response RequestID for request. 17908func (s *InvalidInputException) RequestID() string { 17909 return s.RespMetadata.RequestID 17910} 17911 17912type InviteAccountToOrganizationInput struct { 17913 _ struct{} `type:"structure"` 17914 17915 // Additional information that you want to include in the generated email to 17916 // the recipient account owner. 17917 Notes *string `type:"string" sensitive:"true"` 17918 17919 // The identifier (ID) of the AWS account that you want to invite to join your 17920 // organization. This is a JSON object that contains the following elements: 17921 // 17922 // { "Type": "ACCOUNT", "Id": "< account id number >" } 17923 // 17924 // If you use the AWS CLI, you can submit this as a single string, similar to 17925 // the following example: 17926 // 17927 // --target Id=123456789012,Type=ACCOUNT 17928 // 17929 // If you specify "Type": "ACCOUNT", you must provide the AWS account ID number 17930 // as the Id. If you specify "Type": "EMAIL", you must specify the email address 17931 // that is associated with the account. 17932 // 17933 // --target Id=diego@example.com,Type=EMAIL 17934 // 17935 // Target is a required field 17936 Target *HandshakeParty `type:"structure" required:"true"` 17937} 17938 17939// String returns the string representation 17940func (s InviteAccountToOrganizationInput) String() string { 17941 return awsutil.Prettify(s) 17942} 17943 17944// GoString returns the string representation 17945func (s InviteAccountToOrganizationInput) GoString() string { 17946 return s.String() 17947} 17948 17949// Validate inspects the fields of the type to determine if they are valid. 17950func (s *InviteAccountToOrganizationInput) Validate() error { 17951 invalidParams := request.ErrInvalidParams{Context: "InviteAccountToOrganizationInput"} 17952 if s.Target == nil { 17953 invalidParams.Add(request.NewErrParamRequired("Target")) 17954 } 17955 if s.Target != nil { 17956 if err := s.Target.Validate(); err != nil { 17957 invalidParams.AddNested("Target", err.(request.ErrInvalidParams)) 17958 } 17959 } 17960 17961 if invalidParams.Len() > 0 { 17962 return invalidParams 17963 } 17964 return nil 17965} 17966 17967// SetNotes sets the Notes field's value. 17968func (s *InviteAccountToOrganizationInput) SetNotes(v string) *InviteAccountToOrganizationInput { 17969 s.Notes = &v 17970 return s 17971} 17972 17973// SetTarget sets the Target field's value. 17974func (s *InviteAccountToOrganizationInput) SetTarget(v *HandshakeParty) *InviteAccountToOrganizationInput { 17975 s.Target = v 17976 return s 17977} 17978 17979type InviteAccountToOrganizationOutput struct { 17980 _ struct{} `type:"structure"` 17981 17982 // A structure that contains details about the handshake that is created to 17983 // support this invitation request. 17984 Handshake *Handshake `type:"structure"` 17985} 17986 17987// String returns the string representation 17988func (s InviteAccountToOrganizationOutput) String() string { 17989 return awsutil.Prettify(s) 17990} 17991 17992// GoString returns the string representation 17993func (s InviteAccountToOrganizationOutput) GoString() string { 17994 return s.String() 17995} 17996 17997// SetHandshake sets the Handshake field's value. 17998func (s *InviteAccountToOrganizationOutput) SetHandshake(v *Handshake) *InviteAccountToOrganizationOutput { 17999 s.Handshake = v 18000 return s 18001} 18002 18003type LeaveOrganizationInput struct { 18004 _ struct{} `type:"structure"` 18005} 18006 18007// String returns the string representation 18008func (s LeaveOrganizationInput) String() string { 18009 return awsutil.Prettify(s) 18010} 18011 18012// GoString returns the string representation 18013func (s LeaveOrganizationInput) GoString() string { 18014 return s.String() 18015} 18016 18017type LeaveOrganizationOutput struct { 18018 _ struct{} `type:"structure"` 18019} 18020 18021// String returns the string representation 18022func (s LeaveOrganizationOutput) String() string { 18023 return awsutil.Prettify(s) 18024} 18025 18026// GoString returns the string representation 18027func (s LeaveOrganizationOutput) GoString() string { 18028 return s.String() 18029} 18030 18031type ListAWSServiceAccessForOrganizationInput struct { 18032 _ struct{} `type:"structure"` 18033 18034 // The total number of results that you want included on each page of the response. 18035 // If you do not include this parameter, it defaults to a value that is specific 18036 // to the operation. If additional items exist beyond the maximum you specify, 18037 // the NextToken response element is present and has a value (is not null). 18038 // Include that value as the NextToken request parameter in the next call to 18039 // the operation to get the next part of the results. Note that Organizations 18040 // might return fewer results than the maximum even when there are more results 18041 // available. You should check NextToken after every operation to ensure that 18042 // you receive all of the results. 18043 MaxResults *int64 `min:"1" type:"integer"` 18044 18045 // The parameter for receiving additional results if you receive a NextToken 18046 // response in a previous request. A NextToken response indicates that more 18047 // output is available. Set this parameter to the value of the previous call's 18048 // NextToken response to indicate where the output should continue from. 18049 NextToken *string `type:"string"` 18050} 18051 18052// String returns the string representation 18053func (s ListAWSServiceAccessForOrganizationInput) String() string { 18054 return awsutil.Prettify(s) 18055} 18056 18057// GoString returns the string representation 18058func (s ListAWSServiceAccessForOrganizationInput) GoString() string { 18059 return s.String() 18060} 18061 18062// Validate inspects the fields of the type to determine if they are valid. 18063func (s *ListAWSServiceAccessForOrganizationInput) Validate() error { 18064 invalidParams := request.ErrInvalidParams{Context: "ListAWSServiceAccessForOrganizationInput"} 18065 if s.MaxResults != nil && *s.MaxResults < 1 { 18066 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 18067 } 18068 18069 if invalidParams.Len() > 0 { 18070 return invalidParams 18071 } 18072 return nil 18073} 18074 18075// SetMaxResults sets the MaxResults field's value. 18076func (s *ListAWSServiceAccessForOrganizationInput) SetMaxResults(v int64) *ListAWSServiceAccessForOrganizationInput { 18077 s.MaxResults = &v 18078 return s 18079} 18080 18081// SetNextToken sets the NextToken field's value. 18082func (s *ListAWSServiceAccessForOrganizationInput) SetNextToken(v string) *ListAWSServiceAccessForOrganizationInput { 18083 s.NextToken = &v 18084 return s 18085} 18086 18087type ListAWSServiceAccessForOrganizationOutput struct { 18088 _ struct{} `type:"structure"` 18089 18090 // A list of the service principals for the services that are enabled to integrate 18091 // with your organization. Each principal is a structure that includes the name 18092 // and the date that it was enabled for integration with AWS Organizations. 18093 EnabledServicePrincipals []*EnabledServicePrincipal `type:"list"` 18094 18095 // If present, indicates that more output is available than is included in the 18096 // current response. Use this value in the NextToken request parameter in a 18097 // subsequent call to the operation to get the next part of the output. You 18098 // should repeat this until the NextToken response element comes back as null. 18099 NextToken *string `type:"string"` 18100} 18101 18102// String returns the string representation 18103func (s ListAWSServiceAccessForOrganizationOutput) String() string { 18104 return awsutil.Prettify(s) 18105} 18106 18107// GoString returns the string representation 18108func (s ListAWSServiceAccessForOrganizationOutput) GoString() string { 18109 return s.String() 18110} 18111 18112// SetEnabledServicePrincipals sets the EnabledServicePrincipals field's value. 18113func (s *ListAWSServiceAccessForOrganizationOutput) SetEnabledServicePrincipals(v []*EnabledServicePrincipal) *ListAWSServiceAccessForOrganizationOutput { 18114 s.EnabledServicePrincipals = v 18115 return s 18116} 18117 18118// SetNextToken sets the NextToken field's value. 18119func (s *ListAWSServiceAccessForOrganizationOutput) SetNextToken(v string) *ListAWSServiceAccessForOrganizationOutput { 18120 s.NextToken = &v 18121 return s 18122} 18123 18124type ListAccountsForParentInput struct { 18125 _ struct{} `type:"structure"` 18126 18127 // The total number of results that you want included on each page of the response. 18128 // If you do not include this parameter, it defaults to a value that is specific 18129 // to the operation. If additional items exist beyond the maximum you specify, 18130 // the NextToken response element is present and has a value (is not null). 18131 // Include that value as the NextToken request parameter in the next call to 18132 // the operation to get the next part of the results. Note that Organizations 18133 // might return fewer results than the maximum even when there are more results 18134 // available. You should check NextToken after every operation to ensure that 18135 // you receive all of the results. 18136 MaxResults *int64 `min:"1" type:"integer"` 18137 18138 // The parameter for receiving additional results if you receive a NextToken 18139 // response in a previous request. A NextToken response indicates that more 18140 // output is available. Set this parameter to the value of the previous call's 18141 // NextToken response to indicate where the output should continue from. 18142 NextToken *string `type:"string"` 18143 18144 // The unique identifier (ID) for the parent root or organization unit (OU) 18145 // whose accounts you want to list. 18146 // 18147 // ParentId is a required field 18148 ParentId *string `type:"string" required:"true"` 18149} 18150 18151// String returns the string representation 18152func (s ListAccountsForParentInput) String() string { 18153 return awsutil.Prettify(s) 18154} 18155 18156// GoString returns the string representation 18157func (s ListAccountsForParentInput) GoString() string { 18158 return s.String() 18159} 18160 18161// Validate inspects the fields of the type to determine if they are valid. 18162func (s *ListAccountsForParentInput) Validate() error { 18163 invalidParams := request.ErrInvalidParams{Context: "ListAccountsForParentInput"} 18164 if s.MaxResults != nil && *s.MaxResults < 1 { 18165 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 18166 } 18167 if s.ParentId == nil { 18168 invalidParams.Add(request.NewErrParamRequired("ParentId")) 18169 } 18170 18171 if invalidParams.Len() > 0 { 18172 return invalidParams 18173 } 18174 return nil 18175} 18176 18177// SetMaxResults sets the MaxResults field's value. 18178func (s *ListAccountsForParentInput) SetMaxResults(v int64) *ListAccountsForParentInput { 18179 s.MaxResults = &v 18180 return s 18181} 18182 18183// SetNextToken sets the NextToken field's value. 18184func (s *ListAccountsForParentInput) SetNextToken(v string) *ListAccountsForParentInput { 18185 s.NextToken = &v 18186 return s 18187} 18188 18189// SetParentId sets the ParentId field's value. 18190func (s *ListAccountsForParentInput) SetParentId(v string) *ListAccountsForParentInput { 18191 s.ParentId = &v 18192 return s 18193} 18194 18195type ListAccountsForParentOutput struct { 18196 _ struct{} `type:"structure"` 18197 18198 // A list of the accounts in the specified root or OU. 18199 Accounts []*Account `type:"list"` 18200 18201 // If present, indicates that more output is available than is included in the 18202 // current response. Use this value in the NextToken request parameter in a 18203 // subsequent call to the operation to get the next part of the output. You 18204 // should repeat this until the NextToken response element comes back as null. 18205 NextToken *string `type:"string"` 18206} 18207 18208// String returns the string representation 18209func (s ListAccountsForParentOutput) String() string { 18210 return awsutil.Prettify(s) 18211} 18212 18213// GoString returns the string representation 18214func (s ListAccountsForParentOutput) GoString() string { 18215 return s.String() 18216} 18217 18218// SetAccounts sets the Accounts field's value. 18219func (s *ListAccountsForParentOutput) SetAccounts(v []*Account) *ListAccountsForParentOutput { 18220 s.Accounts = v 18221 return s 18222} 18223 18224// SetNextToken sets the NextToken field's value. 18225func (s *ListAccountsForParentOutput) SetNextToken(v string) *ListAccountsForParentOutput { 18226 s.NextToken = &v 18227 return s 18228} 18229 18230type ListAccountsInput struct { 18231 _ struct{} `type:"structure"` 18232 18233 // The total number of results that you want included on each page of the response. 18234 // If you do not include this parameter, it defaults to a value that is specific 18235 // to the operation. If additional items exist beyond the maximum you specify, 18236 // the NextToken response element is present and has a value (is not null). 18237 // Include that value as the NextToken request parameter in the next call to 18238 // the operation to get the next part of the results. Note that Organizations 18239 // might return fewer results than the maximum even when there are more results 18240 // available. You should check NextToken after every operation to ensure that 18241 // you receive all of the results. 18242 MaxResults *int64 `min:"1" type:"integer"` 18243 18244 // The parameter for receiving additional results if you receive a NextToken 18245 // response in a previous request. A NextToken response indicates that more 18246 // output is available. Set this parameter to the value of the previous call's 18247 // NextToken response to indicate where the output should continue from. 18248 NextToken *string `type:"string"` 18249} 18250 18251// String returns the string representation 18252func (s ListAccountsInput) String() string { 18253 return awsutil.Prettify(s) 18254} 18255 18256// GoString returns the string representation 18257func (s ListAccountsInput) GoString() string { 18258 return s.String() 18259} 18260 18261// Validate inspects the fields of the type to determine if they are valid. 18262func (s *ListAccountsInput) Validate() error { 18263 invalidParams := request.ErrInvalidParams{Context: "ListAccountsInput"} 18264 if s.MaxResults != nil && *s.MaxResults < 1 { 18265 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 18266 } 18267 18268 if invalidParams.Len() > 0 { 18269 return invalidParams 18270 } 18271 return nil 18272} 18273 18274// SetMaxResults sets the MaxResults field's value. 18275func (s *ListAccountsInput) SetMaxResults(v int64) *ListAccountsInput { 18276 s.MaxResults = &v 18277 return s 18278} 18279 18280// SetNextToken sets the NextToken field's value. 18281func (s *ListAccountsInput) SetNextToken(v string) *ListAccountsInput { 18282 s.NextToken = &v 18283 return s 18284} 18285 18286type ListAccountsOutput struct { 18287 _ struct{} `type:"structure"` 18288 18289 // A list of objects in the organization. 18290 Accounts []*Account `type:"list"` 18291 18292 // If present, indicates that more output is available than is included in the 18293 // current response. Use this value in the NextToken request parameter in a 18294 // subsequent call to the operation to get the next part of the output. You 18295 // should repeat this until the NextToken response element comes back as null. 18296 NextToken *string `type:"string"` 18297} 18298 18299// String returns the string representation 18300func (s ListAccountsOutput) String() string { 18301 return awsutil.Prettify(s) 18302} 18303 18304// GoString returns the string representation 18305func (s ListAccountsOutput) GoString() string { 18306 return s.String() 18307} 18308 18309// SetAccounts sets the Accounts field's value. 18310func (s *ListAccountsOutput) SetAccounts(v []*Account) *ListAccountsOutput { 18311 s.Accounts = v 18312 return s 18313} 18314 18315// SetNextToken sets the NextToken field's value. 18316func (s *ListAccountsOutput) SetNextToken(v string) *ListAccountsOutput { 18317 s.NextToken = &v 18318 return s 18319} 18320 18321type ListChildrenInput struct { 18322 _ struct{} `type:"structure"` 18323 18324 // Filters the output to include only the specified child type. 18325 // 18326 // ChildType is a required field 18327 ChildType *string `type:"string" required:"true" enum:"ChildType"` 18328 18329 // The total number of results that you want included on each page of the response. 18330 // If you do not include this parameter, it defaults to a value that is specific 18331 // to the operation. If additional items exist beyond the maximum you specify, 18332 // the NextToken response element is present and has a value (is not null). 18333 // Include that value as the NextToken request parameter in the next call to 18334 // the operation to get the next part of the results. Note that Organizations 18335 // might return fewer results than the maximum even when there are more results 18336 // available. You should check NextToken after every operation to ensure that 18337 // you receive all of the results. 18338 MaxResults *int64 `min:"1" type:"integer"` 18339 18340 // The parameter for receiving additional results if you receive a NextToken 18341 // response in a previous request. A NextToken response indicates that more 18342 // output is available. Set this parameter to the value of the previous call's 18343 // NextToken response to indicate where the output should continue from. 18344 NextToken *string `type:"string"` 18345 18346 // The unique identifier (ID) for the parent root or OU whose children you want 18347 // to list. 18348 // 18349 // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string 18350 // requires one of the following: 18351 // 18352 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 18353 // letters or digits. 18354 // 18355 // * Organizational unit (OU) - A string that begins with "ou-" followed 18356 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 18357 // OU is in). This string is followed by a second "-" dash and from 8 to 18358 // 32 additional lowercase letters or digits. 18359 // 18360 // ParentId is a required field 18361 ParentId *string `type:"string" required:"true"` 18362} 18363 18364// String returns the string representation 18365func (s ListChildrenInput) String() string { 18366 return awsutil.Prettify(s) 18367} 18368 18369// GoString returns the string representation 18370func (s ListChildrenInput) GoString() string { 18371 return s.String() 18372} 18373 18374// Validate inspects the fields of the type to determine if they are valid. 18375func (s *ListChildrenInput) Validate() error { 18376 invalidParams := request.ErrInvalidParams{Context: "ListChildrenInput"} 18377 if s.ChildType == nil { 18378 invalidParams.Add(request.NewErrParamRequired("ChildType")) 18379 } 18380 if s.MaxResults != nil && *s.MaxResults < 1 { 18381 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 18382 } 18383 if s.ParentId == nil { 18384 invalidParams.Add(request.NewErrParamRequired("ParentId")) 18385 } 18386 18387 if invalidParams.Len() > 0 { 18388 return invalidParams 18389 } 18390 return nil 18391} 18392 18393// SetChildType sets the ChildType field's value. 18394func (s *ListChildrenInput) SetChildType(v string) *ListChildrenInput { 18395 s.ChildType = &v 18396 return s 18397} 18398 18399// SetMaxResults sets the MaxResults field's value. 18400func (s *ListChildrenInput) SetMaxResults(v int64) *ListChildrenInput { 18401 s.MaxResults = &v 18402 return s 18403} 18404 18405// SetNextToken sets the NextToken field's value. 18406func (s *ListChildrenInput) SetNextToken(v string) *ListChildrenInput { 18407 s.NextToken = &v 18408 return s 18409} 18410 18411// SetParentId sets the ParentId field's value. 18412func (s *ListChildrenInput) SetParentId(v string) *ListChildrenInput { 18413 s.ParentId = &v 18414 return s 18415} 18416 18417type ListChildrenOutput struct { 18418 _ struct{} `type:"structure"` 18419 18420 // The list of children of the specified parent container. 18421 Children []*Child `type:"list"` 18422 18423 // If present, indicates that more output is available than is included in the 18424 // current response. Use this value in the NextToken request parameter in a 18425 // subsequent call to the operation to get the next part of the output. You 18426 // should repeat this until the NextToken response element comes back as null. 18427 NextToken *string `type:"string"` 18428} 18429 18430// String returns the string representation 18431func (s ListChildrenOutput) String() string { 18432 return awsutil.Prettify(s) 18433} 18434 18435// GoString returns the string representation 18436func (s ListChildrenOutput) GoString() string { 18437 return s.String() 18438} 18439 18440// SetChildren sets the Children field's value. 18441func (s *ListChildrenOutput) SetChildren(v []*Child) *ListChildrenOutput { 18442 s.Children = v 18443 return s 18444} 18445 18446// SetNextToken sets the NextToken field's value. 18447func (s *ListChildrenOutput) SetNextToken(v string) *ListChildrenOutput { 18448 s.NextToken = &v 18449 return s 18450} 18451 18452type ListCreateAccountStatusInput struct { 18453 _ struct{} `type:"structure"` 18454 18455 // The total number of results that you want included on each page of the response. 18456 // If you do not include this parameter, it defaults to a value that is specific 18457 // to the operation. If additional items exist beyond the maximum you specify, 18458 // the NextToken response element is present and has a value (is not null). 18459 // Include that value as the NextToken request parameter in the next call to 18460 // the operation to get the next part of the results. Note that Organizations 18461 // might return fewer results than the maximum even when there are more results 18462 // available. You should check NextToken after every operation to ensure that 18463 // you receive all of the results. 18464 MaxResults *int64 `min:"1" type:"integer"` 18465 18466 // The parameter for receiving additional results if you receive a NextToken 18467 // response in a previous request. A NextToken response indicates that more 18468 // output is available. Set this parameter to the value of the previous call's 18469 // NextToken response to indicate where the output should continue from. 18470 NextToken *string `type:"string"` 18471 18472 // A list of one or more states that you want included in the response. If this 18473 // parameter isn't present, all requests are included in the response. 18474 States []*string `type:"list"` 18475} 18476 18477// String returns the string representation 18478func (s ListCreateAccountStatusInput) String() string { 18479 return awsutil.Prettify(s) 18480} 18481 18482// GoString returns the string representation 18483func (s ListCreateAccountStatusInput) GoString() string { 18484 return s.String() 18485} 18486 18487// Validate inspects the fields of the type to determine if they are valid. 18488func (s *ListCreateAccountStatusInput) Validate() error { 18489 invalidParams := request.ErrInvalidParams{Context: "ListCreateAccountStatusInput"} 18490 if s.MaxResults != nil && *s.MaxResults < 1 { 18491 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 18492 } 18493 18494 if invalidParams.Len() > 0 { 18495 return invalidParams 18496 } 18497 return nil 18498} 18499 18500// SetMaxResults sets the MaxResults field's value. 18501func (s *ListCreateAccountStatusInput) SetMaxResults(v int64) *ListCreateAccountStatusInput { 18502 s.MaxResults = &v 18503 return s 18504} 18505 18506// SetNextToken sets the NextToken field's value. 18507func (s *ListCreateAccountStatusInput) SetNextToken(v string) *ListCreateAccountStatusInput { 18508 s.NextToken = &v 18509 return s 18510} 18511 18512// SetStates sets the States field's value. 18513func (s *ListCreateAccountStatusInput) SetStates(v []*string) *ListCreateAccountStatusInput { 18514 s.States = v 18515 return s 18516} 18517 18518type ListCreateAccountStatusOutput struct { 18519 _ struct{} `type:"structure"` 18520 18521 // A list of objects with details about the requests. Certain elements, such 18522 // as the accountId number, are present in the output only after the account 18523 // has been successfully created. 18524 CreateAccountStatuses []*CreateAccountStatus `type:"list"` 18525 18526 // If present, indicates that more output is available than is included in the 18527 // current response. Use this value in the NextToken request parameter in a 18528 // subsequent call to the operation to get the next part of the output. You 18529 // should repeat this until the NextToken response element comes back as null. 18530 NextToken *string `type:"string"` 18531} 18532 18533// String returns the string representation 18534func (s ListCreateAccountStatusOutput) String() string { 18535 return awsutil.Prettify(s) 18536} 18537 18538// GoString returns the string representation 18539func (s ListCreateAccountStatusOutput) GoString() string { 18540 return s.String() 18541} 18542 18543// SetCreateAccountStatuses sets the CreateAccountStatuses field's value. 18544func (s *ListCreateAccountStatusOutput) SetCreateAccountStatuses(v []*CreateAccountStatus) *ListCreateAccountStatusOutput { 18545 s.CreateAccountStatuses = v 18546 return s 18547} 18548 18549// SetNextToken sets the NextToken field's value. 18550func (s *ListCreateAccountStatusOutput) SetNextToken(v string) *ListCreateAccountStatusOutput { 18551 s.NextToken = &v 18552 return s 18553} 18554 18555type ListDelegatedAdministratorsInput struct { 18556 _ struct{} `type:"structure"` 18557 18558 // The total number of results that you want included on each page of the response. 18559 // If you do not include this parameter, it defaults to a value that is specific 18560 // to the operation. If additional items exist beyond the maximum you specify, 18561 // the NextToken response element is present and has a value (is not null). 18562 // Include that value as the NextToken request parameter in the next call to 18563 // the operation to get the next part of the results. Note that Organizations 18564 // might return fewer results than the maximum even when there are more results 18565 // available. You should check NextToken after every operation to ensure that 18566 // you receive all of the results. 18567 MaxResults *int64 `min:"1" type:"integer"` 18568 18569 // The parameter for receiving additional results if you receive a NextToken 18570 // response in a previous request. A NextToken response indicates that more 18571 // output is available. Set this parameter to the value of the previous call's 18572 // NextToken response to indicate where the output should continue from. 18573 NextToken *string `type:"string"` 18574 18575 // Specifies a service principal name. If specified, then the operation lists 18576 // the delegated administrators only for the specified service. 18577 // 18578 // If you don't specify a service principal, the operation lists all delegated 18579 // administrators for all services in your organization. 18580 ServicePrincipal *string `min:"1" type:"string"` 18581} 18582 18583// String returns the string representation 18584func (s ListDelegatedAdministratorsInput) String() string { 18585 return awsutil.Prettify(s) 18586} 18587 18588// GoString returns the string representation 18589func (s ListDelegatedAdministratorsInput) GoString() string { 18590 return s.String() 18591} 18592 18593// Validate inspects the fields of the type to determine if they are valid. 18594func (s *ListDelegatedAdministratorsInput) Validate() error { 18595 invalidParams := request.ErrInvalidParams{Context: "ListDelegatedAdministratorsInput"} 18596 if s.MaxResults != nil && *s.MaxResults < 1 { 18597 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 18598 } 18599 if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 { 18600 invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1)) 18601 } 18602 18603 if invalidParams.Len() > 0 { 18604 return invalidParams 18605 } 18606 return nil 18607} 18608 18609// SetMaxResults sets the MaxResults field's value. 18610func (s *ListDelegatedAdministratorsInput) SetMaxResults(v int64) *ListDelegatedAdministratorsInput { 18611 s.MaxResults = &v 18612 return s 18613} 18614 18615// SetNextToken sets the NextToken field's value. 18616func (s *ListDelegatedAdministratorsInput) SetNextToken(v string) *ListDelegatedAdministratorsInput { 18617 s.NextToken = &v 18618 return s 18619} 18620 18621// SetServicePrincipal sets the ServicePrincipal field's value. 18622func (s *ListDelegatedAdministratorsInput) SetServicePrincipal(v string) *ListDelegatedAdministratorsInput { 18623 s.ServicePrincipal = &v 18624 return s 18625} 18626 18627type ListDelegatedAdministratorsOutput struct { 18628 _ struct{} `type:"structure"` 18629 18630 // The list of delegated administrators in your organization. 18631 DelegatedAdministrators []*DelegatedAdministrator `type:"list"` 18632 18633 // If present, indicates that more output is available than is included in the 18634 // current response. Use this value in the NextToken request parameter in a 18635 // subsequent call to the operation to get the next part of the output. You 18636 // should repeat this until the NextToken response element comes back as null. 18637 NextToken *string `type:"string"` 18638} 18639 18640// String returns the string representation 18641func (s ListDelegatedAdministratorsOutput) String() string { 18642 return awsutil.Prettify(s) 18643} 18644 18645// GoString returns the string representation 18646func (s ListDelegatedAdministratorsOutput) GoString() string { 18647 return s.String() 18648} 18649 18650// SetDelegatedAdministrators sets the DelegatedAdministrators field's value. 18651func (s *ListDelegatedAdministratorsOutput) SetDelegatedAdministrators(v []*DelegatedAdministrator) *ListDelegatedAdministratorsOutput { 18652 s.DelegatedAdministrators = v 18653 return s 18654} 18655 18656// SetNextToken sets the NextToken field's value. 18657func (s *ListDelegatedAdministratorsOutput) SetNextToken(v string) *ListDelegatedAdministratorsOutput { 18658 s.NextToken = &v 18659 return s 18660} 18661 18662type ListDelegatedServicesForAccountInput struct { 18663 _ struct{} `type:"structure"` 18664 18665 // The account ID number of a delegated administrator account in the organization. 18666 // 18667 // AccountId is a required field 18668 AccountId *string `type:"string" required:"true"` 18669 18670 // The total number of results that you want included on each page of the response. 18671 // If you do not include this parameter, it defaults to a value that is specific 18672 // to the operation. If additional items exist beyond the maximum you specify, 18673 // the NextToken response element is present and has a value (is not null). 18674 // Include that value as the NextToken request parameter in the next call to 18675 // the operation to get the next part of the results. Note that Organizations 18676 // might return fewer results than the maximum even when there are more results 18677 // available. You should check NextToken after every operation to ensure that 18678 // you receive all of the results. 18679 MaxResults *int64 `min:"1" type:"integer"` 18680 18681 // The parameter for receiving additional results if you receive a NextToken 18682 // response in a previous request. A NextToken response indicates that more 18683 // output is available. Set this parameter to the value of the previous call's 18684 // NextToken response to indicate where the output should continue from. 18685 NextToken *string `type:"string"` 18686} 18687 18688// String returns the string representation 18689func (s ListDelegatedServicesForAccountInput) String() string { 18690 return awsutil.Prettify(s) 18691} 18692 18693// GoString returns the string representation 18694func (s ListDelegatedServicesForAccountInput) GoString() string { 18695 return s.String() 18696} 18697 18698// Validate inspects the fields of the type to determine if they are valid. 18699func (s *ListDelegatedServicesForAccountInput) Validate() error { 18700 invalidParams := request.ErrInvalidParams{Context: "ListDelegatedServicesForAccountInput"} 18701 if s.AccountId == nil { 18702 invalidParams.Add(request.NewErrParamRequired("AccountId")) 18703 } 18704 if s.MaxResults != nil && *s.MaxResults < 1 { 18705 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 18706 } 18707 18708 if invalidParams.Len() > 0 { 18709 return invalidParams 18710 } 18711 return nil 18712} 18713 18714// SetAccountId sets the AccountId field's value. 18715func (s *ListDelegatedServicesForAccountInput) SetAccountId(v string) *ListDelegatedServicesForAccountInput { 18716 s.AccountId = &v 18717 return s 18718} 18719 18720// SetMaxResults sets the MaxResults field's value. 18721func (s *ListDelegatedServicesForAccountInput) SetMaxResults(v int64) *ListDelegatedServicesForAccountInput { 18722 s.MaxResults = &v 18723 return s 18724} 18725 18726// SetNextToken sets the NextToken field's value. 18727func (s *ListDelegatedServicesForAccountInput) SetNextToken(v string) *ListDelegatedServicesForAccountInput { 18728 s.NextToken = &v 18729 return s 18730} 18731 18732type ListDelegatedServicesForAccountOutput struct { 18733 _ struct{} `type:"structure"` 18734 18735 // The services for which the account is a delegated administrator. 18736 DelegatedServices []*DelegatedService `type:"list"` 18737 18738 // If present, indicates that more output is available than is included in the 18739 // current response. Use this value in the NextToken request parameter in a 18740 // subsequent call to the operation to get the next part of the output. You 18741 // should repeat this until the NextToken response element comes back as null. 18742 NextToken *string `type:"string"` 18743} 18744 18745// String returns the string representation 18746func (s ListDelegatedServicesForAccountOutput) String() string { 18747 return awsutil.Prettify(s) 18748} 18749 18750// GoString returns the string representation 18751func (s ListDelegatedServicesForAccountOutput) GoString() string { 18752 return s.String() 18753} 18754 18755// SetDelegatedServices sets the DelegatedServices field's value. 18756func (s *ListDelegatedServicesForAccountOutput) SetDelegatedServices(v []*DelegatedService) *ListDelegatedServicesForAccountOutput { 18757 s.DelegatedServices = v 18758 return s 18759} 18760 18761// SetNextToken sets the NextToken field's value. 18762func (s *ListDelegatedServicesForAccountOutput) SetNextToken(v string) *ListDelegatedServicesForAccountOutput { 18763 s.NextToken = &v 18764 return s 18765} 18766 18767type ListHandshakesForAccountInput struct { 18768 _ struct{} `type:"structure"` 18769 18770 // Filters the handshakes that you want included in the response. The default 18771 // is all types. Use the ActionType element to limit the output to only a specified 18772 // type, such as INVITE, ENABLE_ALL_FEATURES, or APPROVE_ALL_FEATURES. Alternatively, 18773 // for the ENABLE_ALL_FEATURES handshake that generates a separate child handshake 18774 // for each member account, you can specify ParentHandshakeId to see only the 18775 // handshakes that were generated by that parent request. 18776 Filter *HandshakeFilter `type:"structure"` 18777 18778 // The total number of results that you want included on each page of the response. 18779 // If you do not include this parameter, it defaults to a value that is specific 18780 // to the operation. If additional items exist beyond the maximum you specify, 18781 // the NextToken response element is present and has a value (is not null). 18782 // Include that value as the NextToken request parameter in the next call to 18783 // the operation to get the next part of the results. Note that Organizations 18784 // might return fewer results than the maximum even when there are more results 18785 // available. You should check NextToken after every operation to ensure that 18786 // you receive all of the results. 18787 MaxResults *int64 `min:"1" type:"integer"` 18788 18789 // The parameter for receiving additional results if you receive a NextToken 18790 // response in a previous request. A NextToken response indicates that more 18791 // output is available. Set this parameter to the value of the previous call's 18792 // NextToken response to indicate where the output should continue from. 18793 NextToken *string `type:"string"` 18794} 18795 18796// String returns the string representation 18797func (s ListHandshakesForAccountInput) String() string { 18798 return awsutil.Prettify(s) 18799} 18800 18801// GoString returns the string representation 18802func (s ListHandshakesForAccountInput) GoString() string { 18803 return s.String() 18804} 18805 18806// Validate inspects the fields of the type to determine if they are valid. 18807func (s *ListHandshakesForAccountInput) Validate() error { 18808 invalidParams := request.ErrInvalidParams{Context: "ListHandshakesForAccountInput"} 18809 if s.MaxResults != nil && *s.MaxResults < 1 { 18810 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 18811 } 18812 18813 if invalidParams.Len() > 0 { 18814 return invalidParams 18815 } 18816 return nil 18817} 18818 18819// SetFilter sets the Filter field's value. 18820func (s *ListHandshakesForAccountInput) SetFilter(v *HandshakeFilter) *ListHandshakesForAccountInput { 18821 s.Filter = v 18822 return s 18823} 18824 18825// SetMaxResults sets the MaxResults field's value. 18826func (s *ListHandshakesForAccountInput) SetMaxResults(v int64) *ListHandshakesForAccountInput { 18827 s.MaxResults = &v 18828 return s 18829} 18830 18831// SetNextToken sets the NextToken field's value. 18832func (s *ListHandshakesForAccountInput) SetNextToken(v string) *ListHandshakesForAccountInput { 18833 s.NextToken = &v 18834 return s 18835} 18836 18837type ListHandshakesForAccountOutput struct { 18838 _ struct{} `type:"structure"` 18839 18840 // A list of Handshake objects with details about each of the handshakes that 18841 // is associated with the specified account. 18842 Handshakes []*Handshake `type:"list"` 18843 18844 // If present, indicates that more output is available than is included in the 18845 // current response. Use this value in the NextToken request parameter in a 18846 // subsequent call to the operation to get the next part of the output. You 18847 // should repeat this until the NextToken response element comes back as null. 18848 NextToken *string `type:"string"` 18849} 18850 18851// String returns the string representation 18852func (s ListHandshakesForAccountOutput) String() string { 18853 return awsutil.Prettify(s) 18854} 18855 18856// GoString returns the string representation 18857func (s ListHandshakesForAccountOutput) GoString() string { 18858 return s.String() 18859} 18860 18861// SetHandshakes sets the Handshakes field's value. 18862func (s *ListHandshakesForAccountOutput) SetHandshakes(v []*Handshake) *ListHandshakesForAccountOutput { 18863 s.Handshakes = v 18864 return s 18865} 18866 18867// SetNextToken sets the NextToken field's value. 18868func (s *ListHandshakesForAccountOutput) SetNextToken(v string) *ListHandshakesForAccountOutput { 18869 s.NextToken = &v 18870 return s 18871} 18872 18873type ListHandshakesForOrganizationInput struct { 18874 _ struct{} `type:"structure"` 18875 18876 // A filter of the handshakes that you want included in the response. The default 18877 // is all types. Use the ActionType element to limit the output to only a specified 18878 // type, such as INVITE, ENABLE-ALL-FEATURES, or APPROVE-ALL-FEATURES. Alternatively, 18879 // for the ENABLE-ALL-FEATURES handshake that generates a separate child handshake 18880 // for each member account, you can specify the ParentHandshakeId to see only 18881 // the handshakes that were generated by that parent request. 18882 Filter *HandshakeFilter `type:"structure"` 18883 18884 // The total number of results that you want included on each page of the response. 18885 // If you do not include this parameter, it defaults to a value that is specific 18886 // to the operation. If additional items exist beyond the maximum you specify, 18887 // the NextToken response element is present and has a value (is not null). 18888 // Include that value as the NextToken request parameter in the next call to 18889 // the operation to get the next part of the results. Note that Organizations 18890 // might return fewer results than the maximum even when there are more results 18891 // available. You should check NextToken after every operation to ensure that 18892 // you receive all of the results. 18893 MaxResults *int64 `min:"1" type:"integer"` 18894 18895 // The parameter for receiving additional results if you receive a NextToken 18896 // response in a previous request. A NextToken response indicates that more 18897 // output is available. Set this parameter to the value of the previous call's 18898 // NextToken response to indicate where the output should continue from. 18899 NextToken *string `type:"string"` 18900} 18901 18902// String returns the string representation 18903func (s ListHandshakesForOrganizationInput) String() string { 18904 return awsutil.Prettify(s) 18905} 18906 18907// GoString returns the string representation 18908func (s ListHandshakesForOrganizationInput) GoString() string { 18909 return s.String() 18910} 18911 18912// Validate inspects the fields of the type to determine if they are valid. 18913func (s *ListHandshakesForOrganizationInput) Validate() error { 18914 invalidParams := request.ErrInvalidParams{Context: "ListHandshakesForOrganizationInput"} 18915 if s.MaxResults != nil && *s.MaxResults < 1 { 18916 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 18917 } 18918 18919 if invalidParams.Len() > 0 { 18920 return invalidParams 18921 } 18922 return nil 18923} 18924 18925// SetFilter sets the Filter field's value. 18926func (s *ListHandshakesForOrganizationInput) SetFilter(v *HandshakeFilter) *ListHandshakesForOrganizationInput { 18927 s.Filter = v 18928 return s 18929} 18930 18931// SetMaxResults sets the MaxResults field's value. 18932func (s *ListHandshakesForOrganizationInput) SetMaxResults(v int64) *ListHandshakesForOrganizationInput { 18933 s.MaxResults = &v 18934 return s 18935} 18936 18937// SetNextToken sets the NextToken field's value. 18938func (s *ListHandshakesForOrganizationInput) SetNextToken(v string) *ListHandshakesForOrganizationInput { 18939 s.NextToken = &v 18940 return s 18941} 18942 18943type ListHandshakesForOrganizationOutput struct { 18944 _ struct{} `type:"structure"` 18945 18946 // A list of Handshake objects with details about each of the handshakes that 18947 // are associated with an organization. 18948 Handshakes []*Handshake `type:"list"` 18949 18950 // If present, indicates that more output is available than is included in the 18951 // current response. Use this value in the NextToken request parameter in a 18952 // subsequent call to the operation to get the next part of the output. You 18953 // should repeat this until the NextToken response element comes back as null. 18954 NextToken *string `type:"string"` 18955} 18956 18957// String returns the string representation 18958func (s ListHandshakesForOrganizationOutput) String() string { 18959 return awsutil.Prettify(s) 18960} 18961 18962// GoString returns the string representation 18963func (s ListHandshakesForOrganizationOutput) GoString() string { 18964 return s.String() 18965} 18966 18967// SetHandshakes sets the Handshakes field's value. 18968func (s *ListHandshakesForOrganizationOutput) SetHandshakes(v []*Handshake) *ListHandshakesForOrganizationOutput { 18969 s.Handshakes = v 18970 return s 18971} 18972 18973// SetNextToken sets the NextToken field's value. 18974func (s *ListHandshakesForOrganizationOutput) SetNextToken(v string) *ListHandshakesForOrganizationOutput { 18975 s.NextToken = &v 18976 return s 18977} 18978 18979type ListOrganizationalUnitsForParentInput struct { 18980 _ struct{} `type:"structure"` 18981 18982 // The total number of results that you want included on each page of the response. 18983 // If you do not include this parameter, it defaults to a value that is specific 18984 // to the operation. If additional items exist beyond the maximum you specify, 18985 // the NextToken response element is present and has a value (is not null). 18986 // Include that value as the NextToken request parameter in the next call to 18987 // the operation to get the next part of the results. Note that Organizations 18988 // might return fewer results than the maximum even when there are more results 18989 // available. You should check NextToken after every operation to ensure that 18990 // you receive all of the results. 18991 MaxResults *int64 `min:"1" type:"integer"` 18992 18993 // The parameter for receiving additional results if you receive a NextToken 18994 // response in a previous request. A NextToken response indicates that more 18995 // output is available. Set this parameter to the value of the previous call's 18996 // NextToken response to indicate where the output should continue from. 18997 NextToken *string `type:"string"` 18998 18999 // The unique identifier (ID) of the root or OU whose child OUs you want to 19000 // list. 19001 // 19002 // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string 19003 // requires one of the following: 19004 // 19005 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 19006 // letters or digits. 19007 // 19008 // * Organizational unit (OU) - A string that begins with "ou-" followed 19009 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 19010 // OU is in). This string is followed by a second "-" dash and from 8 to 19011 // 32 additional lowercase letters or digits. 19012 // 19013 // ParentId is a required field 19014 ParentId *string `type:"string" required:"true"` 19015} 19016 19017// String returns the string representation 19018func (s ListOrganizationalUnitsForParentInput) String() string { 19019 return awsutil.Prettify(s) 19020} 19021 19022// GoString returns the string representation 19023func (s ListOrganizationalUnitsForParentInput) GoString() string { 19024 return s.String() 19025} 19026 19027// Validate inspects the fields of the type to determine if they are valid. 19028func (s *ListOrganizationalUnitsForParentInput) Validate() error { 19029 invalidParams := request.ErrInvalidParams{Context: "ListOrganizationalUnitsForParentInput"} 19030 if s.MaxResults != nil && *s.MaxResults < 1 { 19031 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 19032 } 19033 if s.ParentId == nil { 19034 invalidParams.Add(request.NewErrParamRequired("ParentId")) 19035 } 19036 19037 if invalidParams.Len() > 0 { 19038 return invalidParams 19039 } 19040 return nil 19041} 19042 19043// SetMaxResults sets the MaxResults field's value. 19044func (s *ListOrganizationalUnitsForParentInput) SetMaxResults(v int64) *ListOrganizationalUnitsForParentInput { 19045 s.MaxResults = &v 19046 return s 19047} 19048 19049// SetNextToken sets the NextToken field's value. 19050func (s *ListOrganizationalUnitsForParentInput) SetNextToken(v string) *ListOrganizationalUnitsForParentInput { 19051 s.NextToken = &v 19052 return s 19053} 19054 19055// SetParentId sets the ParentId field's value. 19056func (s *ListOrganizationalUnitsForParentInput) SetParentId(v string) *ListOrganizationalUnitsForParentInput { 19057 s.ParentId = &v 19058 return s 19059} 19060 19061type ListOrganizationalUnitsForParentOutput struct { 19062 _ struct{} `type:"structure"` 19063 19064 // If present, indicates that more output is available than is included in the 19065 // current response. Use this value in the NextToken request parameter in a 19066 // subsequent call to the operation to get the next part of the output. You 19067 // should repeat this until the NextToken response element comes back as null. 19068 NextToken *string `type:"string"` 19069 19070 // A list of the OUs in the specified root or parent OU. 19071 OrganizationalUnits []*OrganizationalUnit `type:"list"` 19072} 19073 19074// String returns the string representation 19075func (s ListOrganizationalUnitsForParentOutput) String() string { 19076 return awsutil.Prettify(s) 19077} 19078 19079// GoString returns the string representation 19080func (s ListOrganizationalUnitsForParentOutput) GoString() string { 19081 return s.String() 19082} 19083 19084// SetNextToken sets the NextToken field's value. 19085func (s *ListOrganizationalUnitsForParentOutput) SetNextToken(v string) *ListOrganizationalUnitsForParentOutput { 19086 s.NextToken = &v 19087 return s 19088} 19089 19090// SetOrganizationalUnits sets the OrganizationalUnits field's value. 19091func (s *ListOrganizationalUnitsForParentOutput) SetOrganizationalUnits(v []*OrganizationalUnit) *ListOrganizationalUnitsForParentOutput { 19092 s.OrganizationalUnits = v 19093 return s 19094} 19095 19096type ListParentsInput struct { 19097 _ struct{} `type:"structure"` 19098 19099 // The unique identifier (ID) of the OU or account whose parent containers you 19100 // want to list. Don't specify a root. 19101 // 19102 // The regex pattern (http://wikipedia.org/wiki/regex) for a child ID string 19103 // requires one of the following: 19104 // 19105 // * Account - A string that consists of exactly 12 digits. 19106 // 19107 // * Organizational unit (OU) - A string that begins with "ou-" followed 19108 // by from 4 to 32 lowercase letters or digits (the ID of the root that contains 19109 // the OU). This string is followed by a second "-" dash and from 8 to 32 19110 // additional lowercase letters or digits. 19111 // 19112 // ChildId is a required field 19113 ChildId *string `type:"string" required:"true"` 19114 19115 // The total number of results that you want included on each page of the response. 19116 // If you do not include this parameter, it defaults to a value that is specific 19117 // to the operation. If additional items exist beyond the maximum you specify, 19118 // the NextToken response element is present and has a value (is not null). 19119 // Include that value as the NextToken request parameter in the next call to 19120 // the operation to get the next part of the results. Note that Organizations 19121 // might return fewer results than the maximum even when there are more results 19122 // available. You should check NextToken after every operation to ensure that 19123 // you receive all of the results. 19124 MaxResults *int64 `min:"1" type:"integer"` 19125 19126 // The parameter for receiving additional results if you receive a NextToken 19127 // response in a previous request. A NextToken response indicates that more 19128 // output is available. Set this parameter to the value of the previous call's 19129 // NextToken response to indicate where the output should continue from. 19130 NextToken *string `type:"string"` 19131} 19132 19133// String returns the string representation 19134func (s ListParentsInput) String() string { 19135 return awsutil.Prettify(s) 19136} 19137 19138// GoString returns the string representation 19139func (s ListParentsInput) GoString() string { 19140 return s.String() 19141} 19142 19143// Validate inspects the fields of the type to determine if they are valid. 19144func (s *ListParentsInput) Validate() error { 19145 invalidParams := request.ErrInvalidParams{Context: "ListParentsInput"} 19146 if s.ChildId == nil { 19147 invalidParams.Add(request.NewErrParamRequired("ChildId")) 19148 } 19149 if s.MaxResults != nil && *s.MaxResults < 1 { 19150 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 19151 } 19152 19153 if invalidParams.Len() > 0 { 19154 return invalidParams 19155 } 19156 return nil 19157} 19158 19159// SetChildId sets the ChildId field's value. 19160func (s *ListParentsInput) SetChildId(v string) *ListParentsInput { 19161 s.ChildId = &v 19162 return s 19163} 19164 19165// SetMaxResults sets the MaxResults field's value. 19166func (s *ListParentsInput) SetMaxResults(v int64) *ListParentsInput { 19167 s.MaxResults = &v 19168 return s 19169} 19170 19171// SetNextToken sets the NextToken field's value. 19172func (s *ListParentsInput) SetNextToken(v string) *ListParentsInput { 19173 s.NextToken = &v 19174 return s 19175} 19176 19177type ListParentsOutput struct { 19178 _ struct{} `type:"structure"` 19179 19180 // If present, indicates that more output is available than is included in the 19181 // current response. Use this value in the NextToken request parameter in a 19182 // subsequent call to the operation to get the next part of the output. You 19183 // should repeat this until the NextToken response element comes back as null. 19184 NextToken *string `type:"string"` 19185 19186 // A list of parents for the specified child account or OU. 19187 Parents []*Parent `type:"list"` 19188} 19189 19190// String returns the string representation 19191func (s ListParentsOutput) String() string { 19192 return awsutil.Prettify(s) 19193} 19194 19195// GoString returns the string representation 19196func (s ListParentsOutput) GoString() string { 19197 return s.String() 19198} 19199 19200// SetNextToken sets the NextToken field's value. 19201func (s *ListParentsOutput) SetNextToken(v string) *ListParentsOutput { 19202 s.NextToken = &v 19203 return s 19204} 19205 19206// SetParents sets the Parents field's value. 19207func (s *ListParentsOutput) SetParents(v []*Parent) *ListParentsOutput { 19208 s.Parents = v 19209 return s 19210} 19211 19212type ListPoliciesForTargetInput struct { 19213 _ struct{} `type:"structure"` 19214 19215 // The type of policy that you want to include in the returned list. You must 19216 // specify one of the following values: 19217 // 19218 // * AISERVICES_OPT_OUT_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html) 19219 // 19220 // * BACKUP_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html) 19221 // 19222 // * SERVICE_CONTROL_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html) 19223 // 19224 // * TAG_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html) 19225 // 19226 // Filter is a required field 19227 Filter *string `type:"string" required:"true" enum:"PolicyType"` 19228 19229 // The total number of results that you want included on each page of the response. 19230 // If you do not include this parameter, it defaults to a value that is specific 19231 // to the operation. If additional items exist beyond the maximum you specify, 19232 // the NextToken response element is present and has a value (is not null). 19233 // Include that value as the NextToken request parameter in the next call to 19234 // the operation to get the next part of the results. Note that Organizations 19235 // might return fewer results than the maximum even when there are more results 19236 // available. You should check NextToken after every operation to ensure that 19237 // you receive all of the results. 19238 MaxResults *int64 `min:"1" type:"integer"` 19239 19240 // The parameter for receiving additional results if you receive a NextToken 19241 // response in a previous request. A NextToken response indicates that more 19242 // output is available. Set this parameter to the value of the previous call's 19243 // NextToken response to indicate where the output should continue from. 19244 NextToken *string `type:"string"` 19245 19246 // The unique identifier (ID) of the root, organizational unit, or account whose 19247 // policies you want to list. 19248 // 19249 // The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string 19250 // requires one of the following: 19251 // 19252 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 19253 // letters or digits. 19254 // 19255 // * Account - A string that consists of exactly 12 digits. 19256 // 19257 // * Organizational unit (OU) - A string that begins with "ou-" followed 19258 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 19259 // OU is in). This string is followed by a second "-" dash and from 8 to 19260 // 32 additional lowercase letters or digits. 19261 // 19262 // TargetId is a required field 19263 TargetId *string `type:"string" required:"true"` 19264} 19265 19266// String returns the string representation 19267func (s ListPoliciesForTargetInput) String() string { 19268 return awsutil.Prettify(s) 19269} 19270 19271// GoString returns the string representation 19272func (s ListPoliciesForTargetInput) GoString() string { 19273 return s.String() 19274} 19275 19276// Validate inspects the fields of the type to determine if they are valid. 19277func (s *ListPoliciesForTargetInput) Validate() error { 19278 invalidParams := request.ErrInvalidParams{Context: "ListPoliciesForTargetInput"} 19279 if s.Filter == nil { 19280 invalidParams.Add(request.NewErrParamRequired("Filter")) 19281 } 19282 if s.MaxResults != nil && *s.MaxResults < 1 { 19283 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 19284 } 19285 if s.TargetId == nil { 19286 invalidParams.Add(request.NewErrParamRequired("TargetId")) 19287 } 19288 19289 if invalidParams.Len() > 0 { 19290 return invalidParams 19291 } 19292 return nil 19293} 19294 19295// SetFilter sets the Filter field's value. 19296func (s *ListPoliciesForTargetInput) SetFilter(v string) *ListPoliciesForTargetInput { 19297 s.Filter = &v 19298 return s 19299} 19300 19301// SetMaxResults sets the MaxResults field's value. 19302func (s *ListPoliciesForTargetInput) SetMaxResults(v int64) *ListPoliciesForTargetInput { 19303 s.MaxResults = &v 19304 return s 19305} 19306 19307// SetNextToken sets the NextToken field's value. 19308func (s *ListPoliciesForTargetInput) SetNextToken(v string) *ListPoliciesForTargetInput { 19309 s.NextToken = &v 19310 return s 19311} 19312 19313// SetTargetId sets the TargetId field's value. 19314func (s *ListPoliciesForTargetInput) SetTargetId(v string) *ListPoliciesForTargetInput { 19315 s.TargetId = &v 19316 return s 19317} 19318 19319type ListPoliciesForTargetOutput struct { 19320 _ struct{} `type:"structure"` 19321 19322 // If present, indicates that more output is available than is included in the 19323 // current response. Use this value in the NextToken request parameter in a 19324 // subsequent call to the operation to get the next part of the output. You 19325 // should repeat this until the NextToken response element comes back as null. 19326 NextToken *string `type:"string"` 19327 19328 // The list of policies that match the criteria in the request. 19329 Policies []*PolicySummary `type:"list"` 19330} 19331 19332// String returns the string representation 19333func (s ListPoliciesForTargetOutput) String() string { 19334 return awsutil.Prettify(s) 19335} 19336 19337// GoString returns the string representation 19338func (s ListPoliciesForTargetOutput) GoString() string { 19339 return s.String() 19340} 19341 19342// SetNextToken sets the NextToken field's value. 19343func (s *ListPoliciesForTargetOutput) SetNextToken(v string) *ListPoliciesForTargetOutput { 19344 s.NextToken = &v 19345 return s 19346} 19347 19348// SetPolicies sets the Policies field's value. 19349func (s *ListPoliciesForTargetOutput) SetPolicies(v []*PolicySummary) *ListPoliciesForTargetOutput { 19350 s.Policies = v 19351 return s 19352} 19353 19354type ListPoliciesInput struct { 19355 _ struct{} `type:"structure"` 19356 19357 // Specifies the type of policy that you want to include in the response. You 19358 // must specify one of the following values: 19359 // 19360 // * AISERVICES_OPT_OUT_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html) 19361 // 19362 // * BACKUP_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html) 19363 // 19364 // * SERVICE_CONTROL_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html) 19365 // 19366 // * TAG_POLICY (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html) 19367 // 19368 // Filter is a required field 19369 Filter *string `type:"string" required:"true" enum:"PolicyType"` 19370 19371 // The total number of results that you want included on each page of the response. 19372 // If you do not include this parameter, it defaults to a value that is specific 19373 // to the operation. If additional items exist beyond the maximum you specify, 19374 // the NextToken response element is present and has a value (is not null). 19375 // Include that value as the NextToken request parameter in the next call to 19376 // the operation to get the next part of the results. Note that Organizations 19377 // might return fewer results than the maximum even when there are more results 19378 // available. You should check NextToken after every operation to ensure that 19379 // you receive all of the results. 19380 MaxResults *int64 `min:"1" type:"integer"` 19381 19382 // The parameter for receiving additional results if you receive a NextToken 19383 // response in a previous request. A NextToken response indicates that more 19384 // output is available. Set this parameter to the value of the previous call's 19385 // NextToken response to indicate where the output should continue from. 19386 NextToken *string `type:"string"` 19387} 19388 19389// String returns the string representation 19390func (s ListPoliciesInput) String() string { 19391 return awsutil.Prettify(s) 19392} 19393 19394// GoString returns the string representation 19395func (s ListPoliciesInput) GoString() string { 19396 return s.String() 19397} 19398 19399// Validate inspects the fields of the type to determine if they are valid. 19400func (s *ListPoliciesInput) Validate() error { 19401 invalidParams := request.ErrInvalidParams{Context: "ListPoliciesInput"} 19402 if s.Filter == nil { 19403 invalidParams.Add(request.NewErrParamRequired("Filter")) 19404 } 19405 if s.MaxResults != nil && *s.MaxResults < 1 { 19406 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 19407 } 19408 19409 if invalidParams.Len() > 0 { 19410 return invalidParams 19411 } 19412 return nil 19413} 19414 19415// SetFilter sets the Filter field's value. 19416func (s *ListPoliciesInput) SetFilter(v string) *ListPoliciesInput { 19417 s.Filter = &v 19418 return s 19419} 19420 19421// SetMaxResults sets the MaxResults field's value. 19422func (s *ListPoliciesInput) SetMaxResults(v int64) *ListPoliciesInput { 19423 s.MaxResults = &v 19424 return s 19425} 19426 19427// SetNextToken sets the NextToken field's value. 19428func (s *ListPoliciesInput) SetNextToken(v string) *ListPoliciesInput { 19429 s.NextToken = &v 19430 return s 19431} 19432 19433type ListPoliciesOutput struct { 19434 _ struct{} `type:"structure"` 19435 19436 // If present, indicates that more output is available than is included in the 19437 // current response. Use this value in the NextToken request parameter in a 19438 // subsequent call to the operation to get the next part of the output. You 19439 // should repeat this until the NextToken response element comes back as null. 19440 NextToken *string `type:"string"` 19441 19442 // A list of policies that match the filter criteria in the request. The output 19443 // list doesn't include the policy contents. To see the content for a policy, 19444 // see DescribePolicy. 19445 Policies []*PolicySummary `type:"list"` 19446} 19447 19448// String returns the string representation 19449func (s ListPoliciesOutput) String() string { 19450 return awsutil.Prettify(s) 19451} 19452 19453// GoString returns the string representation 19454func (s ListPoliciesOutput) GoString() string { 19455 return s.String() 19456} 19457 19458// SetNextToken sets the NextToken field's value. 19459func (s *ListPoliciesOutput) SetNextToken(v string) *ListPoliciesOutput { 19460 s.NextToken = &v 19461 return s 19462} 19463 19464// SetPolicies sets the Policies field's value. 19465func (s *ListPoliciesOutput) SetPolicies(v []*PolicySummary) *ListPoliciesOutput { 19466 s.Policies = v 19467 return s 19468} 19469 19470type ListRootsInput struct { 19471 _ struct{} `type:"structure"` 19472 19473 // The total number of results that you want included on each page of the response. 19474 // If you do not include this parameter, it defaults to a value that is specific 19475 // to the operation. If additional items exist beyond the maximum you specify, 19476 // the NextToken response element is present and has a value (is not null). 19477 // Include that value as the NextToken request parameter in the next call to 19478 // the operation to get the next part of the results. Note that Organizations 19479 // might return fewer results than the maximum even when there are more results 19480 // available. You should check NextToken after every operation to ensure that 19481 // you receive all of the results. 19482 MaxResults *int64 `min:"1" type:"integer"` 19483 19484 // The parameter for receiving additional results if you receive a NextToken 19485 // response in a previous request. A NextToken response indicates that more 19486 // output is available. Set this parameter to the value of the previous call's 19487 // NextToken response to indicate where the output should continue from. 19488 NextToken *string `type:"string"` 19489} 19490 19491// String returns the string representation 19492func (s ListRootsInput) String() string { 19493 return awsutil.Prettify(s) 19494} 19495 19496// GoString returns the string representation 19497func (s ListRootsInput) GoString() string { 19498 return s.String() 19499} 19500 19501// Validate inspects the fields of the type to determine if they are valid. 19502func (s *ListRootsInput) Validate() error { 19503 invalidParams := request.ErrInvalidParams{Context: "ListRootsInput"} 19504 if s.MaxResults != nil && *s.MaxResults < 1 { 19505 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 19506 } 19507 19508 if invalidParams.Len() > 0 { 19509 return invalidParams 19510 } 19511 return nil 19512} 19513 19514// SetMaxResults sets the MaxResults field's value. 19515func (s *ListRootsInput) SetMaxResults(v int64) *ListRootsInput { 19516 s.MaxResults = &v 19517 return s 19518} 19519 19520// SetNextToken sets the NextToken field's value. 19521func (s *ListRootsInput) SetNextToken(v string) *ListRootsInput { 19522 s.NextToken = &v 19523 return s 19524} 19525 19526type ListRootsOutput struct { 19527 _ struct{} `type:"structure"` 19528 19529 // If present, indicates that more output is available than is included in the 19530 // current response. Use this value in the NextToken request parameter in a 19531 // subsequent call to the operation to get the next part of the output. You 19532 // should repeat this until the NextToken response element comes back as null. 19533 NextToken *string `type:"string"` 19534 19535 // A list of roots that are defined in an organization. 19536 Roots []*Root `type:"list"` 19537} 19538 19539// String returns the string representation 19540func (s ListRootsOutput) String() string { 19541 return awsutil.Prettify(s) 19542} 19543 19544// GoString returns the string representation 19545func (s ListRootsOutput) GoString() string { 19546 return s.String() 19547} 19548 19549// SetNextToken sets the NextToken field's value. 19550func (s *ListRootsOutput) SetNextToken(v string) *ListRootsOutput { 19551 s.NextToken = &v 19552 return s 19553} 19554 19555// SetRoots sets the Roots field's value. 19556func (s *ListRootsOutput) SetRoots(v []*Root) *ListRootsOutput { 19557 s.Roots = v 19558 return s 19559} 19560 19561type ListTagsForResourceInput struct { 19562 _ struct{} `type:"structure"` 19563 19564 // The parameter for receiving additional results if you receive a NextToken 19565 // response in a previous request. A NextToken response indicates that more 19566 // output is available. Set this parameter to the value of the previous call's 19567 // NextToken response to indicate where the output should continue from. 19568 NextToken *string `type:"string"` 19569 19570 // The ID of the resource that you want to retrieve tags for. 19571 // 19572 // ResourceId is a required field 19573 ResourceId *string `type:"string" required:"true"` 19574} 19575 19576// String returns the string representation 19577func (s ListTagsForResourceInput) String() string { 19578 return awsutil.Prettify(s) 19579} 19580 19581// GoString returns the string representation 19582func (s ListTagsForResourceInput) GoString() string { 19583 return s.String() 19584} 19585 19586// Validate inspects the fields of the type to determine if they are valid. 19587func (s *ListTagsForResourceInput) Validate() error { 19588 invalidParams := request.ErrInvalidParams{Context: "ListTagsForResourceInput"} 19589 if s.ResourceId == nil { 19590 invalidParams.Add(request.NewErrParamRequired("ResourceId")) 19591 } 19592 19593 if invalidParams.Len() > 0 { 19594 return invalidParams 19595 } 19596 return nil 19597} 19598 19599// SetNextToken sets the NextToken field's value. 19600func (s *ListTagsForResourceInput) SetNextToken(v string) *ListTagsForResourceInput { 19601 s.NextToken = &v 19602 return s 19603} 19604 19605// SetResourceId sets the ResourceId field's value. 19606func (s *ListTagsForResourceInput) SetResourceId(v string) *ListTagsForResourceInput { 19607 s.ResourceId = &v 19608 return s 19609} 19610 19611type ListTagsForResourceOutput struct { 19612 _ struct{} `type:"structure"` 19613 19614 // If present, indicates that more output is available than is included in the 19615 // current response. Use this value in the NextToken request parameter in a 19616 // subsequent call to the operation to get the next part of the output. You 19617 // should repeat this until the NextToken response element comes back as null. 19618 NextToken *string `type:"string"` 19619 19620 // The tags that are assigned to the resource. 19621 Tags []*Tag `type:"list"` 19622} 19623 19624// String returns the string representation 19625func (s ListTagsForResourceOutput) String() string { 19626 return awsutil.Prettify(s) 19627} 19628 19629// GoString returns the string representation 19630func (s ListTagsForResourceOutput) GoString() string { 19631 return s.String() 19632} 19633 19634// SetNextToken sets the NextToken field's value. 19635func (s *ListTagsForResourceOutput) SetNextToken(v string) *ListTagsForResourceOutput { 19636 s.NextToken = &v 19637 return s 19638} 19639 19640// SetTags sets the Tags field's value. 19641func (s *ListTagsForResourceOutput) SetTags(v []*Tag) *ListTagsForResourceOutput { 19642 s.Tags = v 19643 return s 19644} 19645 19646type ListTargetsForPolicyInput struct { 19647 _ struct{} `type:"structure"` 19648 19649 // The total number of results that you want included on each page of the response. 19650 // If you do not include this parameter, it defaults to a value that is specific 19651 // to the operation. If additional items exist beyond the maximum you specify, 19652 // the NextToken response element is present and has a value (is not null). 19653 // Include that value as the NextToken request parameter in the next call to 19654 // the operation to get the next part of the results. Note that Organizations 19655 // might return fewer results than the maximum even when there are more results 19656 // available. You should check NextToken after every operation to ensure that 19657 // you receive all of the results. 19658 MaxResults *int64 `min:"1" type:"integer"` 19659 19660 // The parameter for receiving additional results if you receive a NextToken 19661 // response in a previous request. A NextToken response indicates that more 19662 // output is available. Set this parameter to the value of the previous call's 19663 // NextToken response to indicate where the output should continue from. 19664 NextToken *string `type:"string"` 19665 19666 // The unique identifier (ID) of the policy whose attachments you want to know. 19667 // 19668 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 19669 // requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits, 19670 // or the underscore character (_). 19671 // 19672 // PolicyId is a required field 19673 PolicyId *string `type:"string" required:"true"` 19674} 19675 19676// String returns the string representation 19677func (s ListTargetsForPolicyInput) String() string { 19678 return awsutil.Prettify(s) 19679} 19680 19681// GoString returns the string representation 19682func (s ListTargetsForPolicyInput) GoString() string { 19683 return s.String() 19684} 19685 19686// Validate inspects the fields of the type to determine if they are valid. 19687func (s *ListTargetsForPolicyInput) Validate() error { 19688 invalidParams := request.ErrInvalidParams{Context: "ListTargetsForPolicyInput"} 19689 if s.MaxResults != nil && *s.MaxResults < 1 { 19690 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 19691 } 19692 if s.PolicyId == nil { 19693 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 19694 } 19695 19696 if invalidParams.Len() > 0 { 19697 return invalidParams 19698 } 19699 return nil 19700} 19701 19702// SetMaxResults sets the MaxResults field's value. 19703func (s *ListTargetsForPolicyInput) SetMaxResults(v int64) *ListTargetsForPolicyInput { 19704 s.MaxResults = &v 19705 return s 19706} 19707 19708// SetNextToken sets the NextToken field's value. 19709func (s *ListTargetsForPolicyInput) SetNextToken(v string) *ListTargetsForPolicyInput { 19710 s.NextToken = &v 19711 return s 19712} 19713 19714// SetPolicyId sets the PolicyId field's value. 19715func (s *ListTargetsForPolicyInput) SetPolicyId(v string) *ListTargetsForPolicyInput { 19716 s.PolicyId = &v 19717 return s 19718} 19719 19720type ListTargetsForPolicyOutput struct { 19721 _ struct{} `type:"structure"` 19722 19723 // If present, indicates that more output is available than is included in the 19724 // current response. Use this value in the NextToken request parameter in a 19725 // subsequent call to the operation to get the next part of the output. You 19726 // should repeat this until the NextToken response element comes back as null. 19727 NextToken *string `type:"string"` 19728 19729 // A list of structures, each of which contains details about one of the entities 19730 // to which the specified policy is attached. 19731 Targets []*PolicyTargetSummary `type:"list"` 19732} 19733 19734// String returns the string representation 19735func (s ListTargetsForPolicyOutput) String() string { 19736 return awsutil.Prettify(s) 19737} 19738 19739// GoString returns the string representation 19740func (s ListTargetsForPolicyOutput) GoString() string { 19741 return s.String() 19742} 19743 19744// SetNextToken sets the NextToken field's value. 19745func (s *ListTargetsForPolicyOutput) SetNextToken(v string) *ListTargetsForPolicyOutput { 19746 s.NextToken = &v 19747 return s 19748} 19749 19750// SetTargets sets the Targets field's value. 19751func (s *ListTargetsForPolicyOutput) SetTargets(v []*PolicyTargetSummary) *ListTargetsForPolicyOutput { 19752 s.Targets = v 19753 return s 19754} 19755 19756// The provided policy document doesn't meet the requirements of the specified 19757// policy type. For example, the syntax might be incorrect. For details about 19758// service control policy syntax, see Service Control Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html) 19759// in the AWS Organizations User Guide. 19760type MalformedPolicyDocumentException struct { 19761 _ struct{} `type:"structure"` 19762 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 19763 19764 Message_ *string `locationName:"Message" type:"string"` 19765} 19766 19767// String returns the string representation 19768func (s MalformedPolicyDocumentException) String() string { 19769 return awsutil.Prettify(s) 19770} 19771 19772// GoString returns the string representation 19773func (s MalformedPolicyDocumentException) GoString() string { 19774 return s.String() 19775} 19776 19777func newErrorMalformedPolicyDocumentException(v protocol.ResponseMetadata) error { 19778 return &MalformedPolicyDocumentException{ 19779 RespMetadata: v, 19780 } 19781} 19782 19783// Code returns the exception type name. 19784func (s *MalformedPolicyDocumentException) Code() string { 19785 return "MalformedPolicyDocumentException" 19786} 19787 19788// Message returns the exception's message. 19789func (s *MalformedPolicyDocumentException) Message() string { 19790 if s.Message_ != nil { 19791 return *s.Message_ 19792 } 19793 return "" 19794} 19795 19796// OrigErr always returns nil, satisfies awserr.Error interface. 19797func (s *MalformedPolicyDocumentException) OrigErr() error { 19798 return nil 19799} 19800 19801func (s *MalformedPolicyDocumentException) Error() string { 19802 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 19803} 19804 19805// Status code returns the HTTP status code for the request's response error. 19806func (s *MalformedPolicyDocumentException) StatusCode() int { 19807 return s.RespMetadata.StatusCode 19808} 19809 19810// RequestID returns the service's response RequestID for request. 19811func (s *MalformedPolicyDocumentException) RequestID() string { 19812 return s.RespMetadata.RequestID 19813} 19814 19815// You can't remove a master account from an organization. If you want the master 19816// account to become a member account in another organization, you must first 19817// delete the current organization of the master account. 19818type MasterCannotLeaveOrganizationException struct { 19819 _ struct{} `type:"structure"` 19820 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 19821 19822 Message_ *string `locationName:"Message" type:"string"` 19823} 19824 19825// String returns the string representation 19826func (s MasterCannotLeaveOrganizationException) String() string { 19827 return awsutil.Prettify(s) 19828} 19829 19830// GoString returns the string representation 19831func (s MasterCannotLeaveOrganizationException) GoString() string { 19832 return s.String() 19833} 19834 19835func newErrorMasterCannotLeaveOrganizationException(v protocol.ResponseMetadata) error { 19836 return &MasterCannotLeaveOrganizationException{ 19837 RespMetadata: v, 19838 } 19839} 19840 19841// Code returns the exception type name. 19842func (s *MasterCannotLeaveOrganizationException) Code() string { 19843 return "MasterCannotLeaveOrganizationException" 19844} 19845 19846// Message returns the exception's message. 19847func (s *MasterCannotLeaveOrganizationException) Message() string { 19848 if s.Message_ != nil { 19849 return *s.Message_ 19850 } 19851 return "" 19852} 19853 19854// OrigErr always returns nil, satisfies awserr.Error interface. 19855func (s *MasterCannotLeaveOrganizationException) OrigErr() error { 19856 return nil 19857} 19858 19859func (s *MasterCannotLeaveOrganizationException) Error() string { 19860 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 19861} 19862 19863// Status code returns the HTTP status code for the request's response error. 19864func (s *MasterCannotLeaveOrganizationException) StatusCode() int { 19865 return s.RespMetadata.StatusCode 19866} 19867 19868// RequestID returns the service's response RequestID for request. 19869func (s *MasterCannotLeaveOrganizationException) RequestID() string { 19870 return s.RespMetadata.RequestID 19871} 19872 19873type MoveAccountInput struct { 19874 _ struct{} `type:"structure"` 19875 19876 // The unique identifier (ID) of the account that you want to move. 19877 // 19878 // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string 19879 // requires exactly 12 digits. 19880 // 19881 // AccountId is a required field 19882 AccountId *string `type:"string" required:"true"` 19883 19884 // The unique identifier (ID) of the root or organizational unit that you want 19885 // to move the account to. 19886 // 19887 // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string 19888 // requires one of the following: 19889 // 19890 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 19891 // letters or digits. 19892 // 19893 // * Organizational unit (OU) - A string that begins with "ou-" followed 19894 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 19895 // OU is in). This string is followed by a second "-" dash and from 8 to 19896 // 32 additional lowercase letters or digits. 19897 // 19898 // DestinationParentId is a required field 19899 DestinationParentId *string `type:"string" required:"true"` 19900 19901 // The unique identifier (ID) of the root or organizational unit that you want 19902 // to move the account from. 19903 // 19904 // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string 19905 // requires one of the following: 19906 // 19907 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 19908 // letters or digits. 19909 // 19910 // * Organizational unit (OU) - A string that begins with "ou-" followed 19911 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 19912 // OU is in). This string is followed by a second "-" dash and from 8 to 19913 // 32 additional lowercase letters or digits. 19914 // 19915 // SourceParentId is a required field 19916 SourceParentId *string `type:"string" required:"true"` 19917} 19918 19919// String returns the string representation 19920func (s MoveAccountInput) String() string { 19921 return awsutil.Prettify(s) 19922} 19923 19924// GoString returns the string representation 19925func (s MoveAccountInput) GoString() string { 19926 return s.String() 19927} 19928 19929// Validate inspects the fields of the type to determine if they are valid. 19930func (s *MoveAccountInput) Validate() error { 19931 invalidParams := request.ErrInvalidParams{Context: "MoveAccountInput"} 19932 if s.AccountId == nil { 19933 invalidParams.Add(request.NewErrParamRequired("AccountId")) 19934 } 19935 if s.DestinationParentId == nil { 19936 invalidParams.Add(request.NewErrParamRequired("DestinationParentId")) 19937 } 19938 if s.SourceParentId == nil { 19939 invalidParams.Add(request.NewErrParamRequired("SourceParentId")) 19940 } 19941 19942 if invalidParams.Len() > 0 { 19943 return invalidParams 19944 } 19945 return nil 19946} 19947 19948// SetAccountId sets the AccountId field's value. 19949func (s *MoveAccountInput) SetAccountId(v string) *MoveAccountInput { 19950 s.AccountId = &v 19951 return s 19952} 19953 19954// SetDestinationParentId sets the DestinationParentId field's value. 19955func (s *MoveAccountInput) SetDestinationParentId(v string) *MoveAccountInput { 19956 s.DestinationParentId = &v 19957 return s 19958} 19959 19960// SetSourceParentId sets the SourceParentId field's value. 19961func (s *MoveAccountInput) SetSourceParentId(v string) *MoveAccountInput { 19962 s.SourceParentId = &v 19963 return s 19964} 19965 19966type MoveAccountOutput struct { 19967 _ struct{} `type:"structure"` 19968} 19969 19970// String returns the string representation 19971func (s MoveAccountOutput) String() string { 19972 return awsutil.Prettify(s) 19973} 19974 19975// GoString returns the string representation 19976func (s MoveAccountOutput) GoString() string { 19977 return s.String() 19978} 19979 19980// Contains details about an organization. An organization is a collection of 19981// accounts that are centrally managed together using consolidated billing, 19982// organized hierarchically with organizational units (OUs), and controlled 19983// with policies . 19984type Organization struct { 19985 _ struct{} `type:"structure"` 19986 19987 // The Amazon Resource Name (ARN) of an organization. 19988 // 19989 // For more information about ARNs in Organizations, see ARN Formats Supported 19990 // by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) 19991 // in the AWS Organizations User Guide. 19992 Arn *string `type:"string"` 19993 19994 // 19995 // Do not use. This field is deprecated and doesn't provide complete information 19996 // about the policies in your organization. 19997 // 19998 // To determine the policies that are enabled and available for use in your 19999 // organization, use the ListRoots operation instead. 20000 AvailablePolicyTypes []*PolicyTypeSummary `type:"list"` 20001 20002 // Specifies the functionality that currently is available to the organization. 20003 // If set to "ALL", then all features are enabled and policies can be applied 20004 // to accounts in the organization. If set to "CONSOLIDATED_BILLING", then only 20005 // consolidated billing functionality is available. For more information, see 20006 // Enabling All Features in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) 20007 // in the AWS Organizations User Guide. 20008 FeatureSet *string `type:"string" enum:"OrganizationFeatureSet"` 20009 20010 // The unique identifier (ID) of an organization. 20011 // 20012 // The regex pattern (http://wikipedia.org/wiki/regex) for an organization ID 20013 // string requires "o-" followed by from 10 to 32 lower-case letters or digits. 20014 Id *string `type:"string"` 20015 20016 // The Amazon Resource Name (ARN) of the account that is designated as the master 20017 // account for the organization. 20018 // 20019 // For more information about ARNs in Organizations, see ARN Formats Supported 20020 // by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) 20021 // in the AWS Organizations User Guide. 20022 MasterAccountArn *string `type:"string"` 20023 20024 // The email address that is associated with the AWS account that is designated 20025 // as the master account for the organization. 20026 MasterAccountEmail *string `min:"6" type:"string" sensitive:"true"` 20027 20028 // The unique identifier (ID) of the master account of an organization. 20029 // 20030 // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string 20031 // requires exactly 12 digits. 20032 MasterAccountId *string `type:"string"` 20033} 20034 20035// String returns the string representation 20036func (s Organization) String() string { 20037 return awsutil.Prettify(s) 20038} 20039 20040// GoString returns the string representation 20041func (s Organization) GoString() string { 20042 return s.String() 20043} 20044 20045// SetArn sets the Arn field's value. 20046func (s *Organization) SetArn(v string) *Organization { 20047 s.Arn = &v 20048 return s 20049} 20050 20051// SetAvailablePolicyTypes sets the AvailablePolicyTypes field's value. 20052func (s *Organization) SetAvailablePolicyTypes(v []*PolicyTypeSummary) *Organization { 20053 s.AvailablePolicyTypes = v 20054 return s 20055} 20056 20057// SetFeatureSet sets the FeatureSet field's value. 20058func (s *Organization) SetFeatureSet(v string) *Organization { 20059 s.FeatureSet = &v 20060 return s 20061} 20062 20063// SetId sets the Id field's value. 20064func (s *Organization) SetId(v string) *Organization { 20065 s.Id = &v 20066 return s 20067} 20068 20069// SetMasterAccountArn sets the MasterAccountArn field's value. 20070func (s *Organization) SetMasterAccountArn(v string) *Organization { 20071 s.MasterAccountArn = &v 20072 return s 20073} 20074 20075// SetMasterAccountEmail sets the MasterAccountEmail field's value. 20076func (s *Organization) SetMasterAccountEmail(v string) *Organization { 20077 s.MasterAccountEmail = &v 20078 return s 20079} 20080 20081// SetMasterAccountId sets the MasterAccountId field's value. 20082func (s *Organization) SetMasterAccountId(v string) *Organization { 20083 s.MasterAccountId = &v 20084 return s 20085} 20086 20087// The organization isn't empty. To delete an organization, you must first remove 20088// all accounts except the master account, delete all OUs, and delete all policies. 20089type OrganizationNotEmptyException struct { 20090 _ struct{} `type:"structure"` 20091 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 20092 20093 Message_ *string `locationName:"Message" type:"string"` 20094} 20095 20096// String returns the string representation 20097func (s OrganizationNotEmptyException) String() string { 20098 return awsutil.Prettify(s) 20099} 20100 20101// GoString returns the string representation 20102func (s OrganizationNotEmptyException) GoString() string { 20103 return s.String() 20104} 20105 20106func newErrorOrganizationNotEmptyException(v protocol.ResponseMetadata) error { 20107 return &OrganizationNotEmptyException{ 20108 RespMetadata: v, 20109 } 20110} 20111 20112// Code returns the exception type name. 20113func (s *OrganizationNotEmptyException) Code() string { 20114 return "OrganizationNotEmptyException" 20115} 20116 20117// Message returns the exception's message. 20118func (s *OrganizationNotEmptyException) Message() string { 20119 if s.Message_ != nil { 20120 return *s.Message_ 20121 } 20122 return "" 20123} 20124 20125// OrigErr always returns nil, satisfies awserr.Error interface. 20126func (s *OrganizationNotEmptyException) OrigErr() error { 20127 return nil 20128} 20129 20130func (s *OrganizationNotEmptyException) Error() string { 20131 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 20132} 20133 20134// Status code returns the HTTP status code for the request's response error. 20135func (s *OrganizationNotEmptyException) StatusCode() int { 20136 return s.RespMetadata.StatusCode 20137} 20138 20139// RequestID returns the service's response RequestID for request. 20140func (s *OrganizationNotEmptyException) RequestID() string { 20141 return s.RespMetadata.RequestID 20142} 20143 20144// Contains details about an organizational unit (OU). An OU is a container 20145// of AWS accounts within a root of an organization. Policies that are attached 20146// to an OU apply to all accounts contained in that OU and in any child OUs. 20147type OrganizationalUnit struct { 20148 _ struct{} `type:"structure"` 20149 20150 // The Amazon Resource Name (ARN) of this OU. 20151 // 20152 // For more information about ARNs in Organizations, see ARN Formats Supported 20153 // by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) 20154 // in the AWS Organizations User Guide. 20155 Arn *string `type:"string"` 20156 20157 // The unique identifier (ID) associated with this OU. 20158 // 20159 // The regex pattern (http://wikipedia.org/wiki/regex) for an organizational 20160 // unit ID string requires "ou-" followed by from 4 to 32 lower-case letters 20161 // or digits (the ID of the root that contains the OU). This string is followed 20162 // by a second "-" dash and from 8 to 32 additional lower-case letters or digits. 20163 Id *string `type:"string"` 20164 20165 // The friendly name of this OU. 20166 // 20167 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 20168 // this parameter is a string of any of the characters in the ASCII character 20169 // range. 20170 Name *string `min:"1" type:"string"` 20171} 20172 20173// String returns the string representation 20174func (s OrganizationalUnit) String() string { 20175 return awsutil.Prettify(s) 20176} 20177 20178// GoString returns the string representation 20179func (s OrganizationalUnit) GoString() string { 20180 return s.String() 20181} 20182 20183// SetArn sets the Arn field's value. 20184func (s *OrganizationalUnit) SetArn(v string) *OrganizationalUnit { 20185 s.Arn = &v 20186 return s 20187} 20188 20189// SetId sets the Id field's value. 20190func (s *OrganizationalUnit) SetId(v string) *OrganizationalUnit { 20191 s.Id = &v 20192 return s 20193} 20194 20195// SetName sets the Name field's value. 20196func (s *OrganizationalUnit) SetName(v string) *OrganizationalUnit { 20197 s.Name = &v 20198 return s 20199} 20200 20201// The specified OU is not empty. Move all accounts to another root or to other 20202// OUs, remove all child OUs, and try the operation again. 20203type OrganizationalUnitNotEmptyException struct { 20204 _ struct{} `type:"structure"` 20205 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 20206 20207 Message_ *string `locationName:"Message" type:"string"` 20208} 20209 20210// String returns the string representation 20211func (s OrganizationalUnitNotEmptyException) String() string { 20212 return awsutil.Prettify(s) 20213} 20214 20215// GoString returns the string representation 20216func (s OrganizationalUnitNotEmptyException) GoString() string { 20217 return s.String() 20218} 20219 20220func newErrorOrganizationalUnitNotEmptyException(v protocol.ResponseMetadata) error { 20221 return &OrganizationalUnitNotEmptyException{ 20222 RespMetadata: v, 20223 } 20224} 20225 20226// Code returns the exception type name. 20227func (s *OrganizationalUnitNotEmptyException) Code() string { 20228 return "OrganizationalUnitNotEmptyException" 20229} 20230 20231// Message returns the exception's message. 20232func (s *OrganizationalUnitNotEmptyException) Message() string { 20233 if s.Message_ != nil { 20234 return *s.Message_ 20235 } 20236 return "" 20237} 20238 20239// OrigErr always returns nil, satisfies awserr.Error interface. 20240func (s *OrganizationalUnitNotEmptyException) OrigErr() error { 20241 return nil 20242} 20243 20244func (s *OrganizationalUnitNotEmptyException) Error() string { 20245 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 20246} 20247 20248// Status code returns the HTTP status code for the request's response error. 20249func (s *OrganizationalUnitNotEmptyException) StatusCode() int { 20250 return s.RespMetadata.StatusCode 20251} 20252 20253// RequestID returns the service's response RequestID for request. 20254func (s *OrganizationalUnitNotEmptyException) RequestID() string { 20255 return s.RespMetadata.RequestID 20256} 20257 20258// We can't find an OU with the OrganizationalUnitId that you specified. 20259type OrganizationalUnitNotFoundException struct { 20260 _ struct{} `type:"structure"` 20261 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 20262 20263 Message_ *string `locationName:"Message" type:"string"` 20264} 20265 20266// String returns the string representation 20267func (s OrganizationalUnitNotFoundException) String() string { 20268 return awsutil.Prettify(s) 20269} 20270 20271// GoString returns the string representation 20272func (s OrganizationalUnitNotFoundException) GoString() string { 20273 return s.String() 20274} 20275 20276func newErrorOrganizationalUnitNotFoundException(v protocol.ResponseMetadata) error { 20277 return &OrganizationalUnitNotFoundException{ 20278 RespMetadata: v, 20279 } 20280} 20281 20282// Code returns the exception type name. 20283func (s *OrganizationalUnitNotFoundException) Code() string { 20284 return "OrganizationalUnitNotFoundException" 20285} 20286 20287// Message returns the exception's message. 20288func (s *OrganizationalUnitNotFoundException) Message() string { 20289 if s.Message_ != nil { 20290 return *s.Message_ 20291 } 20292 return "" 20293} 20294 20295// OrigErr always returns nil, satisfies awserr.Error interface. 20296func (s *OrganizationalUnitNotFoundException) OrigErr() error { 20297 return nil 20298} 20299 20300func (s *OrganizationalUnitNotFoundException) Error() string { 20301 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 20302} 20303 20304// Status code returns the HTTP status code for the request's response error. 20305func (s *OrganizationalUnitNotFoundException) StatusCode() int { 20306 return s.RespMetadata.StatusCode 20307} 20308 20309// RequestID returns the service's response RequestID for request. 20310func (s *OrganizationalUnitNotFoundException) RequestID() string { 20311 return s.RespMetadata.RequestID 20312} 20313 20314// Contains information about either a root or an organizational unit (OU) that 20315// can contain OUs or accounts in an organization. 20316type Parent struct { 20317 _ struct{} `type:"structure"` 20318 20319 // The unique identifier (ID) of the parent entity. 20320 // 20321 // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string 20322 // requires one of the following: 20323 // 20324 // * Root: A string that begins with "r-" followed by from 4 to 32 lower-case 20325 // letters or digits. 20326 // 20327 // * Organizational unit (OU): A string that begins with "ou-" followed by 20328 // from 4 to 32 lower-case letters or digits (the ID of the root that the 20329 // OU is in). This string is followed by a second "-" dash and from 8 to 20330 // 32 additional lower-case letters or digits. 20331 Id *string `type:"string"` 20332 20333 // The type of the parent entity. 20334 Type *string `type:"string" enum:"ParentType"` 20335} 20336 20337// String returns the string representation 20338func (s Parent) String() string { 20339 return awsutil.Prettify(s) 20340} 20341 20342// GoString returns the string representation 20343func (s Parent) GoString() string { 20344 return s.String() 20345} 20346 20347// SetId sets the Id field's value. 20348func (s *Parent) SetId(v string) *Parent { 20349 s.Id = &v 20350 return s 20351} 20352 20353// SetType sets the Type field's value. 20354func (s *Parent) SetType(v string) *Parent { 20355 s.Type = &v 20356 return s 20357} 20358 20359// We can't find a root or OU with the ParentId that you specified. 20360type ParentNotFoundException struct { 20361 _ struct{} `type:"structure"` 20362 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 20363 20364 Message_ *string `locationName:"Message" type:"string"` 20365} 20366 20367// String returns the string representation 20368func (s ParentNotFoundException) String() string { 20369 return awsutil.Prettify(s) 20370} 20371 20372// GoString returns the string representation 20373func (s ParentNotFoundException) GoString() string { 20374 return s.String() 20375} 20376 20377func newErrorParentNotFoundException(v protocol.ResponseMetadata) error { 20378 return &ParentNotFoundException{ 20379 RespMetadata: v, 20380 } 20381} 20382 20383// Code returns the exception type name. 20384func (s *ParentNotFoundException) Code() string { 20385 return "ParentNotFoundException" 20386} 20387 20388// Message returns the exception's message. 20389func (s *ParentNotFoundException) Message() string { 20390 if s.Message_ != nil { 20391 return *s.Message_ 20392 } 20393 return "" 20394} 20395 20396// OrigErr always returns nil, satisfies awserr.Error interface. 20397func (s *ParentNotFoundException) OrigErr() error { 20398 return nil 20399} 20400 20401func (s *ParentNotFoundException) Error() string { 20402 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 20403} 20404 20405// Status code returns the HTTP status code for the request's response error. 20406func (s *ParentNotFoundException) StatusCode() int { 20407 return s.RespMetadata.StatusCode 20408} 20409 20410// RequestID returns the service's response RequestID for request. 20411func (s *ParentNotFoundException) RequestID() string { 20412 return s.RespMetadata.RequestID 20413} 20414 20415// Contains rules to be applied to the affected accounts. Policies can be attached 20416// directly to accounts, or to roots and OUs to affect all accounts in those 20417// hierarchies. 20418type Policy struct { 20419 _ struct{} `type:"structure"` 20420 20421 // The text content of the policy. 20422 Content *string `min:"1" type:"string"` 20423 20424 // A structure that contains additional details about the policy. 20425 PolicySummary *PolicySummary `type:"structure"` 20426} 20427 20428// String returns the string representation 20429func (s Policy) String() string { 20430 return awsutil.Prettify(s) 20431} 20432 20433// GoString returns the string representation 20434func (s Policy) GoString() string { 20435 return s.String() 20436} 20437 20438// SetContent sets the Content field's value. 20439func (s *Policy) SetContent(v string) *Policy { 20440 s.Content = &v 20441 return s 20442} 20443 20444// SetPolicySummary sets the PolicySummary field's value. 20445func (s *Policy) SetPolicySummary(v *PolicySummary) *Policy { 20446 s.PolicySummary = v 20447 return s 20448} 20449 20450// Changes to the effective policy are in progress, and its contents can't be 20451// returned. Try the operation again later. 20452type PolicyChangesInProgressException struct { 20453 _ struct{} `type:"structure"` 20454 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 20455 20456 Message_ *string `locationName:"Message" type:"string"` 20457} 20458 20459// String returns the string representation 20460func (s PolicyChangesInProgressException) String() string { 20461 return awsutil.Prettify(s) 20462} 20463 20464// GoString returns the string representation 20465func (s PolicyChangesInProgressException) GoString() string { 20466 return s.String() 20467} 20468 20469func newErrorPolicyChangesInProgressException(v protocol.ResponseMetadata) error { 20470 return &PolicyChangesInProgressException{ 20471 RespMetadata: v, 20472 } 20473} 20474 20475// Code returns the exception type name. 20476func (s *PolicyChangesInProgressException) Code() string { 20477 return "PolicyChangesInProgressException" 20478} 20479 20480// Message returns the exception's message. 20481func (s *PolicyChangesInProgressException) Message() string { 20482 if s.Message_ != nil { 20483 return *s.Message_ 20484 } 20485 return "" 20486} 20487 20488// OrigErr always returns nil, satisfies awserr.Error interface. 20489func (s *PolicyChangesInProgressException) OrigErr() error { 20490 return nil 20491} 20492 20493func (s *PolicyChangesInProgressException) Error() string { 20494 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 20495} 20496 20497// Status code returns the HTTP status code for the request's response error. 20498func (s *PolicyChangesInProgressException) StatusCode() int { 20499 return s.RespMetadata.StatusCode 20500} 20501 20502// RequestID returns the service's response RequestID for request. 20503func (s *PolicyChangesInProgressException) RequestID() string { 20504 return s.RespMetadata.RequestID 20505} 20506 20507// The policy is attached to one or more entities. You must detach it from all 20508// roots, OUs, and accounts before performing this operation. 20509type PolicyInUseException struct { 20510 _ struct{} `type:"structure"` 20511 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 20512 20513 Message_ *string `locationName:"Message" type:"string"` 20514} 20515 20516// String returns the string representation 20517func (s PolicyInUseException) String() string { 20518 return awsutil.Prettify(s) 20519} 20520 20521// GoString returns the string representation 20522func (s PolicyInUseException) GoString() string { 20523 return s.String() 20524} 20525 20526func newErrorPolicyInUseException(v protocol.ResponseMetadata) error { 20527 return &PolicyInUseException{ 20528 RespMetadata: v, 20529 } 20530} 20531 20532// Code returns the exception type name. 20533func (s *PolicyInUseException) Code() string { 20534 return "PolicyInUseException" 20535} 20536 20537// Message returns the exception's message. 20538func (s *PolicyInUseException) Message() string { 20539 if s.Message_ != nil { 20540 return *s.Message_ 20541 } 20542 return "" 20543} 20544 20545// OrigErr always returns nil, satisfies awserr.Error interface. 20546func (s *PolicyInUseException) OrigErr() error { 20547 return nil 20548} 20549 20550func (s *PolicyInUseException) Error() string { 20551 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 20552} 20553 20554// Status code returns the HTTP status code for the request's response error. 20555func (s *PolicyInUseException) StatusCode() int { 20556 return s.RespMetadata.StatusCode 20557} 20558 20559// RequestID returns the service's response RequestID for request. 20560func (s *PolicyInUseException) RequestID() string { 20561 return s.RespMetadata.RequestID 20562} 20563 20564// The policy isn't attached to the specified target in the specified root. 20565type PolicyNotAttachedException struct { 20566 _ struct{} `type:"structure"` 20567 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 20568 20569 Message_ *string `locationName:"Message" type:"string"` 20570} 20571 20572// String returns the string representation 20573func (s PolicyNotAttachedException) String() string { 20574 return awsutil.Prettify(s) 20575} 20576 20577// GoString returns the string representation 20578func (s PolicyNotAttachedException) GoString() string { 20579 return s.String() 20580} 20581 20582func newErrorPolicyNotAttachedException(v protocol.ResponseMetadata) error { 20583 return &PolicyNotAttachedException{ 20584 RespMetadata: v, 20585 } 20586} 20587 20588// Code returns the exception type name. 20589func (s *PolicyNotAttachedException) Code() string { 20590 return "PolicyNotAttachedException" 20591} 20592 20593// Message returns the exception's message. 20594func (s *PolicyNotAttachedException) Message() string { 20595 if s.Message_ != nil { 20596 return *s.Message_ 20597 } 20598 return "" 20599} 20600 20601// OrigErr always returns nil, satisfies awserr.Error interface. 20602func (s *PolicyNotAttachedException) OrigErr() error { 20603 return nil 20604} 20605 20606func (s *PolicyNotAttachedException) Error() string { 20607 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 20608} 20609 20610// Status code returns the HTTP status code for the request's response error. 20611func (s *PolicyNotAttachedException) StatusCode() int { 20612 return s.RespMetadata.StatusCode 20613} 20614 20615// RequestID returns the service's response RequestID for request. 20616func (s *PolicyNotAttachedException) RequestID() string { 20617 return s.RespMetadata.RequestID 20618} 20619 20620// We can't find a policy with the PolicyId that you specified. 20621type PolicyNotFoundException struct { 20622 _ struct{} `type:"structure"` 20623 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 20624 20625 Message_ *string `locationName:"Message" type:"string"` 20626} 20627 20628// String returns the string representation 20629func (s PolicyNotFoundException) String() string { 20630 return awsutil.Prettify(s) 20631} 20632 20633// GoString returns the string representation 20634func (s PolicyNotFoundException) GoString() string { 20635 return s.String() 20636} 20637 20638func newErrorPolicyNotFoundException(v protocol.ResponseMetadata) error { 20639 return &PolicyNotFoundException{ 20640 RespMetadata: v, 20641 } 20642} 20643 20644// Code returns the exception type name. 20645func (s *PolicyNotFoundException) Code() string { 20646 return "PolicyNotFoundException" 20647} 20648 20649// Message returns the exception's message. 20650func (s *PolicyNotFoundException) Message() string { 20651 if s.Message_ != nil { 20652 return *s.Message_ 20653 } 20654 return "" 20655} 20656 20657// OrigErr always returns nil, satisfies awserr.Error interface. 20658func (s *PolicyNotFoundException) OrigErr() error { 20659 return nil 20660} 20661 20662func (s *PolicyNotFoundException) Error() string { 20663 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 20664} 20665 20666// Status code returns the HTTP status code for the request's response error. 20667func (s *PolicyNotFoundException) StatusCode() int { 20668 return s.RespMetadata.StatusCode 20669} 20670 20671// RequestID returns the service's response RequestID for request. 20672func (s *PolicyNotFoundException) RequestID() string { 20673 return s.RespMetadata.RequestID 20674} 20675 20676// Contains information about a policy, but does not include the content. To 20677// see the content of a policy, see DescribePolicy. 20678type PolicySummary struct { 20679 _ struct{} `type:"structure"` 20680 20681 // The Amazon Resource Name (ARN) of the policy. 20682 // 20683 // For more information about ARNs in Organizations, see ARN Formats Supported 20684 // by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) 20685 // in the AWS Organizations User Guide. 20686 Arn *string `type:"string"` 20687 20688 // A boolean value that indicates whether the specified policy is an AWS managed 20689 // policy. If true, then you can attach the policy to roots, OUs, or accounts, 20690 // but you cannot edit it. 20691 AwsManaged *bool `type:"boolean"` 20692 20693 // The description of the policy. 20694 Description *string `type:"string"` 20695 20696 // The unique identifier (ID) of the policy. 20697 // 20698 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 20699 // requires "p-" followed by from 8 to 128 lower-case letters or digits. 20700 Id *string `type:"string"` 20701 20702 // The friendly name of the policy. 20703 // 20704 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 20705 // this parameter is a string of any of the characters in the ASCII character 20706 // range. 20707 Name *string `min:"1" type:"string"` 20708 20709 // The type of policy. 20710 Type *string `type:"string" enum:"PolicyType"` 20711} 20712 20713// String returns the string representation 20714func (s PolicySummary) String() string { 20715 return awsutil.Prettify(s) 20716} 20717 20718// GoString returns the string representation 20719func (s PolicySummary) GoString() string { 20720 return s.String() 20721} 20722 20723// SetArn sets the Arn field's value. 20724func (s *PolicySummary) SetArn(v string) *PolicySummary { 20725 s.Arn = &v 20726 return s 20727} 20728 20729// SetAwsManaged sets the AwsManaged field's value. 20730func (s *PolicySummary) SetAwsManaged(v bool) *PolicySummary { 20731 s.AwsManaged = &v 20732 return s 20733} 20734 20735// SetDescription sets the Description field's value. 20736func (s *PolicySummary) SetDescription(v string) *PolicySummary { 20737 s.Description = &v 20738 return s 20739} 20740 20741// SetId sets the Id field's value. 20742func (s *PolicySummary) SetId(v string) *PolicySummary { 20743 s.Id = &v 20744 return s 20745} 20746 20747// SetName sets the Name field's value. 20748func (s *PolicySummary) SetName(v string) *PolicySummary { 20749 s.Name = &v 20750 return s 20751} 20752 20753// SetType sets the Type field's value. 20754func (s *PolicySummary) SetType(v string) *PolicySummary { 20755 s.Type = &v 20756 return s 20757} 20758 20759// Contains information about a root, OU, or account that a policy is attached 20760// to. 20761type PolicyTargetSummary struct { 20762 _ struct{} `type:"structure"` 20763 20764 // The Amazon Resource Name (ARN) of the policy target. 20765 // 20766 // For more information about ARNs in Organizations, see ARN Formats Supported 20767 // by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) 20768 // in the AWS Organizations User Guide. 20769 Arn *string `type:"string"` 20770 20771 // The friendly name of the policy target. 20772 // 20773 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 20774 // this parameter is a string of any of the characters in the ASCII character 20775 // range. 20776 Name *string `min:"1" type:"string"` 20777 20778 // The unique identifier (ID) of the policy target. 20779 // 20780 // The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string 20781 // requires one of the following: 20782 // 20783 // * Root: A string that begins with "r-" followed by from 4 to 32 lower-case 20784 // letters or digits. 20785 // 20786 // * Account: A string that consists of exactly 12 digits. 20787 // 20788 // * Organizational unit (OU): A string that begins with "ou-" followed by 20789 // from 4 to 32 lower-case letters or digits (the ID of the root that the 20790 // OU is in). This string is followed by a second "-" dash and from 8 to 20791 // 32 additional lower-case letters or digits. 20792 TargetId *string `type:"string"` 20793 20794 // The type of the policy target. 20795 Type *string `type:"string" enum:"TargetType"` 20796} 20797 20798// String returns the string representation 20799func (s PolicyTargetSummary) String() string { 20800 return awsutil.Prettify(s) 20801} 20802 20803// GoString returns the string representation 20804func (s PolicyTargetSummary) GoString() string { 20805 return s.String() 20806} 20807 20808// SetArn sets the Arn field's value. 20809func (s *PolicyTargetSummary) SetArn(v string) *PolicyTargetSummary { 20810 s.Arn = &v 20811 return s 20812} 20813 20814// SetName sets the Name field's value. 20815func (s *PolicyTargetSummary) SetName(v string) *PolicyTargetSummary { 20816 s.Name = &v 20817 return s 20818} 20819 20820// SetTargetId sets the TargetId field's value. 20821func (s *PolicyTargetSummary) SetTargetId(v string) *PolicyTargetSummary { 20822 s.TargetId = &v 20823 return s 20824} 20825 20826// SetType sets the Type field's value. 20827func (s *PolicyTargetSummary) SetType(v string) *PolicyTargetSummary { 20828 s.Type = &v 20829 return s 20830} 20831 20832// The specified policy type is already enabled in the specified root. 20833type PolicyTypeAlreadyEnabledException struct { 20834 _ struct{} `type:"structure"` 20835 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 20836 20837 Message_ *string `locationName:"Message" type:"string"` 20838} 20839 20840// String returns the string representation 20841func (s PolicyTypeAlreadyEnabledException) String() string { 20842 return awsutil.Prettify(s) 20843} 20844 20845// GoString returns the string representation 20846func (s PolicyTypeAlreadyEnabledException) GoString() string { 20847 return s.String() 20848} 20849 20850func newErrorPolicyTypeAlreadyEnabledException(v protocol.ResponseMetadata) error { 20851 return &PolicyTypeAlreadyEnabledException{ 20852 RespMetadata: v, 20853 } 20854} 20855 20856// Code returns the exception type name. 20857func (s *PolicyTypeAlreadyEnabledException) Code() string { 20858 return "PolicyTypeAlreadyEnabledException" 20859} 20860 20861// Message returns the exception's message. 20862func (s *PolicyTypeAlreadyEnabledException) Message() string { 20863 if s.Message_ != nil { 20864 return *s.Message_ 20865 } 20866 return "" 20867} 20868 20869// OrigErr always returns nil, satisfies awserr.Error interface. 20870func (s *PolicyTypeAlreadyEnabledException) OrigErr() error { 20871 return nil 20872} 20873 20874func (s *PolicyTypeAlreadyEnabledException) Error() string { 20875 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 20876} 20877 20878// Status code returns the HTTP status code for the request's response error. 20879func (s *PolicyTypeAlreadyEnabledException) StatusCode() int { 20880 return s.RespMetadata.StatusCode 20881} 20882 20883// RequestID returns the service's response RequestID for request. 20884func (s *PolicyTypeAlreadyEnabledException) RequestID() string { 20885 return s.RespMetadata.RequestID 20886} 20887 20888// You can't use the specified policy type with the feature set currently enabled 20889// for this organization. For example, you can enable SCPs only after you enable 20890// all features in the organization. For more information, see Managing AWS 20891// Organizations Policies (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root)in 20892// the AWS Organizations User Guide. 20893type PolicyTypeNotAvailableForOrganizationException struct { 20894 _ struct{} `type:"structure"` 20895 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 20896 20897 Message_ *string `locationName:"Message" type:"string"` 20898} 20899 20900// String returns the string representation 20901func (s PolicyTypeNotAvailableForOrganizationException) String() string { 20902 return awsutil.Prettify(s) 20903} 20904 20905// GoString returns the string representation 20906func (s PolicyTypeNotAvailableForOrganizationException) GoString() string { 20907 return s.String() 20908} 20909 20910func newErrorPolicyTypeNotAvailableForOrganizationException(v protocol.ResponseMetadata) error { 20911 return &PolicyTypeNotAvailableForOrganizationException{ 20912 RespMetadata: v, 20913 } 20914} 20915 20916// Code returns the exception type name. 20917func (s *PolicyTypeNotAvailableForOrganizationException) Code() string { 20918 return "PolicyTypeNotAvailableForOrganizationException" 20919} 20920 20921// Message returns the exception's message. 20922func (s *PolicyTypeNotAvailableForOrganizationException) Message() string { 20923 if s.Message_ != nil { 20924 return *s.Message_ 20925 } 20926 return "" 20927} 20928 20929// OrigErr always returns nil, satisfies awserr.Error interface. 20930func (s *PolicyTypeNotAvailableForOrganizationException) OrigErr() error { 20931 return nil 20932} 20933 20934func (s *PolicyTypeNotAvailableForOrganizationException) Error() string { 20935 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 20936} 20937 20938// Status code returns the HTTP status code for the request's response error. 20939func (s *PolicyTypeNotAvailableForOrganizationException) StatusCode() int { 20940 return s.RespMetadata.StatusCode 20941} 20942 20943// RequestID returns the service's response RequestID for request. 20944func (s *PolicyTypeNotAvailableForOrganizationException) RequestID() string { 20945 return s.RespMetadata.RequestID 20946} 20947 20948// The specified policy type isn't currently enabled in this root. You can't 20949// attach policies of the specified type to entities in a root until you enable 20950// that type in the root. For more information, see Enabling All Features in 20951// Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) 20952// in the AWS Organizations User Guide. 20953type PolicyTypeNotEnabledException struct { 20954 _ struct{} `type:"structure"` 20955 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 20956 20957 Message_ *string `locationName:"Message" type:"string"` 20958} 20959 20960// String returns the string representation 20961func (s PolicyTypeNotEnabledException) String() string { 20962 return awsutil.Prettify(s) 20963} 20964 20965// GoString returns the string representation 20966func (s PolicyTypeNotEnabledException) GoString() string { 20967 return s.String() 20968} 20969 20970func newErrorPolicyTypeNotEnabledException(v protocol.ResponseMetadata) error { 20971 return &PolicyTypeNotEnabledException{ 20972 RespMetadata: v, 20973 } 20974} 20975 20976// Code returns the exception type name. 20977func (s *PolicyTypeNotEnabledException) Code() string { 20978 return "PolicyTypeNotEnabledException" 20979} 20980 20981// Message returns the exception's message. 20982func (s *PolicyTypeNotEnabledException) Message() string { 20983 if s.Message_ != nil { 20984 return *s.Message_ 20985 } 20986 return "" 20987} 20988 20989// OrigErr always returns nil, satisfies awserr.Error interface. 20990func (s *PolicyTypeNotEnabledException) OrigErr() error { 20991 return nil 20992} 20993 20994func (s *PolicyTypeNotEnabledException) Error() string { 20995 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 20996} 20997 20998// Status code returns the HTTP status code for the request's response error. 20999func (s *PolicyTypeNotEnabledException) StatusCode() int { 21000 return s.RespMetadata.StatusCode 21001} 21002 21003// RequestID returns the service's response RequestID for request. 21004func (s *PolicyTypeNotEnabledException) RequestID() string { 21005 return s.RespMetadata.RequestID 21006} 21007 21008// Contains information about a policy type and its status in the associated 21009// root. 21010type PolicyTypeSummary struct { 21011 _ struct{} `type:"structure"` 21012 21013 // The status of the policy type as it relates to the associated root. To attach 21014 // a policy of the specified type to a root or to an OU or account in that root, 21015 // it must be available in the organization and enabled for that root. 21016 Status *string `type:"string" enum:"PolicyTypeStatus"` 21017 21018 // The name of the policy type. 21019 Type *string `type:"string" enum:"PolicyType"` 21020} 21021 21022// String returns the string representation 21023func (s PolicyTypeSummary) String() string { 21024 return awsutil.Prettify(s) 21025} 21026 21027// GoString returns the string representation 21028func (s PolicyTypeSummary) GoString() string { 21029 return s.String() 21030} 21031 21032// SetStatus sets the Status field's value. 21033func (s *PolicyTypeSummary) SetStatus(v string) *PolicyTypeSummary { 21034 s.Status = &v 21035 return s 21036} 21037 21038// SetType sets the Type field's value. 21039func (s *PolicyTypeSummary) SetType(v string) *PolicyTypeSummary { 21040 s.Type = &v 21041 return s 21042} 21043 21044type RegisterDelegatedAdministratorInput struct { 21045 _ struct{} `type:"structure"` 21046 21047 // The account ID number of the member account in the organization to register 21048 // as a delegated administrator. 21049 // 21050 // AccountId is a required field 21051 AccountId *string `type:"string" required:"true"` 21052 21053 // The service principal of the AWS service for which you want to make the member 21054 // account a delegated administrator. 21055 // 21056 // ServicePrincipal is a required field 21057 ServicePrincipal *string `min:"1" type:"string" required:"true"` 21058} 21059 21060// String returns the string representation 21061func (s RegisterDelegatedAdministratorInput) String() string { 21062 return awsutil.Prettify(s) 21063} 21064 21065// GoString returns the string representation 21066func (s RegisterDelegatedAdministratorInput) GoString() string { 21067 return s.String() 21068} 21069 21070// Validate inspects the fields of the type to determine if they are valid. 21071func (s *RegisterDelegatedAdministratorInput) Validate() error { 21072 invalidParams := request.ErrInvalidParams{Context: "RegisterDelegatedAdministratorInput"} 21073 if s.AccountId == nil { 21074 invalidParams.Add(request.NewErrParamRequired("AccountId")) 21075 } 21076 if s.ServicePrincipal == nil { 21077 invalidParams.Add(request.NewErrParamRequired("ServicePrincipal")) 21078 } 21079 if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 { 21080 invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1)) 21081 } 21082 21083 if invalidParams.Len() > 0 { 21084 return invalidParams 21085 } 21086 return nil 21087} 21088 21089// SetAccountId sets the AccountId field's value. 21090func (s *RegisterDelegatedAdministratorInput) SetAccountId(v string) *RegisterDelegatedAdministratorInput { 21091 s.AccountId = &v 21092 return s 21093} 21094 21095// SetServicePrincipal sets the ServicePrincipal field's value. 21096func (s *RegisterDelegatedAdministratorInput) SetServicePrincipal(v string) *RegisterDelegatedAdministratorInput { 21097 s.ServicePrincipal = &v 21098 return s 21099} 21100 21101type RegisterDelegatedAdministratorOutput struct { 21102 _ struct{} `type:"structure"` 21103} 21104 21105// String returns the string representation 21106func (s RegisterDelegatedAdministratorOutput) String() string { 21107 return awsutil.Prettify(s) 21108} 21109 21110// GoString returns the string representation 21111func (s RegisterDelegatedAdministratorOutput) GoString() string { 21112 return s.String() 21113} 21114 21115type RemoveAccountFromOrganizationInput struct { 21116 _ struct{} `type:"structure"` 21117 21118 // The unique identifier (ID) of the member account that you want to remove 21119 // from the organization. 21120 // 21121 // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string 21122 // requires exactly 12 digits. 21123 // 21124 // AccountId is a required field 21125 AccountId *string `type:"string" required:"true"` 21126} 21127 21128// String returns the string representation 21129func (s RemoveAccountFromOrganizationInput) String() string { 21130 return awsutil.Prettify(s) 21131} 21132 21133// GoString returns the string representation 21134func (s RemoveAccountFromOrganizationInput) GoString() string { 21135 return s.String() 21136} 21137 21138// Validate inspects the fields of the type to determine if they are valid. 21139func (s *RemoveAccountFromOrganizationInput) Validate() error { 21140 invalidParams := request.ErrInvalidParams{Context: "RemoveAccountFromOrganizationInput"} 21141 if s.AccountId == nil { 21142 invalidParams.Add(request.NewErrParamRequired("AccountId")) 21143 } 21144 21145 if invalidParams.Len() > 0 { 21146 return invalidParams 21147 } 21148 return nil 21149} 21150 21151// SetAccountId sets the AccountId field's value. 21152func (s *RemoveAccountFromOrganizationInput) SetAccountId(v string) *RemoveAccountFromOrganizationInput { 21153 s.AccountId = &v 21154 return s 21155} 21156 21157type RemoveAccountFromOrganizationOutput struct { 21158 _ struct{} `type:"structure"` 21159} 21160 21161// String returns the string representation 21162func (s RemoveAccountFromOrganizationOutput) String() string { 21163 return awsutil.Prettify(s) 21164} 21165 21166// GoString returns the string representation 21167func (s RemoveAccountFromOrganizationOutput) GoString() string { 21168 return s.String() 21169} 21170 21171// Contains details about a root. A root is a top-level parent node in the hierarchy 21172// of an organization that can contain organizational units (OUs) and accounts. 21173// Every root contains every AWS account in the organization. Each root enables 21174// the accounts to be organized in a different way and to have different policy 21175// types enabled for use in that root. 21176type Root struct { 21177 _ struct{} `type:"structure"` 21178 21179 // The Amazon Resource Name (ARN) of the root. 21180 // 21181 // For more information about ARNs in Organizations, see ARN Formats Supported 21182 // by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) 21183 // in the AWS Organizations User Guide. 21184 Arn *string `type:"string"` 21185 21186 // The unique identifier (ID) for the root. 21187 // 21188 // The regex pattern (http://wikipedia.org/wiki/regex) for a root ID string 21189 // requires "r-" followed by from 4 to 32 lower-case letters or digits. 21190 Id *string `type:"string"` 21191 21192 // The friendly name of the root. 21193 // 21194 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 21195 // this parameter is a string of any of the characters in the ASCII character 21196 // range. 21197 Name *string `min:"1" type:"string"` 21198 21199 // The types of policies that are currently enabled for the root and therefore 21200 // can be attached to the root or to its OUs or accounts. 21201 // 21202 // Even if a policy type is shown as available in the organization, you can 21203 // separately enable and disable them at the root level by using EnablePolicyType 21204 // and DisablePolicyType. Use DescribeOrganization to see the availability of 21205 // the policy types in that organization. 21206 PolicyTypes []*PolicyTypeSummary `type:"list"` 21207} 21208 21209// String returns the string representation 21210func (s Root) String() string { 21211 return awsutil.Prettify(s) 21212} 21213 21214// GoString returns the string representation 21215func (s Root) GoString() string { 21216 return s.String() 21217} 21218 21219// SetArn sets the Arn field's value. 21220func (s *Root) SetArn(v string) *Root { 21221 s.Arn = &v 21222 return s 21223} 21224 21225// SetId sets the Id field's value. 21226func (s *Root) SetId(v string) *Root { 21227 s.Id = &v 21228 return s 21229} 21230 21231// SetName sets the Name field's value. 21232func (s *Root) SetName(v string) *Root { 21233 s.Name = &v 21234 return s 21235} 21236 21237// SetPolicyTypes sets the PolicyTypes field's value. 21238func (s *Root) SetPolicyTypes(v []*PolicyTypeSummary) *Root { 21239 s.PolicyTypes = v 21240 return s 21241} 21242 21243// We can't find a root with the RootId that you specified. 21244type RootNotFoundException struct { 21245 _ struct{} `type:"structure"` 21246 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 21247 21248 Message_ *string `locationName:"Message" type:"string"` 21249} 21250 21251// String returns the string representation 21252func (s RootNotFoundException) String() string { 21253 return awsutil.Prettify(s) 21254} 21255 21256// GoString returns the string representation 21257func (s RootNotFoundException) GoString() string { 21258 return s.String() 21259} 21260 21261func newErrorRootNotFoundException(v protocol.ResponseMetadata) error { 21262 return &RootNotFoundException{ 21263 RespMetadata: v, 21264 } 21265} 21266 21267// Code returns the exception type name. 21268func (s *RootNotFoundException) Code() string { 21269 return "RootNotFoundException" 21270} 21271 21272// Message returns the exception's message. 21273func (s *RootNotFoundException) Message() string { 21274 if s.Message_ != nil { 21275 return *s.Message_ 21276 } 21277 return "" 21278} 21279 21280// OrigErr always returns nil, satisfies awserr.Error interface. 21281func (s *RootNotFoundException) OrigErr() error { 21282 return nil 21283} 21284 21285func (s *RootNotFoundException) Error() string { 21286 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 21287} 21288 21289// Status code returns the HTTP status code for the request's response error. 21290func (s *RootNotFoundException) StatusCode() int { 21291 return s.RespMetadata.StatusCode 21292} 21293 21294// RequestID returns the service's response RequestID for request. 21295func (s *RootNotFoundException) RequestID() string { 21296 return s.RespMetadata.RequestID 21297} 21298 21299// AWS Organizations can't complete your request because of an internal service 21300// error. Try again later. 21301type ServiceException struct { 21302 _ struct{} `type:"structure"` 21303 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 21304 21305 Message_ *string `locationName:"Message" type:"string"` 21306} 21307 21308// String returns the string representation 21309func (s ServiceException) String() string { 21310 return awsutil.Prettify(s) 21311} 21312 21313// GoString returns the string representation 21314func (s ServiceException) GoString() string { 21315 return s.String() 21316} 21317 21318func newErrorServiceException(v protocol.ResponseMetadata) error { 21319 return &ServiceException{ 21320 RespMetadata: v, 21321 } 21322} 21323 21324// Code returns the exception type name. 21325func (s *ServiceException) Code() string { 21326 return "ServiceException" 21327} 21328 21329// Message returns the exception's message. 21330func (s *ServiceException) Message() string { 21331 if s.Message_ != nil { 21332 return *s.Message_ 21333 } 21334 return "" 21335} 21336 21337// OrigErr always returns nil, satisfies awserr.Error interface. 21338func (s *ServiceException) OrigErr() error { 21339 return nil 21340} 21341 21342func (s *ServiceException) Error() string { 21343 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 21344} 21345 21346// Status code returns the HTTP status code for the request's response error. 21347func (s *ServiceException) StatusCode() int { 21348 return s.RespMetadata.StatusCode 21349} 21350 21351// RequestID returns the service's response RequestID for request. 21352func (s *ServiceException) RequestID() string { 21353 return s.RespMetadata.RequestID 21354} 21355 21356// We can't find a source root or OU with the ParentId that you specified. 21357type SourceParentNotFoundException struct { 21358 _ struct{} `type:"structure"` 21359 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 21360 21361 Message_ *string `locationName:"Message" type:"string"` 21362} 21363 21364// String returns the string representation 21365func (s SourceParentNotFoundException) String() string { 21366 return awsutil.Prettify(s) 21367} 21368 21369// GoString returns the string representation 21370func (s SourceParentNotFoundException) GoString() string { 21371 return s.String() 21372} 21373 21374func newErrorSourceParentNotFoundException(v protocol.ResponseMetadata) error { 21375 return &SourceParentNotFoundException{ 21376 RespMetadata: v, 21377 } 21378} 21379 21380// Code returns the exception type name. 21381func (s *SourceParentNotFoundException) Code() string { 21382 return "SourceParentNotFoundException" 21383} 21384 21385// Message returns the exception's message. 21386func (s *SourceParentNotFoundException) Message() string { 21387 if s.Message_ != nil { 21388 return *s.Message_ 21389 } 21390 return "" 21391} 21392 21393// OrigErr always returns nil, satisfies awserr.Error interface. 21394func (s *SourceParentNotFoundException) OrigErr() error { 21395 return nil 21396} 21397 21398func (s *SourceParentNotFoundException) Error() string { 21399 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 21400} 21401 21402// Status code returns the HTTP status code for the request's response error. 21403func (s *SourceParentNotFoundException) StatusCode() int { 21404 return s.RespMetadata.StatusCode 21405} 21406 21407// RequestID returns the service's response RequestID for request. 21408func (s *SourceParentNotFoundException) RequestID() string { 21409 return s.RespMetadata.RequestID 21410} 21411 21412// A custom key-value pair associated with a resource such as an account within 21413// your organization. 21414type Tag struct { 21415 _ struct{} `type:"structure"` 21416 21417 // The key identifier, or name, of the tag. 21418 // 21419 // Key is a required field 21420 Key *string `min:"1" type:"string" required:"true"` 21421 21422 // The string value that's associated with the key of the tag. You can set the 21423 // value of a tag to an empty string, but you can't set the value of a tag to 21424 // null. 21425 // 21426 // Value is a required field 21427 Value *string `type:"string" required:"true"` 21428} 21429 21430// String returns the string representation 21431func (s Tag) String() string { 21432 return awsutil.Prettify(s) 21433} 21434 21435// GoString returns the string representation 21436func (s Tag) GoString() string { 21437 return s.String() 21438} 21439 21440// Validate inspects the fields of the type to determine if they are valid. 21441func (s *Tag) Validate() error { 21442 invalidParams := request.ErrInvalidParams{Context: "Tag"} 21443 if s.Key == nil { 21444 invalidParams.Add(request.NewErrParamRequired("Key")) 21445 } 21446 if s.Key != nil && len(*s.Key) < 1 { 21447 invalidParams.Add(request.NewErrParamMinLen("Key", 1)) 21448 } 21449 if s.Value == nil { 21450 invalidParams.Add(request.NewErrParamRequired("Value")) 21451 } 21452 21453 if invalidParams.Len() > 0 { 21454 return invalidParams 21455 } 21456 return nil 21457} 21458 21459// SetKey sets the Key field's value. 21460func (s *Tag) SetKey(v string) *Tag { 21461 s.Key = &v 21462 return s 21463} 21464 21465// SetValue sets the Value field's value. 21466func (s *Tag) SetValue(v string) *Tag { 21467 s.Value = &v 21468 return s 21469} 21470 21471type TagResourceInput struct { 21472 _ struct{} `type:"structure"` 21473 21474 // The ID of the resource to add a tag to. 21475 // 21476 // ResourceId is a required field 21477 ResourceId *string `type:"string" required:"true"` 21478 21479 // The tag to add to the specified resource. You must specify both a tag key 21480 // and value. You can set the value of a tag to an empty string, but you can't 21481 // set it to null. 21482 // 21483 // Tags is a required field 21484 Tags []*Tag `type:"list" required:"true"` 21485} 21486 21487// String returns the string representation 21488func (s TagResourceInput) String() string { 21489 return awsutil.Prettify(s) 21490} 21491 21492// GoString returns the string representation 21493func (s TagResourceInput) GoString() string { 21494 return s.String() 21495} 21496 21497// Validate inspects the fields of the type to determine if they are valid. 21498func (s *TagResourceInput) Validate() error { 21499 invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"} 21500 if s.ResourceId == nil { 21501 invalidParams.Add(request.NewErrParamRequired("ResourceId")) 21502 } 21503 if s.Tags == nil { 21504 invalidParams.Add(request.NewErrParamRequired("Tags")) 21505 } 21506 if s.Tags != nil { 21507 for i, v := range s.Tags { 21508 if v == nil { 21509 continue 21510 } 21511 if err := v.Validate(); err != nil { 21512 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 21513 } 21514 } 21515 } 21516 21517 if invalidParams.Len() > 0 { 21518 return invalidParams 21519 } 21520 return nil 21521} 21522 21523// SetResourceId sets the ResourceId field's value. 21524func (s *TagResourceInput) SetResourceId(v string) *TagResourceInput { 21525 s.ResourceId = &v 21526 return s 21527} 21528 21529// SetTags sets the Tags field's value. 21530func (s *TagResourceInput) SetTags(v []*Tag) *TagResourceInput { 21531 s.Tags = v 21532 return s 21533} 21534 21535type TagResourceOutput struct { 21536 _ struct{} `type:"structure"` 21537} 21538 21539// String returns the string representation 21540func (s TagResourceOutput) String() string { 21541 return awsutil.Prettify(s) 21542} 21543 21544// GoString returns the string representation 21545func (s TagResourceOutput) GoString() string { 21546 return s.String() 21547} 21548 21549// We can't find a root, OU, or account with the TargetId that you specified. 21550type TargetNotFoundException struct { 21551 _ struct{} `type:"structure"` 21552 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 21553 21554 Message_ *string `locationName:"Message" type:"string"` 21555} 21556 21557// String returns the string representation 21558func (s TargetNotFoundException) String() string { 21559 return awsutil.Prettify(s) 21560} 21561 21562// GoString returns the string representation 21563func (s TargetNotFoundException) GoString() string { 21564 return s.String() 21565} 21566 21567func newErrorTargetNotFoundException(v protocol.ResponseMetadata) error { 21568 return &TargetNotFoundException{ 21569 RespMetadata: v, 21570 } 21571} 21572 21573// Code returns the exception type name. 21574func (s *TargetNotFoundException) Code() string { 21575 return "TargetNotFoundException" 21576} 21577 21578// Message returns the exception's message. 21579func (s *TargetNotFoundException) Message() string { 21580 if s.Message_ != nil { 21581 return *s.Message_ 21582 } 21583 return "" 21584} 21585 21586// OrigErr always returns nil, satisfies awserr.Error interface. 21587func (s *TargetNotFoundException) OrigErr() error { 21588 return nil 21589} 21590 21591func (s *TargetNotFoundException) Error() string { 21592 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 21593} 21594 21595// Status code returns the HTTP status code for the request's response error. 21596func (s *TargetNotFoundException) StatusCode() int { 21597 return s.RespMetadata.StatusCode 21598} 21599 21600// RequestID returns the service's response RequestID for request. 21601func (s *TargetNotFoundException) RequestID() string { 21602 return s.RespMetadata.RequestID 21603} 21604 21605// You have sent too many requests in too short a period of time. The quota 21606// helps protect against denial-of-service attacks. Try again later. 21607// 21608// For information about quotas that affect AWS Organizations, see Quotas for 21609// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 21610// the AWS Organizations User Guide. 21611type TooManyRequestsException struct { 21612 _ struct{} `type:"structure"` 21613 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 21614 21615 Message_ *string `locationName:"Message" type:"string"` 21616 21617 Type *string `type:"string"` 21618} 21619 21620// String returns the string representation 21621func (s TooManyRequestsException) String() string { 21622 return awsutil.Prettify(s) 21623} 21624 21625// GoString returns the string representation 21626func (s TooManyRequestsException) GoString() string { 21627 return s.String() 21628} 21629 21630func newErrorTooManyRequestsException(v protocol.ResponseMetadata) error { 21631 return &TooManyRequestsException{ 21632 RespMetadata: v, 21633 } 21634} 21635 21636// Code returns the exception type name. 21637func (s *TooManyRequestsException) Code() string { 21638 return "TooManyRequestsException" 21639} 21640 21641// Message returns the exception's message. 21642func (s *TooManyRequestsException) Message() string { 21643 if s.Message_ != nil { 21644 return *s.Message_ 21645 } 21646 return "" 21647} 21648 21649// OrigErr always returns nil, satisfies awserr.Error interface. 21650func (s *TooManyRequestsException) OrigErr() error { 21651 return nil 21652} 21653 21654func (s *TooManyRequestsException) Error() string { 21655 return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) 21656} 21657 21658// Status code returns the HTTP status code for the request's response error. 21659func (s *TooManyRequestsException) StatusCode() int { 21660 return s.RespMetadata.StatusCode 21661} 21662 21663// RequestID returns the service's response RequestID for request. 21664func (s *TooManyRequestsException) RequestID() string { 21665 return s.RespMetadata.RequestID 21666} 21667 21668// This action isn't available in the current AWS Region. 21669type UnsupportedAPIEndpointException struct { 21670 _ struct{} `type:"structure"` 21671 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 21672 21673 Message_ *string `locationName:"Message" type:"string"` 21674} 21675 21676// String returns the string representation 21677func (s UnsupportedAPIEndpointException) String() string { 21678 return awsutil.Prettify(s) 21679} 21680 21681// GoString returns the string representation 21682func (s UnsupportedAPIEndpointException) GoString() string { 21683 return s.String() 21684} 21685 21686func newErrorUnsupportedAPIEndpointException(v protocol.ResponseMetadata) error { 21687 return &UnsupportedAPIEndpointException{ 21688 RespMetadata: v, 21689 } 21690} 21691 21692// Code returns the exception type name. 21693func (s *UnsupportedAPIEndpointException) Code() string { 21694 return "UnsupportedAPIEndpointException" 21695} 21696 21697// Message returns the exception's message. 21698func (s *UnsupportedAPIEndpointException) Message() string { 21699 if s.Message_ != nil { 21700 return *s.Message_ 21701 } 21702 return "" 21703} 21704 21705// OrigErr always returns nil, satisfies awserr.Error interface. 21706func (s *UnsupportedAPIEndpointException) OrigErr() error { 21707 return nil 21708} 21709 21710func (s *UnsupportedAPIEndpointException) Error() string { 21711 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 21712} 21713 21714// Status code returns the HTTP status code for the request's response error. 21715func (s *UnsupportedAPIEndpointException) StatusCode() int { 21716 return s.RespMetadata.StatusCode 21717} 21718 21719// RequestID returns the service's response RequestID for request. 21720func (s *UnsupportedAPIEndpointException) RequestID() string { 21721 return s.RespMetadata.RequestID 21722} 21723 21724type UntagResourceInput struct { 21725 _ struct{} `type:"structure"` 21726 21727 // The ID of the resource to remove the tag from. 21728 // 21729 // ResourceId is a required field 21730 ResourceId *string `type:"string" required:"true"` 21731 21732 // The tag to remove from the specified resource. 21733 // 21734 // TagKeys is a required field 21735 TagKeys []*string `type:"list" required:"true"` 21736} 21737 21738// String returns the string representation 21739func (s UntagResourceInput) String() string { 21740 return awsutil.Prettify(s) 21741} 21742 21743// GoString returns the string representation 21744func (s UntagResourceInput) GoString() string { 21745 return s.String() 21746} 21747 21748// Validate inspects the fields of the type to determine if they are valid. 21749func (s *UntagResourceInput) Validate() error { 21750 invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"} 21751 if s.ResourceId == nil { 21752 invalidParams.Add(request.NewErrParamRequired("ResourceId")) 21753 } 21754 if s.TagKeys == nil { 21755 invalidParams.Add(request.NewErrParamRequired("TagKeys")) 21756 } 21757 21758 if invalidParams.Len() > 0 { 21759 return invalidParams 21760 } 21761 return nil 21762} 21763 21764// SetResourceId sets the ResourceId field's value. 21765func (s *UntagResourceInput) SetResourceId(v string) *UntagResourceInput { 21766 s.ResourceId = &v 21767 return s 21768} 21769 21770// SetTagKeys sets the TagKeys field's value. 21771func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput { 21772 s.TagKeys = v 21773 return s 21774} 21775 21776type UntagResourceOutput struct { 21777 _ struct{} `type:"structure"` 21778} 21779 21780// String returns the string representation 21781func (s UntagResourceOutput) String() string { 21782 return awsutil.Prettify(s) 21783} 21784 21785// GoString returns the string representation 21786func (s UntagResourceOutput) GoString() string { 21787 return s.String() 21788} 21789 21790type UpdateOrganizationalUnitInput struct { 21791 _ struct{} `type:"structure"` 21792 21793 // The new name that you want to assign to the OU. 21794 // 21795 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 21796 // this parameter is a string of any of the characters in the ASCII character 21797 // range. 21798 Name *string `min:"1" type:"string"` 21799 21800 // The unique identifier (ID) of the OU that you want to rename. You can get 21801 // the ID from the ListOrganizationalUnitsForParent operation. 21802 // 21803 // The regex pattern (http://wikipedia.org/wiki/regex) for an organizational 21804 // unit ID string requires "ou-" followed by from 4 to 32 lowercase letters 21805 // or digits (the ID of the root that contains the OU). This string is followed 21806 // by a second "-" dash and from 8 to 32 additional lowercase letters or digits. 21807 // 21808 // OrganizationalUnitId is a required field 21809 OrganizationalUnitId *string `type:"string" required:"true"` 21810} 21811 21812// String returns the string representation 21813func (s UpdateOrganizationalUnitInput) String() string { 21814 return awsutil.Prettify(s) 21815} 21816 21817// GoString returns the string representation 21818func (s UpdateOrganizationalUnitInput) GoString() string { 21819 return s.String() 21820} 21821 21822// Validate inspects the fields of the type to determine if they are valid. 21823func (s *UpdateOrganizationalUnitInput) Validate() error { 21824 invalidParams := request.ErrInvalidParams{Context: "UpdateOrganizationalUnitInput"} 21825 if s.Name != nil && len(*s.Name) < 1 { 21826 invalidParams.Add(request.NewErrParamMinLen("Name", 1)) 21827 } 21828 if s.OrganizationalUnitId == nil { 21829 invalidParams.Add(request.NewErrParamRequired("OrganizationalUnitId")) 21830 } 21831 21832 if invalidParams.Len() > 0 { 21833 return invalidParams 21834 } 21835 return nil 21836} 21837 21838// SetName sets the Name field's value. 21839func (s *UpdateOrganizationalUnitInput) SetName(v string) *UpdateOrganizationalUnitInput { 21840 s.Name = &v 21841 return s 21842} 21843 21844// SetOrganizationalUnitId sets the OrganizationalUnitId field's value. 21845func (s *UpdateOrganizationalUnitInput) SetOrganizationalUnitId(v string) *UpdateOrganizationalUnitInput { 21846 s.OrganizationalUnitId = &v 21847 return s 21848} 21849 21850type UpdateOrganizationalUnitOutput struct { 21851 _ struct{} `type:"structure"` 21852 21853 // A structure that contains the details about the specified OU, including its 21854 // new name. 21855 OrganizationalUnit *OrganizationalUnit `type:"structure"` 21856} 21857 21858// String returns the string representation 21859func (s UpdateOrganizationalUnitOutput) String() string { 21860 return awsutil.Prettify(s) 21861} 21862 21863// GoString returns the string representation 21864func (s UpdateOrganizationalUnitOutput) GoString() string { 21865 return s.String() 21866} 21867 21868// SetOrganizationalUnit sets the OrganizationalUnit field's value. 21869func (s *UpdateOrganizationalUnitOutput) SetOrganizationalUnit(v *OrganizationalUnit) *UpdateOrganizationalUnitOutput { 21870 s.OrganizationalUnit = v 21871 return s 21872} 21873 21874type UpdatePolicyInput struct { 21875 _ struct{} `type:"structure"` 21876 21877 // If provided, the new content for the policy. The text must be correctly formatted 21878 // JSON that complies with the syntax for the policy's type. For more information, 21879 // see Service Control Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html) 21880 // in the AWS Organizations User Guide. 21881 Content *string `min:"1" type:"string"` 21882 21883 // If provided, the new description for the policy. 21884 Description *string `type:"string"` 21885 21886 // If provided, the new name for the policy. 21887 // 21888 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 21889 // this parameter is a string of any of the characters in the ASCII character 21890 // range. 21891 Name *string `min:"1" type:"string"` 21892 21893 // The unique identifier (ID) of the policy that you want to update. 21894 // 21895 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 21896 // requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits, 21897 // or the underscore character (_). 21898 // 21899 // PolicyId is a required field 21900 PolicyId *string `type:"string" required:"true"` 21901} 21902 21903// String returns the string representation 21904func (s UpdatePolicyInput) String() string { 21905 return awsutil.Prettify(s) 21906} 21907 21908// GoString returns the string representation 21909func (s UpdatePolicyInput) GoString() string { 21910 return s.String() 21911} 21912 21913// Validate inspects the fields of the type to determine if they are valid. 21914func (s *UpdatePolicyInput) Validate() error { 21915 invalidParams := request.ErrInvalidParams{Context: "UpdatePolicyInput"} 21916 if s.Content != nil && len(*s.Content) < 1 { 21917 invalidParams.Add(request.NewErrParamMinLen("Content", 1)) 21918 } 21919 if s.Name != nil && len(*s.Name) < 1 { 21920 invalidParams.Add(request.NewErrParamMinLen("Name", 1)) 21921 } 21922 if s.PolicyId == nil { 21923 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 21924 } 21925 21926 if invalidParams.Len() > 0 { 21927 return invalidParams 21928 } 21929 return nil 21930} 21931 21932// SetContent sets the Content field's value. 21933func (s *UpdatePolicyInput) SetContent(v string) *UpdatePolicyInput { 21934 s.Content = &v 21935 return s 21936} 21937 21938// SetDescription sets the Description field's value. 21939func (s *UpdatePolicyInput) SetDescription(v string) *UpdatePolicyInput { 21940 s.Description = &v 21941 return s 21942} 21943 21944// SetName sets the Name field's value. 21945func (s *UpdatePolicyInput) SetName(v string) *UpdatePolicyInput { 21946 s.Name = &v 21947 return s 21948} 21949 21950// SetPolicyId sets the PolicyId field's value. 21951func (s *UpdatePolicyInput) SetPolicyId(v string) *UpdatePolicyInput { 21952 s.PolicyId = &v 21953 return s 21954} 21955 21956type UpdatePolicyOutput struct { 21957 _ struct{} `type:"structure"` 21958 21959 // A structure that contains details about the updated policy, showing the requested 21960 // changes. 21961 Policy *Policy `type:"structure"` 21962} 21963 21964// String returns the string representation 21965func (s UpdatePolicyOutput) String() string { 21966 return awsutil.Prettify(s) 21967} 21968 21969// GoString returns the string representation 21970func (s UpdatePolicyOutput) GoString() string { 21971 return s.String() 21972} 21973 21974// SetPolicy sets the Policy field's value. 21975func (s *UpdatePolicyOutput) SetPolicy(v *Policy) *UpdatePolicyOutput { 21976 s.Policy = v 21977 return s 21978} 21979 21980const ( 21981 // AccessDeniedForDependencyExceptionReasonAccessDeniedDuringCreateServiceLinkedRole is a AccessDeniedForDependencyExceptionReason enum value 21982 AccessDeniedForDependencyExceptionReasonAccessDeniedDuringCreateServiceLinkedRole = "ACCESS_DENIED_DURING_CREATE_SERVICE_LINKED_ROLE" 21983) 21984 21985const ( 21986 // AccountJoinedMethodInvited is a AccountJoinedMethod enum value 21987 AccountJoinedMethodInvited = "INVITED" 21988 21989 // AccountJoinedMethodCreated is a AccountJoinedMethod enum value 21990 AccountJoinedMethodCreated = "CREATED" 21991) 21992 21993const ( 21994 // AccountStatusActive is a AccountStatus enum value 21995 AccountStatusActive = "ACTIVE" 21996 21997 // AccountStatusSuspended is a AccountStatus enum value 21998 AccountStatusSuspended = "SUSPENDED" 21999) 22000 22001const ( 22002 // ActionTypeInvite is a ActionType enum value 22003 ActionTypeInvite = "INVITE" 22004 22005 // ActionTypeEnableAllFeatures is a ActionType enum value 22006 ActionTypeEnableAllFeatures = "ENABLE_ALL_FEATURES" 22007 22008 // ActionTypeApproveAllFeatures is a ActionType enum value 22009 ActionTypeApproveAllFeatures = "APPROVE_ALL_FEATURES" 22010 22011 // ActionTypeAddOrganizationsServiceLinkedRole is a ActionType enum value 22012 ActionTypeAddOrganizationsServiceLinkedRole = "ADD_ORGANIZATIONS_SERVICE_LINKED_ROLE" 22013) 22014 22015const ( 22016 // ChildTypeAccount is a ChildType enum value 22017 ChildTypeAccount = "ACCOUNT" 22018 22019 // ChildTypeOrganizationalUnit is a ChildType enum value 22020 ChildTypeOrganizationalUnit = "ORGANIZATIONAL_UNIT" 22021) 22022 22023const ( 22024 // ConstraintViolationExceptionReasonAccountNumberLimitExceeded is a ConstraintViolationExceptionReason enum value 22025 ConstraintViolationExceptionReasonAccountNumberLimitExceeded = "ACCOUNT_NUMBER_LIMIT_EXCEEDED" 22026 22027 // ConstraintViolationExceptionReasonHandshakeRateLimitExceeded is a ConstraintViolationExceptionReason enum value 22028 ConstraintViolationExceptionReasonHandshakeRateLimitExceeded = "HANDSHAKE_RATE_LIMIT_EXCEEDED" 22029 22030 // ConstraintViolationExceptionReasonOuNumberLimitExceeded is a ConstraintViolationExceptionReason enum value 22031 ConstraintViolationExceptionReasonOuNumberLimitExceeded = "OU_NUMBER_LIMIT_EXCEEDED" 22032 22033 // ConstraintViolationExceptionReasonOuDepthLimitExceeded is a ConstraintViolationExceptionReason enum value 22034 ConstraintViolationExceptionReasonOuDepthLimitExceeded = "OU_DEPTH_LIMIT_EXCEEDED" 22035 22036 // ConstraintViolationExceptionReasonPolicyNumberLimitExceeded is a ConstraintViolationExceptionReason enum value 22037 ConstraintViolationExceptionReasonPolicyNumberLimitExceeded = "POLICY_NUMBER_LIMIT_EXCEEDED" 22038 22039 // ConstraintViolationExceptionReasonPolicyContentLimitExceeded is a ConstraintViolationExceptionReason enum value 22040 ConstraintViolationExceptionReasonPolicyContentLimitExceeded = "POLICY_CONTENT_LIMIT_EXCEEDED" 22041 22042 // ConstraintViolationExceptionReasonMaxPolicyTypeAttachmentLimitExceeded is a ConstraintViolationExceptionReason enum value 22043 ConstraintViolationExceptionReasonMaxPolicyTypeAttachmentLimitExceeded = "MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED" 22044 22045 // ConstraintViolationExceptionReasonMinPolicyTypeAttachmentLimitExceeded is a ConstraintViolationExceptionReason enum value 22046 ConstraintViolationExceptionReasonMinPolicyTypeAttachmentLimitExceeded = "MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED" 22047 22048 // ConstraintViolationExceptionReasonAccountCannotLeaveOrganization is a ConstraintViolationExceptionReason enum value 22049 ConstraintViolationExceptionReasonAccountCannotLeaveOrganization = "ACCOUNT_CANNOT_LEAVE_ORGANIZATION" 22050 22051 // ConstraintViolationExceptionReasonAccountCannotLeaveWithoutEula is a ConstraintViolationExceptionReason enum value 22052 ConstraintViolationExceptionReasonAccountCannotLeaveWithoutEula = "ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA" 22053 22054 // ConstraintViolationExceptionReasonAccountCannotLeaveWithoutPhoneVerification is a ConstraintViolationExceptionReason enum value 22055 ConstraintViolationExceptionReasonAccountCannotLeaveWithoutPhoneVerification = "ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION" 22056 22057 // ConstraintViolationExceptionReasonMasterAccountPaymentInstrumentRequired is a ConstraintViolationExceptionReason enum value 22058 ConstraintViolationExceptionReasonMasterAccountPaymentInstrumentRequired = "MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED" 22059 22060 // ConstraintViolationExceptionReasonMemberAccountPaymentInstrumentRequired is a ConstraintViolationExceptionReason enum value 22061 ConstraintViolationExceptionReasonMemberAccountPaymentInstrumentRequired = "MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED" 22062 22063 // ConstraintViolationExceptionReasonAccountCreationRateLimitExceeded is a ConstraintViolationExceptionReason enum value 22064 ConstraintViolationExceptionReasonAccountCreationRateLimitExceeded = "ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED" 22065 22066 // ConstraintViolationExceptionReasonMasterAccountAddressDoesNotMatchMarketplace is a ConstraintViolationExceptionReason enum value 22067 ConstraintViolationExceptionReasonMasterAccountAddressDoesNotMatchMarketplace = "MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE" 22068 22069 // ConstraintViolationExceptionReasonMasterAccountMissingContactInfo is a ConstraintViolationExceptionReason enum value 22070 ConstraintViolationExceptionReasonMasterAccountMissingContactInfo = "MASTER_ACCOUNT_MISSING_CONTACT_INFO" 22071 22072 // ConstraintViolationExceptionReasonMasterAccountNotGovcloudEnabled is a ConstraintViolationExceptionReason enum value 22073 ConstraintViolationExceptionReasonMasterAccountNotGovcloudEnabled = "MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED" 22074 22075 // ConstraintViolationExceptionReasonOrganizationNotInAllFeaturesMode is a ConstraintViolationExceptionReason enum value 22076 ConstraintViolationExceptionReasonOrganizationNotInAllFeaturesMode = "ORGANIZATION_NOT_IN_ALL_FEATURES_MODE" 22077 22078 // ConstraintViolationExceptionReasonCreateOrganizationInBillingModeUnsupportedRegion is a ConstraintViolationExceptionReason enum value 22079 ConstraintViolationExceptionReasonCreateOrganizationInBillingModeUnsupportedRegion = "CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION" 22080 22081 // ConstraintViolationExceptionReasonEmailVerificationCodeExpired is a ConstraintViolationExceptionReason enum value 22082 ConstraintViolationExceptionReasonEmailVerificationCodeExpired = "EMAIL_VERIFICATION_CODE_EXPIRED" 22083 22084 // ConstraintViolationExceptionReasonWaitPeriodActive is a ConstraintViolationExceptionReason enum value 22085 ConstraintViolationExceptionReasonWaitPeriodActive = "WAIT_PERIOD_ACTIVE" 22086 22087 // ConstraintViolationExceptionReasonMaxTagLimitExceeded is a ConstraintViolationExceptionReason enum value 22088 ConstraintViolationExceptionReasonMaxTagLimitExceeded = "MAX_TAG_LIMIT_EXCEEDED" 22089 22090 // ConstraintViolationExceptionReasonTagPolicyViolation is a ConstraintViolationExceptionReason enum value 22091 ConstraintViolationExceptionReasonTagPolicyViolation = "TAG_POLICY_VIOLATION" 22092 22093 // ConstraintViolationExceptionReasonMaxDelegatedAdministratorsForServiceLimitExceeded is a ConstraintViolationExceptionReason enum value 22094 ConstraintViolationExceptionReasonMaxDelegatedAdministratorsForServiceLimitExceeded = "MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED" 22095 22096 // ConstraintViolationExceptionReasonCannotRegisterMasterAsDelegatedAdministrator is a ConstraintViolationExceptionReason enum value 22097 ConstraintViolationExceptionReasonCannotRegisterMasterAsDelegatedAdministrator = "CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR" 22098 22099 // ConstraintViolationExceptionReasonCannotRemoveDelegatedAdministratorFromOrg is a ConstraintViolationExceptionReason enum value 22100 ConstraintViolationExceptionReasonCannotRemoveDelegatedAdministratorFromOrg = "CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG" 22101 22102 // ConstraintViolationExceptionReasonDelegatedAdministratorExistsForThisService is a ConstraintViolationExceptionReason enum value 22103 ConstraintViolationExceptionReasonDelegatedAdministratorExistsForThisService = "DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE" 22104 22105 // ConstraintViolationExceptionReasonMasterAccountMissingBusinessLicense is a ConstraintViolationExceptionReason enum value 22106 ConstraintViolationExceptionReasonMasterAccountMissingBusinessLicense = "MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE" 22107) 22108 22109const ( 22110 // CreateAccountFailureReasonAccountLimitExceeded is a CreateAccountFailureReason enum value 22111 CreateAccountFailureReasonAccountLimitExceeded = "ACCOUNT_LIMIT_EXCEEDED" 22112 22113 // CreateAccountFailureReasonEmailAlreadyExists is a CreateAccountFailureReason enum value 22114 CreateAccountFailureReasonEmailAlreadyExists = "EMAIL_ALREADY_EXISTS" 22115 22116 // CreateAccountFailureReasonInvalidAddress is a CreateAccountFailureReason enum value 22117 CreateAccountFailureReasonInvalidAddress = "INVALID_ADDRESS" 22118 22119 // CreateAccountFailureReasonInvalidEmail is a CreateAccountFailureReason enum value 22120 CreateAccountFailureReasonInvalidEmail = "INVALID_EMAIL" 22121 22122 // CreateAccountFailureReasonConcurrentAccountModification is a CreateAccountFailureReason enum value 22123 CreateAccountFailureReasonConcurrentAccountModification = "CONCURRENT_ACCOUNT_MODIFICATION" 22124 22125 // CreateAccountFailureReasonInternalFailure is a CreateAccountFailureReason enum value 22126 CreateAccountFailureReasonInternalFailure = "INTERNAL_FAILURE" 22127 22128 // CreateAccountFailureReasonGovcloudAccountAlreadyExists is a CreateAccountFailureReason enum value 22129 CreateAccountFailureReasonGovcloudAccountAlreadyExists = "GOVCLOUD_ACCOUNT_ALREADY_EXISTS" 22130) 22131 22132const ( 22133 // CreateAccountStateInProgress is a CreateAccountState enum value 22134 CreateAccountStateInProgress = "IN_PROGRESS" 22135 22136 // CreateAccountStateSucceeded is a CreateAccountState enum value 22137 CreateAccountStateSucceeded = "SUCCEEDED" 22138 22139 // CreateAccountStateFailed is a CreateAccountState enum value 22140 CreateAccountStateFailed = "FAILED" 22141) 22142 22143const ( 22144 // EffectivePolicyTypeTagPolicy is a EffectivePolicyType enum value 22145 EffectivePolicyTypeTagPolicy = "TAG_POLICY" 22146 22147 // EffectivePolicyTypeBackupPolicy is a EffectivePolicyType enum value 22148 EffectivePolicyTypeBackupPolicy = "BACKUP_POLICY" 22149 22150 // EffectivePolicyTypeAiservicesOptOutPolicy is a EffectivePolicyType enum value 22151 EffectivePolicyTypeAiservicesOptOutPolicy = "AISERVICES_OPT_OUT_POLICY" 22152) 22153 22154const ( 22155 // HandshakeConstraintViolationExceptionReasonAccountNumberLimitExceeded is a HandshakeConstraintViolationExceptionReason enum value 22156 HandshakeConstraintViolationExceptionReasonAccountNumberLimitExceeded = "ACCOUNT_NUMBER_LIMIT_EXCEEDED" 22157 22158 // HandshakeConstraintViolationExceptionReasonHandshakeRateLimitExceeded is a HandshakeConstraintViolationExceptionReason enum value 22159 HandshakeConstraintViolationExceptionReasonHandshakeRateLimitExceeded = "HANDSHAKE_RATE_LIMIT_EXCEEDED" 22160 22161 // HandshakeConstraintViolationExceptionReasonAlreadyInAnOrganization is a HandshakeConstraintViolationExceptionReason enum value 22162 HandshakeConstraintViolationExceptionReasonAlreadyInAnOrganization = "ALREADY_IN_AN_ORGANIZATION" 22163 22164 // HandshakeConstraintViolationExceptionReasonOrganizationAlreadyHasAllFeatures is a HandshakeConstraintViolationExceptionReason enum value 22165 HandshakeConstraintViolationExceptionReasonOrganizationAlreadyHasAllFeatures = "ORGANIZATION_ALREADY_HAS_ALL_FEATURES" 22166 22167 // HandshakeConstraintViolationExceptionReasonInviteDisabledDuringEnableAllFeatures is a HandshakeConstraintViolationExceptionReason enum value 22168 HandshakeConstraintViolationExceptionReasonInviteDisabledDuringEnableAllFeatures = "INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES" 22169 22170 // HandshakeConstraintViolationExceptionReasonPaymentInstrumentRequired is a HandshakeConstraintViolationExceptionReason enum value 22171 HandshakeConstraintViolationExceptionReasonPaymentInstrumentRequired = "PAYMENT_INSTRUMENT_REQUIRED" 22172 22173 // HandshakeConstraintViolationExceptionReasonOrganizationFromDifferentSellerOfRecord is a HandshakeConstraintViolationExceptionReason enum value 22174 HandshakeConstraintViolationExceptionReasonOrganizationFromDifferentSellerOfRecord = "ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD" 22175 22176 // HandshakeConstraintViolationExceptionReasonOrganizationMembershipChangeRateLimitExceeded is a HandshakeConstraintViolationExceptionReason enum value 22177 HandshakeConstraintViolationExceptionReasonOrganizationMembershipChangeRateLimitExceeded = "ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED" 22178) 22179 22180const ( 22181 // HandshakePartyTypeAccount is a HandshakePartyType enum value 22182 HandshakePartyTypeAccount = "ACCOUNT" 22183 22184 // HandshakePartyTypeOrganization is a HandshakePartyType enum value 22185 HandshakePartyTypeOrganization = "ORGANIZATION" 22186 22187 // HandshakePartyTypeEmail is a HandshakePartyType enum value 22188 HandshakePartyTypeEmail = "EMAIL" 22189) 22190 22191const ( 22192 // HandshakeResourceTypeAccount is a HandshakeResourceType enum value 22193 HandshakeResourceTypeAccount = "ACCOUNT" 22194 22195 // HandshakeResourceTypeOrganization is a HandshakeResourceType enum value 22196 HandshakeResourceTypeOrganization = "ORGANIZATION" 22197 22198 // HandshakeResourceTypeOrganizationFeatureSet is a HandshakeResourceType enum value 22199 HandshakeResourceTypeOrganizationFeatureSet = "ORGANIZATION_FEATURE_SET" 22200 22201 // HandshakeResourceTypeEmail is a HandshakeResourceType enum value 22202 HandshakeResourceTypeEmail = "EMAIL" 22203 22204 // HandshakeResourceTypeMasterEmail is a HandshakeResourceType enum value 22205 HandshakeResourceTypeMasterEmail = "MASTER_EMAIL" 22206 22207 // HandshakeResourceTypeMasterName is a HandshakeResourceType enum value 22208 HandshakeResourceTypeMasterName = "MASTER_NAME" 22209 22210 // HandshakeResourceTypeNotes is a HandshakeResourceType enum value 22211 HandshakeResourceTypeNotes = "NOTES" 22212 22213 // HandshakeResourceTypeParentHandshake is a HandshakeResourceType enum value 22214 HandshakeResourceTypeParentHandshake = "PARENT_HANDSHAKE" 22215) 22216 22217const ( 22218 // HandshakeStateRequested is a HandshakeState enum value 22219 HandshakeStateRequested = "REQUESTED" 22220 22221 // HandshakeStateOpen is a HandshakeState enum value 22222 HandshakeStateOpen = "OPEN" 22223 22224 // HandshakeStateCanceled is a HandshakeState enum value 22225 HandshakeStateCanceled = "CANCELED" 22226 22227 // HandshakeStateAccepted is a HandshakeState enum value 22228 HandshakeStateAccepted = "ACCEPTED" 22229 22230 // HandshakeStateDeclined is a HandshakeState enum value 22231 HandshakeStateDeclined = "DECLINED" 22232 22233 // HandshakeStateExpired is a HandshakeState enum value 22234 HandshakeStateExpired = "EXPIRED" 22235) 22236 22237const ( 22238 // IAMUserAccessToBillingAllow is a IAMUserAccessToBilling enum value 22239 IAMUserAccessToBillingAllow = "ALLOW" 22240 22241 // IAMUserAccessToBillingDeny is a IAMUserAccessToBilling enum value 22242 IAMUserAccessToBillingDeny = "DENY" 22243) 22244 22245const ( 22246 // InvalidInputExceptionReasonInvalidPartyTypeTarget is a InvalidInputExceptionReason enum value 22247 InvalidInputExceptionReasonInvalidPartyTypeTarget = "INVALID_PARTY_TYPE_TARGET" 22248 22249 // InvalidInputExceptionReasonInvalidSyntaxOrganizationArn is a InvalidInputExceptionReason enum value 22250 InvalidInputExceptionReasonInvalidSyntaxOrganizationArn = "INVALID_SYNTAX_ORGANIZATION_ARN" 22251 22252 // InvalidInputExceptionReasonInvalidSyntaxPolicyId is a InvalidInputExceptionReason enum value 22253 InvalidInputExceptionReasonInvalidSyntaxPolicyId = "INVALID_SYNTAX_POLICY_ID" 22254 22255 // InvalidInputExceptionReasonInvalidEnum is a InvalidInputExceptionReason enum value 22256 InvalidInputExceptionReasonInvalidEnum = "INVALID_ENUM" 22257 22258 // InvalidInputExceptionReasonInvalidEnumPolicyType is a InvalidInputExceptionReason enum value 22259 InvalidInputExceptionReasonInvalidEnumPolicyType = "INVALID_ENUM_POLICY_TYPE" 22260 22261 // InvalidInputExceptionReasonInvalidListMember is a InvalidInputExceptionReason enum value 22262 InvalidInputExceptionReasonInvalidListMember = "INVALID_LIST_MEMBER" 22263 22264 // InvalidInputExceptionReasonMaxLengthExceeded is a InvalidInputExceptionReason enum value 22265 InvalidInputExceptionReasonMaxLengthExceeded = "MAX_LENGTH_EXCEEDED" 22266 22267 // InvalidInputExceptionReasonMaxValueExceeded is a InvalidInputExceptionReason enum value 22268 InvalidInputExceptionReasonMaxValueExceeded = "MAX_VALUE_EXCEEDED" 22269 22270 // InvalidInputExceptionReasonMinLengthExceeded is a InvalidInputExceptionReason enum value 22271 InvalidInputExceptionReasonMinLengthExceeded = "MIN_LENGTH_EXCEEDED" 22272 22273 // InvalidInputExceptionReasonMinValueExceeded is a InvalidInputExceptionReason enum value 22274 InvalidInputExceptionReasonMinValueExceeded = "MIN_VALUE_EXCEEDED" 22275 22276 // InvalidInputExceptionReasonImmutablePolicy is a InvalidInputExceptionReason enum value 22277 InvalidInputExceptionReasonImmutablePolicy = "IMMUTABLE_POLICY" 22278 22279 // InvalidInputExceptionReasonInvalidPattern is a InvalidInputExceptionReason enum value 22280 InvalidInputExceptionReasonInvalidPattern = "INVALID_PATTERN" 22281 22282 // InvalidInputExceptionReasonInvalidPatternTargetId is a InvalidInputExceptionReason enum value 22283 InvalidInputExceptionReasonInvalidPatternTargetId = "INVALID_PATTERN_TARGET_ID" 22284 22285 // InvalidInputExceptionReasonInputRequired is a InvalidInputExceptionReason enum value 22286 InvalidInputExceptionReasonInputRequired = "INPUT_REQUIRED" 22287 22288 // InvalidInputExceptionReasonInvalidNextToken is a InvalidInputExceptionReason enum value 22289 InvalidInputExceptionReasonInvalidNextToken = "INVALID_NEXT_TOKEN" 22290 22291 // InvalidInputExceptionReasonMaxLimitExceededFilter is a InvalidInputExceptionReason enum value 22292 InvalidInputExceptionReasonMaxLimitExceededFilter = "MAX_LIMIT_EXCEEDED_FILTER" 22293 22294 // InvalidInputExceptionReasonMovingAccountBetweenDifferentRoots is a InvalidInputExceptionReason enum value 22295 InvalidInputExceptionReasonMovingAccountBetweenDifferentRoots = "MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS" 22296 22297 // InvalidInputExceptionReasonInvalidFullNameTarget is a InvalidInputExceptionReason enum value 22298 InvalidInputExceptionReasonInvalidFullNameTarget = "INVALID_FULL_NAME_TARGET" 22299 22300 // InvalidInputExceptionReasonUnrecognizedServicePrincipal is a InvalidInputExceptionReason enum value 22301 InvalidInputExceptionReasonUnrecognizedServicePrincipal = "UNRECOGNIZED_SERVICE_PRINCIPAL" 22302 22303 // InvalidInputExceptionReasonInvalidRoleName is a InvalidInputExceptionReason enum value 22304 InvalidInputExceptionReasonInvalidRoleName = "INVALID_ROLE_NAME" 22305 22306 // InvalidInputExceptionReasonInvalidSystemTagsParameter is a InvalidInputExceptionReason enum value 22307 InvalidInputExceptionReasonInvalidSystemTagsParameter = "INVALID_SYSTEM_TAGS_PARAMETER" 22308 22309 // InvalidInputExceptionReasonTargetNotSupported is a InvalidInputExceptionReason enum value 22310 InvalidInputExceptionReasonTargetNotSupported = "TARGET_NOT_SUPPORTED" 22311) 22312 22313const ( 22314 // OrganizationFeatureSetAll is a OrganizationFeatureSet enum value 22315 OrganizationFeatureSetAll = "ALL" 22316 22317 // OrganizationFeatureSetConsolidatedBilling is a OrganizationFeatureSet enum value 22318 OrganizationFeatureSetConsolidatedBilling = "CONSOLIDATED_BILLING" 22319) 22320 22321const ( 22322 // ParentTypeRoot is a ParentType enum value 22323 ParentTypeRoot = "ROOT" 22324 22325 // ParentTypeOrganizationalUnit is a ParentType enum value 22326 ParentTypeOrganizationalUnit = "ORGANIZATIONAL_UNIT" 22327) 22328 22329const ( 22330 // PolicyTypeServiceControlPolicy is a PolicyType enum value 22331 PolicyTypeServiceControlPolicy = "SERVICE_CONTROL_POLICY" 22332 22333 // PolicyTypeTagPolicy is a PolicyType enum value 22334 PolicyTypeTagPolicy = "TAG_POLICY" 22335 22336 // PolicyTypeBackupPolicy is a PolicyType enum value 22337 PolicyTypeBackupPolicy = "BACKUP_POLICY" 22338 22339 // PolicyTypeAiservicesOptOutPolicy is a PolicyType enum value 22340 PolicyTypeAiservicesOptOutPolicy = "AISERVICES_OPT_OUT_POLICY" 22341) 22342 22343const ( 22344 // PolicyTypeStatusEnabled is a PolicyTypeStatus enum value 22345 PolicyTypeStatusEnabled = "ENABLED" 22346 22347 // PolicyTypeStatusPendingEnable is a PolicyTypeStatus enum value 22348 PolicyTypeStatusPendingEnable = "PENDING_ENABLE" 22349 22350 // PolicyTypeStatusPendingDisable is a PolicyTypeStatus enum value 22351 PolicyTypeStatusPendingDisable = "PENDING_DISABLE" 22352) 22353 22354const ( 22355 // TargetTypeAccount is a TargetType enum value 22356 TargetTypeAccount = "ACCOUNT" 22357 22358 // TargetTypeOrganizationalUnit is a TargetType enum value 22359 TargetTypeOrganizationalUnit = "ORGANIZATIONAL_UNIT" 22360 22361 // TargetTypeRoot is a TargetType enum value 22362 TargetTypeRoot = "ROOT" 22363) 22364