1// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. 2 3package organizations 4 5import ( 6 "fmt" 7 "time" 8 9 "github.com/aws/aws-sdk-go/aws" 10 "github.com/aws/aws-sdk-go/aws/awsutil" 11 "github.com/aws/aws-sdk-go/aws/request" 12 "github.com/aws/aws-sdk-go/private/protocol" 13 "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" 14) 15 16const opAcceptHandshake = "AcceptHandshake" 17 18// AcceptHandshakeRequest generates a "aws/request.Request" representing the 19// client's request for the AcceptHandshake operation. The "output" return 20// value will be populated with the request's response once the request completes 21// successfully. 22// 23// Use "Send" method on the returned Request to send the API call to the service. 24// the "output" return value is not valid until after Send returns without error. 25// 26// See AcceptHandshake for more information on using the AcceptHandshake 27// API call, and error handling. 28// 29// This method is useful when you want to inject custom logic or configuration 30// into the SDK's request lifecycle. Such as custom headers, or retry logic. 31// 32// 33// // Example sending a request using the AcceptHandshakeRequest method. 34// req, resp := client.AcceptHandshakeRequest(params) 35// 36// err := req.Send() 37// if err == nil { // resp is now filled 38// fmt.Println(resp) 39// } 40// 41// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AcceptHandshake 42func (c *Organizations) AcceptHandshakeRequest(input *AcceptHandshakeInput) (req *request.Request, output *AcceptHandshakeOutput) { 43 op := &request.Operation{ 44 Name: opAcceptHandshake, 45 HTTPMethod: "POST", 46 HTTPPath: "/", 47 } 48 49 if input == nil { 50 input = &AcceptHandshakeInput{} 51 } 52 53 output = &AcceptHandshakeOutput{} 54 req = c.newRequest(op, input, output) 55 return 56} 57 58// AcceptHandshake API operation for AWS Organizations. 59// 60// Sends a response to the originator of a handshake agreeing to the action 61// proposed by the handshake request. 62// 63// This operation can be called only by the following principals when they also 64// have the relevant IAM permissions: 65// 66// * Invitation to join or Approve all features request handshakes: only 67// a principal from the member account. The user who calls the API for an 68// invitation to join must have the organizations:AcceptHandshake permission. 69// If you enabled all features in the organization, the user must also have 70// the iam:CreateServiceLinkedRole permission so that AWS Organizations can 71// create the required service-linked role named AWSServiceRoleForOrganizations. 72// For more information, see AWS Organizations and Service-Linked Roles (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integration_services.html#orgs_integration_service-linked-roles) 73// in the AWS Organizations User Guide. 74// 75// * Enable all features final confirmation handshake: only a principal from 76// the master account. For more information about invitations, see Inviting 77// an AWS Account to Join Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_invites.html) 78// in the AWS Organizations User Guide. For more information about requests 79// to enable all features in the organization, see Enabling All Features 80// in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) 81// in the AWS Organizations User Guide. 82// 83// After you accept a handshake, it continues to appear in the results of relevant 84// APIs for only 30 days. After that, it's deleted. 85// 86// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 87// with awserr.Error's Code and Message methods to get detailed information about 88// the error. 89// 90// See the AWS API reference guide for AWS Organizations's 91// API operation AcceptHandshake for usage and error information. 92// 93// Returned Error Codes: 94// * ErrCodeAccessDeniedException "AccessDeniedException" 95// You don't have permissions to perform the requested operation. The user or 96// role that is making the request must have at least one IAM permissions policy 97// attached that grants the required permissions. For more information, see 98// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 99// in the IAM User Guide. 100// 101// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 102// Your account isn't a member of an organization. To make this request, you 103// must use the credentials of an account that belongs to an organization. 104// 105// * ErrCodeHandshakeConstraintViolationException "HandshakeConstraintViolationException" 106// The requested operation would violate the constraint identified in the reason 107// code. 108// 109// Some of the reasons in the following list might not be applicable to this 110// specific API or operation: 111// 112// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 113// the number of accounts in an organization. Note that deleted and closed 114// accounts still count toward your limit. If you get this exception immediately 115// after creating the organization, wait one hour and try again. If after 116// an hour it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/). 117// 118// * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because 119// the invited account is already a member of an organization. 120// 121// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 122// handshakes that you can send in one day. 123// 124// * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations 125// to join an organization while it's in the process of enabling all features. 126// You can resume inviting accounts after you finalize the process when all 127// accounts have agreed to the change. 128// 129// * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid 130// because the organization has already enabled all features. 131// 132// * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because 133// the account is from a different marketplace than the accounts in the organization. 134// For example, accounts with India addresses must be associated with the 135// AISPL marketplace. All accounts in an organization must be from the same 136// marketplace. 137// 138// * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to 139// change the membership of an account too quickly after its previous change. 140// 141// * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an 142// account that doesn't have a payment instrument, such as a credit card, 143// associated with it. 144// 145// * ErrCodeHandshakeNotFoundException "HandshakeNotFoundException" 146// We can't find a handshake with the HandshakeId that you specified. 147// 148// * ErrCodeInvalidHandshakeTransitionException "InvalidHandshakeTransitionException" 149// You can't perform the operation on the handshake in its current state. For 150// example, you can't cancel a handshake that was already accepted or accept 151// a handshake that was already declined. 152// 153// * ErrCodeHandshakeAlreadyInStateException "HandshakeAlreadyInStateException" 154// The specified handshake is already in the requested state. For example, you 155// can't accept a handshake that was already accepted. 156// 157// * ErrCodeInvalidInputException "InvalidInputException" 158// The requested operation failed because you provided invalid values for one 159// or more of the request parameters. This exception includes a reason that 160// contains additional information about the violated limit: 161// 162// Some of the reasons in the following list might not be applicable to this 163// specific API or operation: 164// 165// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 166// can't be modified. 167// 168// * INPUT_REQUIRED: You must include a value for all required parameters. 169// 170// * INVALID_ENUM: You specified an invalid value. 171// 172// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 173// characters. 174// 175// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 176// at least one invalid value. 177// 178// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 179// from the response to a previous call of the operation. 180// 181// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 182// organization, or email) as a party. 183// 184// * INVALID_PATTERN: You provided a value that doesn't match the required 185// pattern. 186// 187// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 188// match the required pattern. 189// 190// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 191// name can't begin with the reserved prefix AWSServiceRoleFor. 192// 193// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 194// Name (ARN) for the organization. 195// 196// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 197// 198// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 199// tag. You can’t add, edit, or delete system tag keys because they're 200// reserved for AWS use. System tags don’t count against your tags per 201// resource limit. 202// 203// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 204// for the operation. 205// 206// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 207// than allowed. 208// 209// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 210// value than allowed. 211// 212// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 213// than allowed. 214// 215// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 216// value than allowed. 217// 218// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 219// between entities in the same root. 220// 221// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 222// The target of the operation is currently being modified by a different request. 223// Try again later. 224// 225// * ErrCodeServiceException "ServiceException" 226// AWS Organizations can't complete your request because of an internal service 227// error. Try again later. 228// 229// * ErrCodeTooManyRequestsException "TooManyRequestsException" 230// You have sent too many requests in too short a period of time. The limit 231// helps protect against denial-of-service attacks. Try again later. 232// 233// For information on limits that affect AWS Organizations, see Limits of AWS 234// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 235// in the AWS Organizations User Guide. 236// 237// * ErrCodeAccessDeniedForDependencyException "AccessDeniedForDependencyException" 238// The operation that you attempted requires you to have the iam:CreateServiceLinkedRole 239// for organizations.amazonaws.com permission so that AWS Organizations can 240// create the required service-linked role. You don't have that permission. 241// 242// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AcceptHandshake 243func (c *Organizations) AcceptHandshake(input *AcceptHandshakeInput) (*AcceptHandshakeOutput, error) { 244 req, out := c.AcceptHandshakeRequest(input) 245 return out, req.Send() 246} 247 248// AcceptHandshakeWithContext is the same as AcceptHandshake with the addition of 249// the ability to pass a context and additional request options. 250// 251// See AcceptHandshake for details on how to use this API operation. 252// 253// The context must be non-nil and will be used for request cancellation. If 254// the context is nil a panic will occur. In the future the SDK may create 255// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 256// for more information on using Contexts. 257func (c *Organizations) AcceptHandshakeWithContext(ctx aws.Context, input *AcceptHandshakeInput, opts ...request.Option) (*AcceptHandshakeOutput, error) { 258 req, out := c.AcceptHandshakeRequest(input) 259 req.SetContext(ctx) 260 req.ApplyOptions(opts...) 261 return out, req.Send() 262} 263 264const opAttachPolicy = "AttachPolicy" 265 266// AttachPolicyRequest generates a "aws/request.Request" representing the 267// client's request for the AttachPolicy operation. The "output" return 268// value will be populated with the request's response once the request completes 269// successfully. 270// 271// Use "Send" method on the returned Request to send the API call to the service. 272// the "output" return value is not valid until after Send returns without error. 273// 274// See AttachPolicy for more information on using the AttachPolicy 275// API call, and error handling. 276// 277// This method is useful when you want to inject custom logic or configuration 278// into the SDK's request lifecycle. Such as custom headers, or retry logic. 279// 280// 281// // Example sending a request using the AttachPolicyRequest method. 282// req, resp := client.AttachPolicyRequest(params) 283// 284// err := req.Send() 285// if err == nil { // resp is now filled 286// fmt.Println(resp) 287// } 288// 289// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AttachPolicy 290func (c *Organizations) AttachPolicyRequest(input *AttachPolicyInput) (req *request.Request, output *AttachPolicyOutput) { 291 op := &request.Operation{ 292 Name: opAttachPolicy, 293 HTTPMethod: "POST", 294 HTTPPath: "/", 295 } 296 297 if input == nil { 298 input = &AttachPolicyInput{} 299 } 300 301 output = &AttachPolicyOutput{} 302 req = c.newRequest(op, input, output) 303 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 304 return 305} 306 307// AttachPolicy API operation for AWS Organizations. 308// 309// Attaches a policy to a root, an organizational unit (OU), or an individual 310// account. How the policy affects accounts depends on the type of policy: 311// 312// * Service control policy (SCP) - An SCP specifies what permissions can 313// be delegated to users in affected member accounts. The scope of influence 314// for a policy depends on what you attach the policy to: If you attach an 315// SCP to a root, it affects all accounts in the organization. If you attach 316// an SCP to an OU, it affects all accounts in that OU and in any child OUs. 317// If you attach the policy directly to an account, it affects only that 318// account. SCPs are JSON policies that specify the maximum permissions for 319// an organization or organizational unit (OU). You can attach one SCP to 320// a higher level root or OU, and a different SCP to a child OU or to an 321// account. The child policy can further restrict only the permissions that 322// pass through the parent filter and are available to the child. An SCP 323// that is attached to a child can't grant a permission that the parent hasn't 324// already granted. For example, imagine that the parent SCP allows permissions 325// A, B, C, D, and E. The child SCP allows C, D, E, F, and G. The result 326// is that the accounts affected by the child SCP are allowed to use only 327// C, D, and E. They can't use A or B because the child OU filtered them 328// out. They also can't use F and G because the parent OU filtered them out. 329// They can't be granted back by the child SCP; child SCPs can only filter 330// the permissions they receive from the parent SCP. AWS Organizations attaches 331// a default SCP named "FullAWSAccess to every root, OU, and account. This 332// default SCP allows all services and actions, enabling any new child OU 333// or account to inherit the permissions of the parent root or OU. If you 334// detach the default policy, you must replace it with a policy that specifies 335// the permissions that you want to allow in that OU or account. For more 336// information about how AWS Organizations policies permissions work, see 337// Using Service Control Policies (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html) 338// in the AWS Organizations User Guide. 339// 340// This operation can be called only from the organization's master account. 341// 342// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 343// with awserr.Error's Code and Message methods to get detailed information about 344// the error. 345// 346// See the AWS API reference guide for AWS Organizations's 347// API operation AttachPolicy for usage and error information. 348// 349// Returned Error Codes: 350// * ErrCodeAccessDeniedException "AccessDeniedException" 351// You don't have permissions to perform the requested operation. The user or 352// role that is making the request must have at least one IAM permissions policy 353// attached that grants the required permissions. For more information, see 354// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 355// in the IAM User Guide. 356// 357// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 358// Your account isn't a member of an organization. To make this request, you 359// must use the credentials of an account that belongs to an organization. 360// 361// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 362// The target of the operation is currently being modified by a different request. 363// Try again later. 364// 365// * ErrCodeConstraintViolationException "ConstraintViolationException" 366// Performing this operation violates a minimum or maximum value limit. For 367// example, attempting to remove the last service control policy (SCP) from 368// an OU or root, inviting or creating too many accounts to the organization, 369// or attaching too many policies to an account, OU, or root. This exception 370// includes a reason that contains additional information about the violated 371// limit. 372// 373// Some of the reasons in the following list might not be applicable to this 374// specific API or operation: 375// 376// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 377// from the organization that doesn't yet have enough information to exist 378// as a standalone account. This account requires you to first agree to the 379// AWS Customer Agreement. Follow the steps at To leave an organization when 380// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 381// in the AWS Organizations User Guide. 382// 383// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 384// an account from the organization that doesn't yet have enough information 385// to exist as a standalone account. This account requires you to first complete 386// phone verification. Follow the steps at To leave an organization when 387// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 388// in the AWS Organizations User Guide. 389// 390// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 391// of accounts that you can create in one day. 392// 393// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 394// the number of accounts in an organization. If you need more accounts, 395// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 396// request an increase in your limit. Or the number of invitations that you 397// tried to send would cause you to exceed the limit of accounts in your 398// organization. Send fewer invitations or contact AWS Support to request 399// an increase in the number of accounts. Deleted and closed accounts still 400// count toward your limit. If you get receive this exception when running 401// a command immediately after creating the organization, wait one hour and 402// try again. If after an hour it continues to fail with this error, contact 403// AWS Support (https://console.aws.amazon.com/support/home#/). 404// 405// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 406// handshakes that you can send in one day. 407// 408// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 409// in this organization, you first must migrate the organization's master 410// account to the marketplace that corresponds to the master account's address. 411// For example, accounts with India addresses must be associated with the 412// AISPL marketplace. All accounts in an organization must be associated 413// with the same marketplace. 414// 415// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 416// must first provide contact a valid address and phone number for the master 417// account. Then try the operation again. 418// 419// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 420// master account must have an associated account in the AWS GovCloud (US-West) 421// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 422// in the AWS GovCloud User Guide. 423// 424// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 425// with this master account, you first must associate a valid payment instrument, 426// such as a credit card, with the account. Follow the steps at To leave 427// an organization when all required account information has not yet been 428// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 429// in the AWS Organizations User Guide. 430// 431// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 432// number of policies of a certain type that can be attached to an entity 433// at one time. 434// 435// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 436// on this resource. 437// 438// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 439// with this member account, you first must associate a valid payment instrument, 440// such as a credit card, with the account. Follow the steps at To leave 441// an organization when all required account information has not yet been 442// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 443// in the AWS Organizations User Guide. 444// 445// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 446// policy from an entity that would cause the entity to have fewer than the 447// minimum number of policies of a certain type required. 448// 449// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 450// too many levels deep. 451// 452// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 453// that requires the organization to be configured to support all features. 454// An organization that supports only consolidated billing features can't 455// perform this operation. 456// 457// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 458// that you can have in an organization. 459// 460// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 461// policies that you can have in an organization. 462// 463// * ErrCodeDuplicatePolicyAttachmentException "DuplicatePolicyAttachmentException" 464// The selected policy is already attached to the specified target. 465// 466// * ErrCodeInvalidInputException "InvalidInputException" 467// The requested operation failed because you provided invalid values for one 468// or more of the request parameters. This exception includes a reason that 469// contains additional information about the violated limit: 470// 471// Some of the reasons in the following list might not be applicable to this 472// specific API or operation: 473// 474// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 475// can't be modified. 476// 477// * INPUT_REQUIRED: You must include a value for all required parameters. 478// 479// * INVALID_ENUM: You specified an invalid value. 480// 481// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 482// characters. 483// 484// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 485// at least one invalid value. 486// 487// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 488// from the response to a previous call of the operation. 489// 490// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 491// organization, or email) as a party. 492// 493// * INVALID_PATTERN: You provided a value that doesn't match the required 494// pattern. 495// 496// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 497// match the required pattern. 498// 499// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 500// name can't begin with the reserved prefix AWSServiceRoleFor. 501// 502// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 503// Name (ARN) for the organization. 504// 505// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 506// 507// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 508// tag. You can’t add, edit, or delete system tag keys because they're 509// reserved for AWS use. System tags don’t count against your tags per 510// resource limit. 511// 512// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 513// for the operation. 514// 515// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 516// than allowed. 517// 518// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 519// value than allowed. 520// 521// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 522// than allowed. 523// 524// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 525// value than allowed. 526// 527// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 528// between entities in the same root. 529// 530// * ErrCodePolicyNotFoundException "PolicyNotFoundException" 531// We can't find a policy with the PolicyId that you specified. 532// 533// * ErrCodePolicyTypeNotEnabledException "PolicyTypeNotEnabledException" 534// The specified policy type isn't currently enabled in this root. You can't 535// attach policies of the specified type to entities in a root until you enable 536// that type in the root. For more information, see Enabling All Features in 537// Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) 538// in the AWS Organizations User Guide. 539// 540// * ErrCodeServiceException "ServiceException" 541// AWS Organizations can't complete your request because of an internal service 542// error. Try again later. 543// 544// * ErrCodeTargetNotFoundException "TargetNotFoundException" 545// We can't find a root, OU, or account with the TargetId that you specified. 546// 547// * ErrCodeTooManyRequestsException "TooManyRequestsException" 548// You have sent too many requests in too short a period of time. The limit 549// helps protect against denial-of-service attacks. Try again later. 550// 551// For information on limits that affect AWS Organizations, see Limits of AWS 552// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 553// in the AWS Organizations User Guide. 554// 555// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AttachPolicy 556func (c *Organizations) AttachPolicy(input *AttachPolicyInput) (*AttachPolicyOutput, error) { 557 req, out := c.AttachPolicyRequest(input) 558 return out, req.Send() 559} 560 561// AttachPolicyWithContext is the same as AttachPolicy with the addition of 562// the ability to pass a context and additional request options. 563// 564// See AttachPolicy for details on how to use this API operation. 565// 566// The context must be non-nil and will be used for request cancellation. If 567// the context is nil a panic will occur. In the future the SDK may create 568// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 569// for more information on using Contexts. 570func (c *Organizations) AttachPolicyWithContext(ctx aws.Context, input *AttachPolicyInput, opts ...request.Option) (*AttachPolicyOutput, error) { 571 req, out := c.AttachPolicyRequest(input) 572 req.SetContext(ctx) 573 req.ApplyOptions(opts...) 574 return out, req.Send() 575} 576 577const opCancelHandshake = "CancelHandshake" 578 579// CancelHandshakeRequest generates a "aws/request.Request" representing the 580// client's request for the CancelHandshake operation. The "output" return 581// value will be populated with the request's response once the request completes 582// successfully. 583// 584// Use "Send" method on the returned Request to send the API call to the service. 585// the "output" return value is not valid until after Send returns without error. 586// 587// See CancelHandshake for more information on using the CancelHandshake 588// API call, and error handling. 589// 590// This method is useful when you want to inject custom logic or configuration 591// into the SDK's request lifecycle. Such as custom headers, or retry logic. 592// 593// 594// // Example sending a request using the CancelHandshakeRequest method. 595// req, resp := client.CancelHandshakeRequest(params) 596// 597// err := req.Send() 598// if err == nil { // resp is now filled 599// fmt.Println(resp) 600// } 601// 602// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CancelHandshake 603func (c *Organizations) CancelHandshakeRequest(input *CancelHandshakeInput) (req *request.Request, output *CancelHandshakeOutput) { 604 op := &request.Operation{ 605 Name: opCancelHandshake, 606 HTTPMethod: "POST", 607 HTTPPath: "/", 608 } 609 610 if input == nil { 611 input = &CancelHandshakeInput{} 612 } 613 614 output = &CancelHandshakeOutput{} 615 req = c.newRequest(op, input, output) 616 return 617} 618 619// CancelHandshake API operation for AWS Organizations. 620// 621// Cancels a handshake. Canceling a handshake sets the handshake state to CANCELED. 622// 623// This operation can be called only from the account that originated the handshake. 624// The recipient of the handshake can't cancel it, but can use DeclineHandshake 625// instead. After a handshake is canceled, the recipient can no longer respond 626// to that handshake. 627// 628// After you cancel a handshake, it continues to appear in the results of relevant 629// APIs for only 30 days. After that, it's deleted. 630// 631// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 632// with awserr.Error's Code and Message methods to get detailed information about 633// the error. 634// 635// See the AWS API reference guide for AWS Organizations's 636// API operation CancelHandshake for usage and error information. 637// 638// Returned Error Codes: 639// * ErrCodeAccessDeniedException "AccessDeniedException" 640// You don't have permissions to perform the requested operation. The user or 641// role that is making the request must have at least one IAM permissions policy 642// attached that grants the required permissions. For more information, see 643// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 644// in the IAM User Guide. 645// 646// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 647// The target of the operation is currently being modified by a different request. 648// Try again later. 649// 650// * ErrCodeHandshakeNotFoundException "HandshakeNotFoundException" 651// We can't find a handshake with the HandshakeId that you specified. 652// 653// * ErrCodeInvalidHandshakeTransitionException "InvalidHandshakeTransitionException" 654// You can't perform the operation on the handshake in its current state. For 655// example, you can't cancel a handshake that was already accepted or accept 656// a handshake that was already declined. 657// 658// * ErrCodeHandshakeAlreadyInStateException "HandshakeAlreadyInStateException" 659// The specified handshake is already in the requested state. For example, you 660// can't accept a handshake that was already accepted. 661// 662// * ErrCodeInvalidInputException "InvalidInputException" 663// The requested operation failed because you provided invalid values for one 664// or more of the request parameters. This exception includes a reason that 665// contains additional information about the violated limit: 666// 667// Some of the reasons in the following list might not be applicable to this 668// specific API or operation: 669// 670// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 671// can't be modified. 672// 673// * INPUT_REQUIRED: You must include a value for all required parameters. 674// 675// * INVALID_ENUM: You specified an invalid value. 676// 677// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 678// characters. 679// 680// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 681// at least one invalid value. 682// 683// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 684// from the response to a previous call of the operation. 685// 686// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 687// organization, or email) as a party. 688// 689// * INVALID_PATTERN: You provided a value that doesn't match the required 690// pattern. 691// 692// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 693// match the required pattern. 694// 695// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 696// name can't begin with the reserved prefix AWSServiceRoleFor. 697// 698// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 699// Name (ARN) for the organization. 700// 701// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 702// 703// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 704// tag. You can’t add, edit, or delete system tag keys because they're 705// reserved for AWS use. System tags don’t count against your tags per 706// resource limit. 707// 708// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 709// for the operation. 710// 711// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 712// than allowed. 713// 714// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 715// value than allowed. 716// 717// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 718// than allowed. 719// 720// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 721// value than allowed. 722// 723// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 724// between entities in the same root. 725// 726// * ErrCodeServiceException "ServiceException" 727// AWS Organizations can't complete your request because of an internal service 728// error. Try again later. 729// 730// * ErrCodeTooManyRequestsException "TooManyRequestsException" 731// You have sent too many requests in too short a period of time. The limit 732// helps protect against denial-of-service attacks. Try again later. 733// 734// For information on limits that affect AWS Organizations, see Limits of AWS 735// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 736// in the AWS Organizations User Guide. 737// 738// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CancelHandshake 739func (c *Organizations) CancelHandshake(input *CancelHandshakeInput) (*CancelHandshakeOutput, error) { 740 req, out := c.CancelHandshakeRequest(input) 741 return out, req.Send() 742} 743 744// CancelHandshakeWithContext is the same as CancelHandshake with the addition of 745// the ability to pass a context and additional request options. 746// 747// See CancelHandshake for details on how to use this API operation. 748// 749// The context must be non-nil and will be used for request cancellation. If 750// the context is nil a panic will occur. In the future the SDK may create 751// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 752// for more information on using Contexts. 753func (c *Organizations) CancelHandshakeWithContext(ctx aws.Context, input *CancelHandshakeInput, opts ...request.Option) (*CancelHandshakeOutput, error) { 754 req, out := c.CancelHandshakeRequest(input) 755 req.SetContext(ctx) 756 req.ApplyOptions(opts...) 757 return out, req.Send() 758} 759 760const opCreateAccount = "CreateAccount" 761 762// CreateAccountRequest generates a "aws/request.Request" representing the 763// client's request for the CreateAccount operation. The "output" return 764// value will be populated with the request's response once the request completes 765// successfully. 766// 767// Use "Send" method on the returned Request to send the API call to the service. 768// the "output" return value is not valid until after Send returns without error. 769// 770// See CreateAccount for more information on using the CreateAccount 771// API call, and error handling. 772// 773// This method is useful when you want to inject custom logic or configuration 774// into the SDK's request lifecycle. Such as custom headers, or retry logic. 775// 776// 777// // Example sending a request using the CreateAccountRequest method. 778// req, resp := client.CreateAccountRequest(params) 779// 780// err := req.Send() 781// if err == nil { // resp is now filled 782// fmt.Println(resp) 783// } 784// 785// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount 786func (c *Organizations) CreateAccountRequest(input *CreateAccountInput) (req *request.Request, output *CreateAccountOutput) { 787 op := &request.Operation{ 788 Name: opCreateAccount, 789 HTTPMethod: "POST", 790 HTTPPath: "/", 791 } 792 793 if input == nil { 794 input = &CreateAccountInput{} 795 } 796 797 output = &CreateAccountOutput{} 798 req = c.newRequest(op, input, output) 799 return 800} 801 802// CreateAccount API operation for AWS Organizations. 803// 804// Creates an AWS account that is automatically a member of the organization 805// whose credentials made the request. This is an asynchronous request that 806// AWS performs in the background. Because CreateAccount operates asynchronously, 807// it can return a successful completion message even though account initialization 808// might still be in progress. You might need to wait a few minutes before you 809// can successfully access the account. To check the status of the request, 810// do one of the following: 811// 812// * Use the OperationId response element from this operation to provide 813// as a parameter to the DescribeCreateAccountStatus operation. 814// 815// * Check the AWS CloudTrail log for the CreateAccountResult event. For 816// information on using AWS CloudTrail with AWS Organizations, see Monitoring 817// the Activity in Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_monitoring.html) 818// in the AWS Organizations User Guide. 819// 820// The user who calls the API to create an account must have the organizations:CreateAccount 821// permission. If you enabled all features in the organization, AWS Organizations 822// creates the required service-linked role named AWSServiceRoleForOrganizations. 823// For more information, see AWS Organizations and Service-Linked Roles (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs) 824// in the AWS Organizations User Guide. 825// 826// AWS Organizations preconfigures the new member account with a role (named 827// OrganizationAccountAccessRole by default) that grants users in the master 828// account administrator permissions in the new member account. Principals in 829// the master account can assume the role. AWS Organizations clones the company 830// name and address information for the new account from the organization's 831// master account. 832// 833// This operation can be called only from the organization's master account. 834// 835// For more information about creating accounts, see Creating an AWS Account 836// in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html) 837// in the AWS Organizations User Guide. 838// 839// * When you create an account in an organization using the AWS Organizations 840// console, API, or CLI commands, the information required for the account 841// to operate as a standalone account, such as a payment method and signing 842// the end user license agreement (EULA) is not automatically collected. 843// If you must remove an account from your organization later, you can do 844// so only after you provide the missing information. Follow the steps at 845// To leave an organization as a member account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 846// in the AWS Organizations User Guide. 847// 848// * If you get an exception that indicates that you exceeded your account 849// limits for the organization, contact AWS Support (https://console.aws.amazon.com/support/home#/). 850// 851// * If you get an exception that indicates that the operation failed because 852// your organization is still initializing, wait one hour and then try again. 853// If the error persists, contact AWS Support (https://console.aws.amazon.com/support/home#/). 854// 855// * Using CreateAccount to create multiple temporary accounts isn't recommended. 856// You can only close an account from the Billing and Cost Management Console, 857// and you must be signed in as the root user. For information on the requirements 858// and process for closing an account, see Closing an AWS Account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html) 859// in the AWS Organizations User Guide. 860// 861// When you create a member account with this operation, you can choose whether 862// to create the account with the IAM User and Role Access to Billing Information 863// switch enabled. If you enable it, IAM users and roles that have appropriate 864// permissions can view billing information for the account. If you disable 865// it, only the account root user can access billing information. For information 866// about how to disable this switch for an account, see Granting Access to Your 867// Billing Information and Tools (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html). 868// 869// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 870// with awserr.Error's Code and Message methods to get detailed information about 871// the error. 872// 873// See the AWS API reference guide for AWS Organizations's 874// API operation CreateAccount for usage and error information. 875// 876// Returned Error Codes: 877// * ErrCodeAccessDeniedException "AccessDeniedException" 878// You don't have permissions to perform the requested operation. The user or 879// role that is making the request must have at least one IAM permissions policy 880// attached that grants the required permissions. For more information, see 881// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 882// in the IAM User Guide. 883// 884// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 885// Your account isn't a member of an organization. To make this request, you 886// must use the credentials of an account that belongs to an organization. 887// 888// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 889// The target of the operation is currently being modified by a different request. 890// Try again later. 891// 892// * ErrCodeConstraintViolationException "ConstraintViolationException" 893// Performing this operation violates a minimum or maximum value limit. For 894// example, attempting to remove the last service control policy (SCP) from 895// an OU or root, inviting or creating too many accounts to the organization, 896// or attaching too many policies to an account, OU, or root. This exception 897// includes a reason that contains additional information about the violated 898// limit. 899// 900// Some of the reasons in the following list might not be applicable to this 901// specific API or operation: 902// 903// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 904// from the organization that doesn't yet have enough information to exist 905// as a standalone account. This account requires you to first agree to the 906// AWS Customer Agreement. Follow the steps at To leave an organization when 907// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 908// in the AWS Organizations User Guide. 909// 910// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 911// an account from the organization that doesn't yet have enough information 912// to exist as a standalone account. This account requires you to first complete 913// phone verification. Follow the steps at To leave an organization when 914// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 915// in the AWS Organizations User Guide. 916// 917// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 918// of accounts that you can create in one day. 919// 920// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 921// the number of accounts in an organization. If you need more accounts, 922// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 923// request an increase in your limit. Or the number of invitations that you 924// tried to send would cause you to exceed the limit of accounts in your 925// organization. Send fewer invitations or contact AWS Support to request 926// an increase in the number of accounts. Deleted and closed accounts still 927// count toward your limit. If you get receive this exception when running 928// a command immediately after creating the organization, wait one hour and 929// try again. If after an hour it continues to fail with this error, contact 930// AWS Support (https://console.aws.amazon.com/support/home#/). 931// 932// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 933// handshakes that you can send in one day. 934// 935// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 936// in this organization, you first must migrate the organization's master 937// account to the marketplace that corresponds to the master account's address. 938// For example, accounts with India addresses must be associated with the 939// AISPL marketplace. All accounts in an organization must be associated 940// with the same marketplace. 941// 942// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 943// must first provide contact a valid address and phone number for the master 944// account. Then try the operation again. 945// 946// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 947// master account must have an associated account in the AWS GovCloud (US-West) 948// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 949// in the AWS GovCloud User Guide. 950// 951// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 952// with this master account, you first must associate a valid payment instrument, 953// such as a credit card, with the account. Follow the steps at To leave 954// an organization when all required account information has not yet been 955// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 956// in the AWS Organizations User Guide. 957// 958// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 959// number of policies of a certain type that can be attached to an entity 960// at one time. 961// 962// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 963// on this resource. 964// 965// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 966// with this member account, you first must associate a valid payment instrument, 967// such as a credit card, with the account. Follow the steps at To leave 968// an organization when all required account information has not yet been 969// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 970// in the AWS Organizations User Guide. 971// 972// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 973// policy from an entity that would cause the entity to have fewer than the 974// minimum number of policies of a certain type required. 975// 976// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 977// too many levels deep. 978// 979// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 980// that requires the organization to be configured to support all features. 981// An organization that supports only consolidated billing features can't 982// perform this operation. 983// 984// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 985// that you can have in an organization. 986// 987// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 988// policies that you can have in an organization. 989// 990// * ErrCodeInvalidInputException "InvalidInputException" 991// The requested operation failed because you provided invalid values for one 992// or more of the request parameters. This exception includes a reason that 993// contains additional information about the violated limit: 994// 995// Some of the reasons in the following list might not be applicable to this 996// specific API or operation: 997// 998// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 999// can't be modified. 1000// 1001// * INPUT_REQUIRED: You must include a value for all required parameters. 1002// 1003// * INVALID_ENUM: You specified an invalid value. 1004// 1005// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 1006// characters. 1007// 1008// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 1009// at least one invalid value. 1010// 1011// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 1012// from the response to a previous call of the operation. 1013// 1014// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 1015// organization, or email) as a party. 1016// 1017// * INVALID_PATTERN: You provided a value that doesn't match the required 1018// pattern. 1019// 1020// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 1021// match the required pattern. 1022// 1023// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 1024// name can't begin with the reserved prefix AWSServiceRoleFor. 1025// 1026// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 1027// Name (ARN) for the organization. 1028// 1029// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 1030// 1031// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 1032// tag. You can’t add, edit, or delete system tag keys because they're 1033// reserved for AWS use. System tags don’t count against your tags per 1034// resource limit. 1035// 1036// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 1037// for the operation. 1038// 1039// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 1040// than allowed. 1041// 1042// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 1043// value than allowed. 1044// 1045// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 1046// than allowed. 1047// 1048// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 1049// value than allowed. 1050// 1051// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 1052// between entities in the same root. 1053// 1054// * ErrCodeFinalizingOrganizationException "FinalizingOrganizationException" 1055// AWS Organizations couldn't perform the operation because your organization 1056// hasn't finished initializing. This can take up to an hour. Try again later. 1057// If after one hour you continue to receive this error, contact AWS Support 1058// (https://console.aws.amazon.com/support/home#/). 1059// 1060// * ErrCodeServiceException "ServiceException" 1061// AWS Organizations can't complete your request because of an internal service 1062// error. Try again later. 1063// 1064// * ErrCodeTooManyRequestsException "TooManyRequestsException" 1065// You have sent too many requests in too short a period of time. The limit 1066// helps protect against denial-of-service attacks. Try again later. 1067// 1068// For information on limits that affect AWS Organizations, see Limits of AWS 1069// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 1070// in the AWS Organizations User Guide. 1071// 1072// * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException" 1073// This action isn't available in the current Region. 1074// 1075// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount 1076func (c *Organizations) CreateAccount(input *CreateAccountInput) (*CreateAccountOutput, error) { 1077 req, out := c.CreateAccountRequest(input) 1078 return out, req.Send() 1079} 1080 1081// CreateAccountWithContext is the same as CreateAccount with the addition of 1082// the ability to pass a context and additional request options. 1083// 1084// See CreateAccount for details on how to use this API operation. 1085// 1086// The context must be non-nil and will be used for request cancellation. If 1087// the context is nil a panic will occur. In the future the SDK may create 1088// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1089// for more information on using Contexts. 1090func (c *Organizations) CreateAccountWithContext(ctx aws.Context, input *CreateAccountInput, opts ...request.Option) (*CreateAccountOutput, error) { 1091 req, out := c.CreateAccountRequest(input) 1092 req.SetContext(ctx) 1093 req.ApplyOptions(opts...) 1094 return out, req.Send() 1095} 1096 1097const opCreateGovCloudAccount = "CreateGovCloudAccount" 1098 1099// CreateGovCloudAccountRequest generates a "aws/request.Request" representing the 1100// client's request for the CreateGovCloudAccount operation. The "output" return 1101// value will be populated with the request's response once the request completes 1102// successfully. 1103// 1104// Use "Send" method on the returned Request to send the API call to the service. 1105// the "output" return value is not valid until after Send returns without error. 1106// 1107// See CreateGovCloudAccount for more information on using the CreateGovCloudAccount 1108// API call, and error handling. 1109// 1110// This method is useful when you want to inject custom logic or configuration 1111// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1112// 1113// 1114// // Example sending a request using the CreateGovCloudAccountRequest method. 1115// req, resp := client.CreateGovCloudAccountRequest(params) 1116// 1117// err := req.Send() 1118// if err == nil { // resp is now filled 1119// fmt.Println(resp) 1120// } 1121// 1122// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccount 1123func (c *Organizations) CreateGovCloudAccountRequest(input *CreateGovCloudAccountInput) (req *request.Request, output *CreateGovCloudAccountOutput) { 1124 op := &request.Operation{ 1125 Name: opCreateGovCloudAccount, 1126 HTTPMethod: "POST", 1127 HTTPPath: "/", 1128 } 1129 1130 if input == nil { 1131 input = &CreateGovCloudAccountInput{} 1132 } 1133 1134 output = &CreateGovCloudAccountOutput{} 1135 req = c.newRequest(op, input, output) 1136 return 1137} 1138 1139// CreateGovCloudAccount API operation for AWS Organizations. 1140// 1141// This action is available if all of the following are true: 1142// 1143// * You're authorized to create accounts in the AWS GovCloud (US) Region. 1144// For more information on the AWS GovCloud (US) Region, see the AWS GovCloud 1145// User Guide. (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/welcome.html) 1146// 1147// * You already have an account in the AWS GovCloud (US) Region that is 1148// associated with your master account in the commercial Region. 1149// 1150// * You call this action from the master account of your organization in 1151// the commercial Region. 1152// 1153// * You have the organizations:CreateGovCloudAccount permission. AWS Organizations 1154// creates the required service-linked role named AWSServiceRoleForOrganizations. 1155// For more information, see AWS Organizations and Service-Linked Roles (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs) 1156// in the AWS Organizations User Guide. 1157// 1158// AWS automatically enables AWS CloudTrail for AWS GovCloud (US) accounts, 1159// but you should also do the following: 1160// 1161// * Verify that AWS CloudTrail is enabled to store logs. 1162// 1163// * Create an S3 bucket for AWS CloudTrail log storage. For more information, 1164// see Verifying AWS CloudTrail Is Enabled (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/verifying-cloudtrail.html) 1165// in the AWS GovCloud User Guide. 1166// 1167// You call this action from the master account of your organization in the 1168// commercial Region to create a standalone AWS account in the AWS GovCloud 1169// (US) Region. After the account is created, the master account of an organization 1170// in the AWS GovCloud (US) Region can invite it to that organization. For more 1171// information on inviting standalone accounts in the AWS GovCloud (US) to join 1172// an organization, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 1173// in the AWS GovCloud User Guide. 1174// 1175// Calling CreateGovCloudAccount is an asynchronous request that AWS performs 1176// in the background. Because CreateGovCloudAccount operates asynchronously, 1177// it can return a successful completion message even though account initialization 1178// might still be in progress. You might need to wait a few minutes before you 1179// can successfully access the account. To check the status of the request, 1180// do one of the following: 1181// 1182// * Use the OperationId response element from this operation to provide 1183// as a parameter to the DescribeCreateAccountStatus operation. 1184// 1185// * Check the AWS CloudTrail log for the CreateAccountResult event. For 1186// information on using AWS CloudTrail with Organizations, see Monitoring 1187// the Activity in Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_monitoring.html) 1188// in the AWS Organizations User Guide. 1189// 1190// When you call the CreateGovCloudAccount action, you create two accounts: 1191// a standalone account in the AWS GovCloud (US) Region and an associated account 1192// in the commercial Region for billing and support purposes. The account in 1193// the commercial Region is automatically a member of the organization whose 1194// credentials made the request. Both accounts are associated with the same 1195// email address. 1196// 1197// A role is created in the new account in the commercial Region that allows 1198// the master account in the organization in the commercial Region to assume 1199// it. An AWS GovCloud (US) account is then created and associated with the 1200// commercial account that you just created. A role is created in the new AWS 1201// GovCloud (US) account that can be assumed by the AWS GovCloud (US) account 1202// that is associated with the master account of the commercial organization. 1203// For more information and to view a diagram that explains how account access 1204// works, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 1205// in the AWS GovCloud User Guide. 1206// 1207// For more information about creating accounts, see Creating an AWS Account 1208// in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html) 1209// in the AWS Organizations User Guide. 1210// 1211// * When you create an account in an organization using the AWS Organizations 1212// console, API, or CLI commands, the information required for the account 1213// to operate as a standalone account, such as a payment method and signing 1214// the end user license agreement (EULA) is not automatically collected. 1215// If you must remove an account from your organization later, you can do 1216// so only after you provide the missing information. Follow the steps at 1217// To leave an organization as a member account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1218// in the AWS Organizations User Guide. 1219// 1220// * If you get an exception that indicates that you exceeded your account 1221// limits for the organization, contact AWS Support (https://console.aws.amazon.com/support/home#/). 1222// 1223// * If you get an exception that indicates that the operation failed because 1224// your organization is still initializing, wait one hour and then try again. 1225// If the error persists, contact AWS Support (https://console.aws.amazon.com/support/home#/). 1226// 1227// * Using CreateGovCloudAccount to create multiple temporary accounts isn't 1228// recommended. You can only close an account from the AWS Billing and Cost 1229// Management console, and you must be signed in as the root user. For information 1230// on the requirements and process for closing an account, see Closing an 1231// AWS Account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html) 1232// in the AWS Organizations User Guide. 1233// 1234// When you create a member account with this operation, you can choose whether 1235// to create the account with the IAM User and Role Access to Billing Information 1236// switch enabled. If you enable it, IAM users and roles that have appropriate 1237// permissions can view billing information for the account. If you disable 1238// it, only the account root user can access billing information. For information 1239// about how to disable this switch for an account, see Granting Access to Your 1240// Billing Information and Tools (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html). 1241// 1242// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1243// with awserr.Error's Code and Message methods to get detailed information about 1244// the error. 1245// 1246// See the AWS API reference guide for AWS Organizations's 1247// API operation CreateGovCloudAccount for usage and error information. 1248// 1249// Returned Error Codes: 1250// * ErrCodeAccessDeniedException "AccessDeniedException" 1251// You don't have permissions to perform the requested operation. The user or 1252// role that is making the request must have at least one IAM permissions policy 1253// attached that grants the required permissions. For more information, see 1254// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 1255// in the IAM User Guide. 1256// 1257// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 1258// Your account isn't a member of an organization. To make this request, you 1259// must use the credentials of an account that belongs to an organization. 1260// 1261// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 1262// The target of the operation is currently being modified by a different request. 1263// Try again later. 1264// 1265// * ErrCodeConstraintViolationException "ConstraintViolationException" 1266// Performing this operation violates a minimum or maximum value limit. For 1267// example, attempting to remove the last service control policy (SCP) from 1268// an OU or root, inviting or creating too many accounts to the organization, 1269// or attaching too many policies to an account, OU, or root. This exception 1270// includes a reason that contains additional information about the violated 1271// limit. 1272// 1273// Some of the reasons in the following list might not be applicable to this 1274// specific API or operation: 1275// 1276// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 1277// from the organization that doesn't yet have enough information to exist 1278// as a standalone account. This account requires you to first agree to the 1279// AWS Customer Agreement. Follow the steps at To leave an organization when 1280// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1281// in the AWS Organizations User Guide. 1282// 1283// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 1284// an account from the organization that doesn't yet have enough information 1285// to exist as a standalone account. This account requires you to first complete 1286// phone verification. Follow the steps at To leave an organization when 1287// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1288// in the AWS Organizations User Guide. 1289// 1290// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 1291// of accounts that you can create in one day. 1292// 1293// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 1294// the number of accounts in an organization. If you need more accounts, 1295// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 1296// request an increase in your limit. Or the number of invitations that you 1297// tried to send would cause you to exceed the limit of accounts in your 1298// organization. Send fewer invitations or contact AWS Support to request 1299// an increase in the number of accounts. Deleted and closed accounts still 1300// count toward your limit. If you get receive this exception when running 1301// a command immediately after creating the organization, wait one hour and 1302// try again. If after an hour it continues to fail with this error, contact 1303// AWS Support (https://console.aws.amazon.com/support/home#/). 1304// 1305// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 1306// handshakes that you can send in one day. 1307// 1308// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 1309// in this organization, you first must migrate the organization's master 1310// account to the marketplace that corresponds to the master account's address. 1311// For example, accounts with India addresses must be associated with the 1312// AISPL marketplace. All accounts in an organization must be associated 1313// with the same marketplace. 1314// 1315// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 1316// must first provide contact a valid address and phone number for the master 1317// account. Then try the operation again. 1318// 1319// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 1320// master account must have an associated account in the AWS GovCloud (US-West) 1321// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 1322// in the AWS GovCloud User Guide. 1323// 1324// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 1325// with this master account, you first must associate a valid payment instrument, 1326// such as a credit card, with the account. Follow the steps at To leave 1327// an organization when all required account information has not yet been 1328// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1329// in the AWS Organizations User Guide. 1330// 1331// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 1332// number of policies of a certain type that can be attached to an entity 1333// at one time. 1334// 1335// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 1336// on this resource. 1337// 1338// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 1339// with this member account, you first must associate a valid payment instrument, 1340// such as a credit card, with the account. Follow the steps at To leave 1341// an organization when all required account information has not yet been 1342// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1343// in the AWS Organizations User Guide. 1344// 1345// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 1346// policy from an entity that would cause the entity to have fewer than the 1347// minimum number of policies of a certain type required. 1348// 1349// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 1350// too many levels deep. 1351// 1352// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 1353// that requires the organization to be configured to support all features. 1354// An organization that supports only consolidated billing features can't 1355// perform this operation. 1356// 1357// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 1358// that you can have in an organization. 1359// 1360// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 1361// policies that you can have in an organization. 1362// 1363// * ErrCodeInvalidInputException "InvalidInputException" 1364// The requested operation failed because you provided invalid values for one 1365// or more of the request parameters. This exception includes a reason that 1366// contains additional information about the violated limit: 1367// 1368// Some of the reasons in the following list might not be applicable to this 1369// specific API or operation: 1370// 1371// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 1372// can't be modified. 1373// 1374// * INPUT_REQUIRED: You must include a value for all required parameters. 1375// 1376// * INVALID_ENUM: You specified an invalid value. 1377// 1378// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 1379// characters. 1380// 1381// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 1382// at least one invalid value. 1383// 1384// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 1385// from the response to a previous call of the operation. 1386// 1387// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 1388// organization, or email) as a party. 1389// 1390// * INVALID_PATTERN: You provided a value that doesn't match the required 1391// pattern. 1392// 1393// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 1394// match the required pattern. 1395// 1396// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 1397// name can't begin with the reserved prefix AWSServiceRoleFor. 1398// 1399// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 1400// Name (ARN) for the organization. 1401// 1402// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 1403// 1404// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 1405// tag. You can’t add, edit, or delete system tag keys because they're 1406// reserved for AWS use. System tags don’t count against your tags per 1407// resource limit. 1408// 1409// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 1410// for the operation. 1411// 1412// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 1413// than allowed. 1414// 1415// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 1416// value than allowed. 1417// 1418// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 1419// than allowed. 1420// 1421// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 1422// value than allowed. 1423// 1424// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 1425// between entities in the same root. 1426// 1427// * ErrCodeFinalizingOrganizationException "FinalizingOrganizationException" 1428// AWS Organizations couldn't perform the operation because your organization 1429// hasn't finished initializing. This can take up to an hour. Try again later. 1430// If after one hour you continue to receive this error, contact AWS Support 1431// (https://console.aws.amazon.com/support/home#/). 1432// 1433// * ErrCodeServiceException "ServiceException" 1434// AWS Organizations can't complete your request because of an internal service 1435// error. Try again later. 1436// 1437// * ErrCodeTooManyRequestsException "TooManyRequestsException" 1438// You have sent too many requests in too short a period of time. The limit 1439// helps protect against denial-of-service attacks. Try again later. 1440// 1441// For information on limits that affect AWS Organizations, see Limits of AWS 1442// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 1443// in the AWS Organizations User Guide. 1444// 1445// * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException" 1446// This action isn't available in the current Region. 1447// 1448// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccount 1449func (c *Organizations) CreateGovCloudAccount(input *CreateGovCloudAccountInput) (*CreateGovCloudAccountOutput, error) { 1450 req, out := c.CreateGovCloudAccountRequest(input) 1451 return out, req.Send() 1452} 1453 1454// CreateGovCloudAccountWithContext is the same as CreateGovCloudAccount with the addition of 1455// the ability to pass a context and additional request options. 1456// 1457// See CreateGovCloudAccount for details on how to use this API operation. 1458// 1459// The context must be non-nil and will be used for request cancellation. If 1460// the context is nil a panic will occur. In the future the SDK may create 1461// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1462// for more information on using Contexts. 1463func (c *Organizations) CreateGovCloudAccountWithContext(ctx aws.Context, input *CreateGovCloudAccountInput, opts ...request.Option) (*CreateGovCloudAccountOutput, error) { 1464 req, out := c.CreateGovCloudAccountRequest(input) 1465 req.SetContext(ctx) 1466 req.ApplyOptions(opts...) 1467 return out, req.Send() 1468} 1469 1470const opCreateOrganization = "CreateOrganization" 1471 1472// CreateOrganizationRequest generates a "aws/request.Request" representing the 1473// client's request for the CreateOrganization operation. The "output" return 1474// value will be populated with the request's response once the request completes 1475// successfully. 1476// 1477// Use "Send" method on the returned Request to send the API call to the service. 1478// the "output" return value is not valid until after Send returns without error. 1479// 1480// See CreateOrganization for more information on using the CreateOrganization 1481// API call, and error handling. 1482// 1483// This method is useful when you want to inject custom logic or configuration 1484// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1485// 1486// 1487// // Example sending a request using the CreateOrganizationRequest method. 1488// req, resp := client.CreateOrganizationRequest(params) 1489// 1490// err := req.Send() 1491// if err == nil { // resp is now filled 1492// fmt.Println(resp) 1493// } 1494// 1495// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganization 1496func (c *Organizations) CreateOrganizationRequest(input *CreateOrganizationInput) (req *request.Request, output *CreateOrganizationOutput) { 1497 op := &request.Operation{ 1498 Name: opCreateOrganization, 1499 HTTPMethod: "POST", 1500 HTTPPath: "/", 1501 } 1502 1503 if input == nil { 1504 input = &CreateOrganizationInput{} 1505 } 1506 1507 output = &CreateOrganizationOutput{} 1508 req = c.newRequest(op, input, output) 1509 return 1510} 1511 1512// CreateOrganization API operation for AWS Organizations. 1513// 1514// Creates an AWS organization. The account whose user is calling the CreateOrganization 1515// operation automatically becomes the master account (https://docs.aws.amazon.com/IAM/latest/UserGuide/orgs_getting-started_concepts.html#account) 1516// of the new organization. 1517// 1518// This operation must be called using credentials from the account that is 1519// to become the new organization's master account. The principal must also 1520// have the relevant IAM permissions. 1521// 1522// By default (or if you set the FeatureSet parameter to ALL), the new organization 1523// is created with all features enabled and service control policies automatically 1524// enabled in the root. If you instead choose to create the organization supporting 1525// only the consolidated billing features by setting the FeatureSet parameter 1526// to CONSOLIDATED_BILLING", no policy types are enabled by default, and you 1527// can't use organization policies. 1528// 1529// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1530// with awserr.Error's Code and Message methods to get detailed information about 1531// the error. 1532// 1533// See the AWS API reference guide for AWS Organizations's 1534// API operation CreateOrganization for usage and error information. 1535// 1536// Returned Error Codes: 1537// * ErrCodeAccessDeniedException "AccessDeniedException" 1538// You don't have permissions to perform the requested operation. The user or 1539// role that is making the request must have at least one IAM permissions policy 1540// attached that grants the required permissions. For more information, see 1541// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 1542// in the IAM User Guide. 1543// 1544// * ErrCodeAlreadyInOrganizationException "AlreadyInOrganizationException" 1545// This account is already a member of an organization. An account can belong 1546// to only one organization at a time. 1547// 1548// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 1549// The target of the operation is currently being modified by a different request. 1550// Try again later. 1551// 1552// * ErrCodeConstraintViolationException "ConstraintViolationException" 1553// Performing this operation violates a minimum or maximum value limit. For 1554// example, attempting to remove the last service control policy (SCP) from 1555// an OU or root, inviting or creating too many accounts to the organization, 1556// or attaching too many policies to an account, OU, or root. This exception 1557// includes a reason that contains additional information about the violated 1558// limit. 1559// 1560// Some of the reasons in the following list might not be applicable to this 1561// specific API or operation: 1562// 1563// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 1564// from the organization that doesn't yet have enough information to exist 1565// as a standalone account. This account requires you to first agree to the 1566// AWS Customer Agreement. Follow the steps at To leave an organization when 1567// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1568// in the AWS Organizations User Guide. 1569// 1570// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 1571// an account from the organization that doesn't yet have enough information 1572// to exist as a standalone account. This account requires you to first complete 1573// phone verification. Follow the steps at To leave an organization when 1574// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1575// in the AWS Organizations User Guide. 1576// 1577// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 1578// of accounts that you can create in one day. 1579// 1580// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 1581// the number of accounts in an organization. If you need more accounts, 1582// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 1583// request an increase in your limit. Or the number of invitations that you 1584// tried to send would cause you to exceed the limit of accounts in your 1585// organization. Send fewer invitations or contact AWS Support to request 1586// an increase in the number of accounts. Deleted and closed accounts still 1587// count toward your limit. If you get receive this exception when running 1588// a command immediately after creating the organization, wait one hour and 1589// try again. If after an hour it continues to fail with this error, contact 1590// AWS Support (https://console.aws.amazon.com/support/home#/). 1591// 1592// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 1593// handshakes that you can send in one day. 1594// 1595// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 1596// in this organization, you first must migrate the organization's master 1597// account to the marketplace that corresponds to the master account's address. 1598// For example, accounts with India addresses must be associated with the 1599// AISPL marketplace. All accounts in an organization must be associated 1600// with the same marketplace. 1601// 1602// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 1603// must first provide contact a valid address and phone number for the master 1604// account. Then try the operation again. 1605// 1606// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 1607// master account must have an associated account in the AWS GovCloud (US-West) 1608// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 1609// in the AWS GovCloud User Guide. 1610// 1611// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 1612// with this master account, you first must associate a valid payment instrument, 1613// such as a credit card, with the account. Follow the steps at To leave 1614// an organization when all required account information has not yet been 1615// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1616// in the AWS Organizations User Guide. 1617// 1618// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 1619// number of policies of a certain type that can be attached to an entity 1620// at one time. 1621// 1622// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 1623// on this resource. 1624// 1625// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 1626// with this member account, you first must associate a valid payment instrument, 1627// such as a credit card, with the account. Follow the steps at To leave 1628// an organization when all required account information has not yet been 1629// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1630// in the AWS Organizations User Guide. 1631// 1632// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 1633// policy from an entity that would cause the entity to have fewer than the 1634// minimum number of policies of a certain type required. 1635// 1636// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 1637// too many levels deep. 1638// 1639// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 1640// that requires the organization to be configured to support all features. 1641// An organization that supports only consolidated billing features can't 1642// perform this operation. 1643// 1644// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 1645// that you can have in an organization. 1646// 1647// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 1648// policies that you can have in an organization. 1649// 1650// * ErrCodeInvalidInputException "InvalidInputException" 1651// The requested operation failed because you provided invalid values for one 1652// or more of the request parameters. This exception includes a reason that 1653// contains additional information about the violated limit: 1654// 1655// Some of the reasons in the following list might not be applicable to this 1656// specific API or operation: 1657// 1658// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 1659// can't be modified. 1660// 1661// * INPUT_REQUIRED: You must include a value for all required parameters. 1662// 1663// * INVALID_ENUM: You specified an invalid value. 1664// 1665// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 1666// characters. 1667// 1668// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 1669// at least one invalid value. 1670// 1671// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 1672// from the response to a previous call of the operation. 1673// 1674// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 1675// organization, or email) as a party. 1676// 1677// * INVALID_PATTERN: You provided a value that doesn't match the required 1678// pattern. 1679// 1680// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 1681// match the required pattern. 1682// 1683// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 1684// name can't begin with the reserved prefix AWSServiceRoleFor. 1685// 1686// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 1687// Name (ARN) for the organization. 1688// 1689// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 1690// 1691// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 1692// tag. You can’t add, edit, or delete system tag keys because they're 1693// reserved for AWS use. System tags don’t count against your tags per 1694// resource limit. 1695// 1696// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 1697// for the operation. 1698// 1699// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 1700// than allowed. 1701// 1702// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 1703// value than allowed. 1704// 1705// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 1706// than allowed. 1707// 1708// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 1709// value than allowed. 1710// 1711// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 1712// between entities in the same root. 1713// 1714// * ErrCodeServiceException "ServiceException" 1715// AWS Organizations can't complete your request because of an internal service 1716// error. Try again later. 1717// 1718// * ErrCodeTooManyRequestsException "TooManyRequestsException" 1719// You have sent too many requests in too short a period of time. The limit 1720// helps protect against denial-of-service attacks. Try again later. 1721// 1722// For information on limits that affect AWS Organizations, see Limits of AWS 1723// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 1724// in the AWS Organizations User Guide. 1725// 1726// * ErrCodeAccessDeniedForDependencyException "AccessDeniedForDependencyException" 1727// The operation that you attempted requires you to have the iam:CreateServiceLinkedRole 1728// for organizations.amazonaws.com permission so that AWS Organizations can 1729// create the required service-linked role. You don't have that permission. 1730// 1731// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganization 1732func (c *Organizations) CreateOrganization(input *CreateOrganizationInput) (*CreateOrganizationOutput, error) { 1733 req, out := c.CreateOrganizationRequest(input) 1734 return out, req.Send() 1735} 1736 1737// CreateOrganizationWithContext is the same as CreateOrganization with the addition of 1738// the ability to pass a context and additional request options. 1739// 1740// See CreateOrganization for details on how to use this API operation. 1741// 1742// The context must be non-nil and will be used for request cancellation. If 1743// the context is nil a panic will occur. In the future the SDK may create 1744// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1745// for more information on using Contexts. 1746func (c *Organizations) CreateOrganizationWithContext(ctx aws.Context, input *CreateOrganizationInput, opts ...request.Option) (*CreateOrganizationOutput, error) { 1747 req, out := c.CreateOrganizationRequest(input) 1748 req.SetContext(ctx) 1749 req.ApplyOptions(opts...) 1750 return out, req.Send() 1751} 1752 1753const opCreateOrganizationalUnit = "CreateOrganizationalUnit" 1754 1755// CreateOrganizationalUnitRequest generates a "aws/request.Request" representing the 1756// client's request for the CreateOrganizationalUnit operation. The "output" return 1757// value will be populated with the request's response once the request completes 1758// successfully. 1759// 1760// Use "Send" method on the returned Request to send the API call to the service. 1761// the "output" return value is not valid until after Send returns without error. 1762// 1763// See CreateOrganizationalUnit for more information on using the CreateOrganizationalUnit 1764// API call, and error handling. 1765// 1766// This method is useful when you want to inject custom logic or configuration 1767// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1768// 1769// 1770// // Example sending a request using the CreateOrganizationalUnitRequest method. 1771// req, resp := client.CreateOrganizationalUnitRequest(params) 1772// 1773// err := req.Send() 1774// if err == nil { // resp is now filled 1775// fmt.Println(resp) 1776// } 1777// 1778// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationalUnit 1779func (c *Organizations) CreateOrganizationalUnitRequest(input *CreateOrganizationalUnitInput) (req *request.Request, output *CreateOrganizationalUnitOutput) { 1780 op := &request.Operation{ 1781 Name: opCreateOrganizationalUnit, 1782 HTTPMethod: "POST", 1783 HTTPPath: "/", 1784 } 1785 1786 if input == nil { 1787 input = &CreateOrganizationalUnitInput{} 1788 } 1789 1790 output = &CreateOrganizationalUnitOutput{} 1791 req = c.newRequest(op, input, output) 1792 return 1793} 1794 1795// CreateOrganizationalUnit API operation for AWS Organizations. 1796// 1797// Creates an organizational unit (OU) within a root or parent OU. An OU is 1798// a container for accounts that enables you to organize your accounts to apply 1799// policies according to your business requirements. The number of levels deep 1800// that you can nest OUs is dependent upon the policy types enabled for that 1801// root. For service control policies, the limit is five. 1802// 1803// For more information about OUs, see Managing Organizational Units (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_ous.html) 1804// in the AWS Organizations User Guide. 1805// 1806// This operation can be called only from the organization's master account. 1807// 1808// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1809// with awserr.Error's Code and Message methods to get detailed information about 1810// the error. 1811// 1812// See the AWS API reference guide for AWS Organizations's 1813// API operation CreateOrganizationalUnit for usage and error information. 1814// 1815// Returned Error Codes: 1816// * ErrCodeAccessDeniedException "AccessDeniedException" 1817// You don't have permissions to perform the requested operation. The user or 1818// role that is making the request must have at least one IAM permissions policy 1819// attached that grants the required permissions. For more information, see 1820// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 1821// in the IAM User Guide. 1822// 1823// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 1824// Your account isn't a member of an organization. To make this request, you 1825// must use the credentials of an account that belongs to an organization. 1826// 1827// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 1828// The target of the operation is currently being modified by a different request. 1829// Try again later. 1830// 1831// * ErrCodeConstraintViolationException "ConstraintViolationException" 1832// Performing this operation violates a minimum or maximum value limit. For 1833// example, attempting to remove the last service control policy (SCP) from 1834// an OU or root, inviting or creating too many accounts to the organization, 1835// or attaching too many policies to an account, OU, or root. This exception 1836// includes a reason that contains additional information about the violated 1837// limit. 1838// 1839// Some of the reasons in the following list might not be applicable to this 1840// specific API or operation: 1841// 1842// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 1843// from the organization that doesn't yet have enough information to exist 1844// as a standalone account. This account requires you to first agree to the 1845// AWS Customer Agreement. Follow the steps at To leave an organization when 1846// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1847// in the AWS Organizations User Guide. 1848// 1849// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 1850// an account from the organization that doesn't yet have enough information 1851// to exist as a standalone account. This account requires you to first complete 1852// phone verification. Follow the steps at To leave an organization when 1853// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1854// in the AWS Organizations User Guide. 1855// 1856// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 1857// of accounts that you can create in one day. 1858// 1859// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 1860// the number of accounts in an organization. If you need more accounts, 1861// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 1862// request an increase in your limit. Or the number of invitations that you 1863// tried to send would cause you to exceed the limit of accounts in your 1864// organization. Send fewer invitations or contact AWS Support to request 1865// an increase in the number of accounts. Deleted and closed accounts still 1866// count toward your limit. If you get receive this exception when running 1867// a command immediately after creating the organization, wait one hour and 1868// try again. If after an hour it continues to fail with this error, contact 1869// AWS Support (https://console.aws.amazon.com/support/home#/). 1870// 1871// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 1872// handshakes that you can send in one day. 1873// 1874// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 1875// in this organization, you first must migrate the organization's master 1876// account to the marketplace that corresponds to the master account's address. 1877// For example, accounts with India addresses must be associated with the 1878// AISPL marketplace. All accounts in an organization must be associated 1879// with the same marketplace. 1880// 1881// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 1882// must first provide contact a valid address and phone number for the master 1883// account. Then try the operation again. 1884// 1885// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 1886// master account must have an associated account in the AWS GovCloud (US-West) 1887// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 1888// in the AWS GovCloud User Guide. 1889// 1890// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 1891// with this master account, you first must associate a valid payment instrument, 1892// such as a credit card, with the account. Follow the steps at To leave 1893// an organization when all required account information has not yet been 1894// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1895// in the AWS Organizations User Guide. 1896// 1897// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 1898// number of policies of a certain type that can be attached to an entity 1899// at one time. 1900// 1901// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 1902// on this resource. 1903// 1904// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 1905// with this member account, you first must associate a valid payment instrument, 1906// such as a credit card, with the account. Follow the steps at To leave 1907// an organization when all required account information has not yet been 1908// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1909// in the AWS Organizations User Guide. 1910// 1911// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 1912// policy from an entity that would cause the entity to have fewer than the 1913// minimum number of policies of a certain type required. 1914// 1915// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 1916// too many levels deep. 1917// 1918// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 1919// that requires the organization to be configured to support all features. 1920// An organization that supports only consolidated billing features can't 1921// perform this operation. 1922// 1923// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 1924// that you can have in an organization. 1925// 1926// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 1927// policies that you can have in an organization. 1928// 1929// * ErrCodeDuplicateOrganizationalUnitException "DuplicateOrganizationalUnitException" 1930// An OU with the same name already exists. 1931// 1932// * ErrCodeInvalidInputException "InvalidInputException" 1933// The requested operation failed because you provided invalid values for one 1934// or more of the request parameters. This exception includes a reason that 1935// contains additional information about the violated limit: 1936// 1937// Some of the reasons in the following list might not be applicable to this 1938// specific API or operation: 1939// 1940// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 1941// can't be modified. 1942// 1943// * INPUT_REQUIRED: You must include a value for all required parameters. 1944// 1945// * INVALID_ENUM: You specified an invalid value. 1946// 1947// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 1948// characters. 1949// 1950// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 1951// at least one invalid value. 1952// 1953// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 1954// from the response to a previous call of the operation. 1955// 1956// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 1957// organization, or email) as a party. 1958// 1959// * INVALID_PATTERN: You provided a value that doesn't match the required 1960// pattern. 1961// 1962// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 1963// match the required pattern. 1964// 1965// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 1966// name can't begin with the reserved prefix AWSServiceRoleFor. 1967// 1968// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 1969// Name (ARN) for the organization. 1970// 1971// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 1972// 1973// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 1974// tag. You can’t add, edit, or delete system tag keys because they're 1975// reserved for AWS use. System tags don’t count against your tags per 1976// resource limit. 1977// 1978// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 1979// for the operation. 1980// 1981// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 1982// than allowed. 1983// 1984// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 1985// value than allowed. 1986// 1987// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 1988// than allowed. 1989// 1990// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 1991// value than allowed. 1992// 1993// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 1994// between entities in the same root. 1995// 1996// * ErrCodeParentNotFoundException "ParentNotFoundException" 1997// We can't find a root or OU with the ParentId that you specified. 1998// 1999// * ErrCodeServiceException "ServiceException" 2000// AWS Organizations can't complete your request because of an internal service 2001// error. Try again later. 2002// 2003// * ErrCodeTooManyRequestsException "TooManyRequestsException" 2004// You have sent too many requests in too short a period of time. The limit 2005// helps protect against denial-of-service attacks. Try again later. 2006// 2007// For information on limits that affect AWS Organizations, see Limits of AWS 2008// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 2009// in the AWS Organizations User Guide. 2010// 2011// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationalUnit 2012func (c *Organizations) CreateOrganizationalUnit(input *CreateOrganizationalUnitInput) (*CreateOrganizationalUnitOutput, error) { 2013 req, out := c.CreateOrganizationalUnitRequest(input) 2014 return out, req.Send() 2015} 2016 2017// CreateOrganizationalUnitWithContext is the same as CreateOrganizationalUnit with the addition of 2018// the ability to pass a context and additional request options. 2019// 2020// See CreateOrganizationalUnit for details on how to use this API operation. 2021// 2022// The context must be non-nil and will be used for request cancellation. If 2023// the context is nil a panic will occur. In the future the SDK may create 2024// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2025// for more information on using Contexts. 2026func (c *Organizations) CreateOrganizationalUnitWithContext(ctx aws.Context, input *CreateOrganizationalUnitInput, opts ...request.Option) (*CreateOrganizationalUnitOutput, error) { 2027 req, out := c.CreateOrganizationalUnitRequest(input) 2028 req.SetContext(ctx) 2029 req.ApplyOptions(opts...) 2030 return out, req.Send() 2031} 2032 2033const opCreatePolicy = "CreatePolicy" 2034 2035// CreatePolicyRequest generates a "aws/request.Request" representing the 2036// client's request for the CreatePolicy operation. The "output" return 2037// value will be populated with the request's response once the request completes 2038// successfully. 2039// 2040// Use "Send" method on the returned Request to send the API call to the service. 2041// the "output" return value is not valid until after Send returns without error. 2042// 2043// See CreatePolicy for more information on using the CreatePolicy 2044// API call, and error handling. 2045// 2046// This method is useful when you want to inject custom logic or configuration 2047// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2048// 2049// 2050// // Example sending a request using the CreatePolicyRequest method. 2051// req, resp := client.CreatePolicyRequest(params) 2052// 2053// err := req.Send() 2054// if err == nil { // resp is now filled 2055// fmt.Println(resp) 2056// } 2057// 2058// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicy 2059func (c *Organizations) CreatePolicyRequest(input *CreatePolicyInput) (req *request.Request, output *CreatePolicyOutput) { 2060 op := &request.Operation{ 2061 Name: opCreatePolicy, 2062 HTTPMethod: "POST", 2063 HTTPPath: "/", 2064 } 2065 2066 if input == nil { 2067 input = &CreatePolicyInput{} 2068 } 2069 2070 output = &CreatePolicyOutput{} 2071 req = c.newRequest(op, input, output) 2072 return 2073} 2074 2075// CreatePolicy API operation for AWS Organizations. 2076// 2077// Creates a policy of a specified type that you can attach to a root, an organizational 2078// unit (OU), or an individual AWS account. 2079// 2080// For more information about policies and their use, see Managing Organization 2081// Policies (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html). 2082// 2083// This operation can be called only from the organization's master account. 2084// 2085// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2086// with awserr.Error's Code and Message methods to get detailed information about 2087// the error. 2088// 2089// See the AWS API reference guide for AWS Organizations's 2090// API operation CreatePolicy for usage and error information. 2091// 2092// Returned Error Codes: 2093// * ErrCodeAccessDeniedException "AccessDeniedException" 2094// You don't have permissions to perform the requested operation. The user or 2095// role that is making the request must have at least one IAM permissions policy 2096// attached that grants the required permissions. For more information, see 2097// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 2098// in the IAM User Guide. 2099// 2100// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 2101// Your account isn't a member of an organization. To make this request, you 2102// must use the credentials of an account that belongs to an organization. 2103// 2104// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 2105// The target of the operation is currently being modified by a different request. 2106// Try again later. 2107// 2108// * ErrCodeConstraintViolationException "ConstraintViolationException" 2109// Performing this operation violates a minimum or maximum value limit. For 2110// example, attempting to remove the last service control policy (SCP) from 2111// an OU or root, inviting or creating too many accounts to the organization, 2112// or attaching too many policies to an account, OU, or root. This exception 2113// includes a reason that contains additional information about the violated 2114// limit. 2115// 2116// Some of the reasons in the following list might not be applicable to this 2117// specific API or operation: 2118// 2119// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 2120// from the organization that doesn't yet have enough information to exist 2121// as a standalone account. This account requires you to first agree to the 2122// AWS Customer Agreement. Follow the steps at To leave an organization when 2123// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 2124// in the AWS Organizations User Guide. 2125// 2126// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 2127// an account from the organization that doesn't yet have enough information 2128// to exist as a standalone account. This account requires you to first complete 2129// phone verification. Follow the steps at To leave an organization when 2130// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 2131// in the AWS Organizations User Guide. 2132// 2133// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 2134// of accounts that you can create in one day. 2135// 2136// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 2137// the number of accounts in an organization. If you need more accounts, 2138// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 2139// request an increase in your limit. Or the number of invitations that you 2140// tried to send would cause you to exceed the limit of accounts in your 2141// organization. Send fewer invitations or contact AWS Support to request 2142// an increase in the number of accounts. Deleted and closed accounts still 2143// count toward your limit. If you get receive this exception when running 2144// a command immediately after creating the organization, wait one hour and 2145// try again. If after an hour it continues to fail with this error, contact 2146// AWS Support (https://console.aws.amazon.com/support/home#/). 2147// 2148// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 2149// handshakes that you can send in one day. 2150// 2151// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 2152// in this organization, you first must migrate the organization's master 2153// account to the marketplace that corresponds to the master account's address. 2154// For example, accounts with India addresses must be associated with the 2155// AISPL marketplace. All accounts in an organization must be associated 2156// with the same marketplace. 2157// 2158// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 2159// must first provide contact a valid address and phone number for the master 2160// account. Then try the operation again. 2161// 2162// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 2163// master account must have an associated account in the AWS GovCloud (US-West) 2164// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 2165// in the AWS GovCloud User Guide. 2166// 2167// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 2168// with this master account, you first must associate a valid payment instrument, 2169// such as a credit card, with the account. Follow the steps at To leave 2170// an organization when all required account information has not yet been 2171// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 2172// in the AWS Organizations User Guide. 2173// 2174// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 2175// number of policies of a certain type that can be attached to an entity 2176// at one time. 2177// 2178// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 2179// on this resource. 2180// 2181// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 2182// with this member account, you first must associate a valid payment instrument, 2183// such as a credit card, with the account. Follow the steps at To leave 2184// an organization when all required account information has not yet been 2185// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 2186// in the AWS Organizations User Guide. 2187// 2188// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 2189// policy from an entity that would cause the entity to have fewer than the 2190// minimum number of policies of a certain type required. 2191// 2192// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 2193// too many levels deep. 2194// 2195// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 2196// that requires the organization to be configured to support all features. 2197// An organization that supports only consolidated billing features can't 2198// perform this operation. 2199// 2200// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 2201// that you can have in an organization. 2202// 2203// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 2204// policies that you can have in an organization. 2205// 2206// * ErrCodeDuplicatePolicyException "DuplicatePolicyException" 2207// A policy with the same name already exists. 2208// 2209// * ErrCodeInvalidInputException "InvalidInputException" 2210// The requested operation failed because you provided invalid values for one 2211// or more of the request parameters. This exception includes a reason that 2212// contains additional information about the violated limit: 2213// 2214// Some of the reasons in the following list might not be applicable to this 2215// specific API or operation: 2216// 2217// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 2218// can't be modified. 2219// 2220// * INPUT_REQUIRED: You must include a value for all required parameters. 2221// 2222// * INVALID_ENUM: You specified an invalid value. 2223// 2224// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 2225// characters. 2226// 2227// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 2228// at least one invalid value. 2229// 2230// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 2231// from the response to a previous call of the operation. 2232// 2233// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 2234// organization, or email) as a party. 2235// 2236// * INVALID_PATTERN: You provided a value that doesn't match the required 2237// pattern. 2238// 2239// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 2240// match the required pattern. 2241// 2242// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 2243// name can't begin with the reserved prefix AWSServiceRoleFor. 2244// 2245// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 2246// Name (ARN) for the organization. 2247// 2248// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 2249// 2250// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 2251// tag. You can’t add, edit, or delete system tag keys because they're 2252// reserved for AWS use. System tags don’t count against your tags per 2253// resource limit. 2254// 2255// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 2256// for the operation. 2257// 2258// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 2259// than allowed. 2260// 2261// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 2262// value than allowed. 2263// 2264// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 2265// than allowed. 2266// 2267// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 2268// value than allowed. 2269// 2270// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 2271// between entities in the same root. 2272// 2273// * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocumentException" 2274// The provided policy document doesn't meet the requirements of the specified 2275// policy type. For example, the syntax might be incorrect. For details about 2276// service control policy syntax, see Service Control Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html) 2277// in the AWS Organizations User Guide. 2278// 2279// * ErrCodePolicyTypeNotAvailableForOrganizationException "PolicyTypeNotAvailableForOrganizationException" 2280// You can't use the specified policy type with the feature set currently enabled 2281// for this organization. For example, you can enable SCPs only after you enable 2282// all features in the organization. For more information, see Enabling and 2283// Disabling a Policy Type on a Root (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root) 2284// in the AWS Organizations User Guide. 2285// 2286// * ErrCodeServiceException "ServiceException" 2287// AWS Organizations can't complete your request because of an internal service 2288// error. Try again later. 2289// 2290// * ErrCodeTooManyRequestsException "TooManyRequestsException" 2291// You have sent too many requests in too short a period of time. The limit 2292// helps protect against denial-of-service attacks. Try again later. 2293// 2294// For information on limits that affect AWS Organizations, see Limits of AWS 2295// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 2296// in the AWS Organizations User Guide. 2297// 2298// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicy 2299func (c *Organizations) CreatePolicy(input *CreatePolicyInput) (*CreatePolicyOutput, error) { 2300 req, out := c.CreatePolicyRequest(input) 2301 return out, req.Send() 2302} 2303 2304// CreatePolicyWithContext is the same as CreatePolicy with the addition of 2305// the ability to pass a context and additional request options. 2306// 2307// See CreatePolicy for details on how to use this API operation. 2308// 2309// The context must be non-nil and will be used for request cancellation. If 2310// the context is nil a panic will occur. In the future the SDK may create 2311// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2312// for more information on using Contexts. 2313func (c *Organizations) CreatePolicyWithContext(ctx aws.Context, input *CreatePolicyInput, opts ...request.Option) (*CreatePolicyOutput, error) { 2314 req, out := c.CreatePolicyRequest(input) 2315 req.SetContext(ctx) 2316 req.ApplyOptions(opts...) 2317 return out, req.Send() 2318} 2319 2320const opDeclineHandshake = "DeclineHandshake" 2321 2322// DeclineHandshakeRequest generates a "aws/request.Request" representing the 2323// client's request for the DeclineHandshake operation. The "output" return 2324// value will be populated with the request's response once the request completes 2325// successfully. 2326// 2327// Use "Send" method on the returned Request to send the API call to the service. 2328// the "output" return value is not valid until after Send returns without error. 2329// 2330// See DeclineHandshake for more information on using the DeclineHandshake 2331// API call, and error handling. 2332// 2333// This method is useful when you want to inject custom logic or configuration 2334// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2335// 2336// 2337// // Example sending a request using the DeclineHandshakeRequest method. 2338// req, resp := client.DeclineHandshakeRequest(params) 2339// 2340// err := req.Send() 2341// if err == nil { // resp is now filled 2342// fmt.Println(resp) 2343// } 2344// 2345// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeclineHandshake 2346func (c *Organizations) DeclineHandshakeRequest(input *DeclineHandshakeInput) (req *request.Request, output *DeclineHandshakeOutput) { 2347 op := &request.Operation{ 2348 Name: opDeclineHandshake, 2349 HTTPMethod: "POST", 2350 HTTPPath: "/", 2351 } 2352 2353 if input == nil { 2354 input = &DeclineHandshakeInput{} 2355 } 2356 2357 output = &DeclineHandshakeOutput{} 2358 req = c.newRequest(op, input, output) 2359 return 2360} 2361 2362// DeclineHandshake API operation for AWS Organizations. 2363// 2364// Declines a handshake request. This sets the handshake state to DECLINED and 2365// effectively deactivates the request. 2366// 2367// This operation can be called only from the account that received the handshake. 2368// The originator of the handshake can use CancelHandshake instead. The originator 2369// can't reactivate a declined request, but can reinitiate the process with 2370// a new handshake request. 2371// 2372// After you decline a handshake, it continues to appear in the results of relevant 2373// APIs for only 30 days. After that, it's deleted. 2374// 2375// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2376// with awserr.Error's Code and Message methods to get detailed information about 2377// the error. 2378// 2379// See the AWS API reference guide for AWS Organizations's 2380// API operation DeclineHandshake for usage and error information. 2381// 2382// Returned Error Codes: 2383// * ErrCodeAccessDeniedException "AccessDeniedException" 2384// You don't have permissions to perform the requested operation. The user or 2385// role that is making the request must have at least one IAM permissions policy 2386// attached that grants the required permissions. For more information, see 2387// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 2388// in the IAM User Guide. 2389// 2390// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 2391// The target of the operation is currently being modified by a different request. 2392// Try again later. 2393// 2394// * ErrCodeHandshakeNotFoundException "HandshakeNotFoundException" 2395// We can't find a handshake with the HandshakeId that you specified. 2396// 2397// * ErrCodeInvalidHandshakeTransitionException "InvalidHandshakeTransitionException" 2398// You can't perform the operation on the handshake in its current state. For 2399// example, you can't cancel a handshake that was already accepted or accept 2400// a handshake that was already declined. 2401// 2402// * ErrCodeHandshakeAlreadyInStateException "HandshakeAlreadyInStateException" 2403// The specified handshake is already in the requested state. For example, you 2404// can't accept a handshake that was already accepted. 2405// 2406// * ErrCodeInvalidInputException "InvalidInputException" 2407// The requested operation failed because you provided invalid values for one 2408// or more of the request parameters. This exception includes a reason that 2409// contains additional information about the violated limit: 2410// 2411// Some of the reasons in the following list might not be applicable to this 2412// specific API or operation: 2413// 2414// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 2415// can't be modified. 2416// 2417// * INPUT_REQUIRED: You must include a value for all required parameters. 2418// 2419// * INVALID_ENUM: You specified an invalid value. 2420// 2421// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 2422// characters. 2423// 2424// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 2425// at least one invalid value. 2426// 2427// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 2428// from the response to a previous call of the operation. 2429// 2430// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 2431// organization, or email) as a party. 2432// 2433// * INVALID_PATTERN: You provided a value that doesn't match the required 2434// pattern. 2435// 2436// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 2437// match the required pattern. 2438// 2439// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 2440// name can't begin with the reserved prefix AWSServiceRoleFor. 2441// 2442// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 2443// Name (ARN) for the organization. 2444// 2445// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 2446// 2447// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 2448// tag. You can’t add, edit, or delete system tag keys because they're 2449// reserved for AWS use. System tags don’t count against your tags per 2450// resource limit. 2451// 2452// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 2453// for the operation. 2454// 2455// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 2456// than allowed. 2457// 2458// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 2459// value than allowed. 2460// 2461// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 2462// than allowed. 2463// 2464// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 2465// value than allowed. 2466// 2467// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 2468// between entities in the same root. 2469// 2470// * ErrCodeServiceException "ServiceException" 2471// AWS Organizations can't complete your request because of an internal service 2472// error. Try again later. 2473// 2474// * ErrCodeTooManyRequestsException "TooManyRequestsException" 2475// You have sent too many requests in too short a period of time. The limit 2476// helps protect against denial-of-service attacks. Try again later. 2477// 2478// For information on limits that affect AWS Organizations, see Limits of AWS 2479// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 2480// in the AWS Organizations User Guide. 2481// 2482// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeclineHandshake 2483func (c *Organizations) DeclineHandshake(input *DeclineHandshakeInput) (*DeclineHandshakeOutput, error) { 2484 req, out := c.DeclineHandshakeRequest(input) 2485 return out, req.Send() 2486} 2487 2488// DeclineHandshakeWithContext is the same as DeclineHandshake with the addition of 2489// the ability to pass a context and additional request options. 2490// 2491// See DeclineHandshake for details on how to use this API operation. 2492// 2493// The context must be non-nil and will be used for request cancellation. If 2494// the context is nil a panic will occur. In the future the SDK may create 2495// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2496// for more information on using Contexts. 2497func (c *Organizations) DeclineHandshakeWithContext(ctx aws.Context, input *DeclineHandshakeInput, opts ...request.Option) (*DeclineHandshakeOutput, error) { 2498 req, out := c.DeclineHandshakeRequest(input) 2499 req.SetContext(ctx) 2500 req.ApplyOptions(opts...) 2501 return out, req.Send() 2502} 2503 2504const opDeleteOrganization = "DeleteOrganization" 2505 2506// DeleteOrganizationRequest generates a "aws/request.Request" representing the 2507// client's request for the DeleteOrganization operation. The "output" return 2508// value will be populated with the request's response once the request completes 2509// successfully. 2510// 2511// Use "Send" method on the returned Request to send the API call to the service. 2512// the "output" return value is not valid until after Send returns without error. 2513// 2514// See DeleteOrganization for more information on using the DeleteOrganization 2515// API call, and error handling. 2516// 2517// This method is useful when you want to inject custom logic or configuration 2518// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2519// 2520// 2521// // Example sending a request using the DeleteOrganizationRequest method. 2522// req, resp := client.DeleteOrganizationRequest(params) 2523// 2524// err := req.Send() 2525// if err == nil { // resp is now filled 2526// fmt.Println(resp) 2527// } 2528// 2529// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganization 2530func (c *Organizations) DeleteOrganizationRequest(input *DeleteOrganizationInput) (req *request.Request, output *DeleteOrganizationOutput) { 2531 op := &request.Operation{ 2532 Name: opDeleteOrganization, 2533 HTTPMethod: "POST", 2534 HTTPPath: "/", 2535 } 2536 2537 if input == nil { 2538 input = &DeleteOrganizationInput{} 2539 } 2540 2541 output = &DeleteOrganizationOutput{} 2542 req = c.newRequest(op, input, output) 2543 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2544 return 2545} 2546 2547// DeleteOrganization API operation for AWS Organizations. 2548// 2549// Deletes the organization. You can delete an organization only by using credentials 2550// from the master account. The organization must be empty of member accounts. 2551// 2552// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2553// with awserr.Error's Code and Message methods to get detailed information about 2554// the error. 2555// 2556// See the AWS API reference guide for AWS Organizations's 2557// API operation DeleteOrganization for usage and error information. 2558// 2559// Returned Error Codes: 2560// * ErrCodeAccessDeniedException "AccessDeniedException" 2561// You don't have permissions to perform the requested operation. The user or 2562// role that is making the request must have at least one IAM permissions policy 2563// attached that grants the required permissions. For more information, see 2564// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 2565// in the IAM User Guide. 2566// 2567// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 2568// Your account isn't a member of an organization. To make this request, you 2569// must use the credentials of an account that belongs to an organization. 2570// 2571// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 2572// The target of the operation is currently being modified by a different request. 2573// Try again later. 2574// 2575// * ErrCodeInvalidInputException "InvalidInputException" 2576// The requested operation failed because you provided invalid values for one 2577// or more of the request parameters. This exception includes a reason that 2578// contains additional information about the violated limit: 2579// 2580// Some of the reasons in the following list might not be applicable to this 2581// specific API or operation: 2582// 2583// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 2584// can't be modified. 2585// 2586// * INPUT_REQUIRED: You must include a value for all required parameters. 2587// 2588// * INVALID_ENUM: You specified an invalid value. 2589// 2590// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 2591// characters. 2592// 2593// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 2594// at least one invalid value. 2595// 2596// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 2597// from the response to a previous call of the operation. 2598// 2599// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 2600// organization, or email) as a party. 2601// 2602// * INVALID_PATTERN: You provided a value that doesn't match the required 2603// pattern. 2604// 2605// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 2606// match the required pattern. 2607// 2608// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 2609// name can't begin with the reserved prefix AWSServiceRoleFor. 2610// 2611// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 2612// Name (ARN) for the organization. 2613// 2614// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 2615// 2616// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 2617// tag. You can’t add, edit, or delete system tag keys because they're 2618// reserved for AWS use. System tags don’t count against your tags per 2619// resource limit. 2620// 2621// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 2622// for the operation. 2623// 2624// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 2625// than allowed. 2626// 2627// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 2628// value than allowed. 2629// 2630// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 2631// than allowed. 2632// 2633// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 2634// value than allowed. 2635// 2636// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 2637// between entities in the same root. 2638// 2639// * ErrCodeOrganizationNotEmptyException "OrganizationNotEmptyException" 2640// The organization isn't empty. To delete an organization, you must first remove 2641// all accounts except the master account, delete all OUs, and delete all policies. 2642// 2643// * ErrCodeServiceException "ServiceException" 2644// AWS Organizations can't complete your request because of an internal service 2645// error. Try again later. 2646// 2647// * ErrCodeTooManyRequestsException "TooManyRequestsException" 2648// You have sent too many requests in too short a period of time. The limit 2649// helps protect against denial-of-service attacks. Try again later. 2650// 2651// For information on limits that affect AWS Organizations, see Limits of AWS 2652// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 2653// in the AWS Organizations User Guide. 2654// 2655// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganization 2656func (c *Organizations) DeleteOrganization(input *DeleteOrganizationInput) (*DeleteOrganizationOutput, error) { 2657 req, out := c.DeleteOrganizationRequest(input) 2658 return out, req.Send() 2659} 2660 2661// DeleteOrganizationWithContext is the same as DeleteOrganization with the addition of 2662// the ability to pass a context and additional request options. 2663// 2664// See DeleteOrganization for details on how to use this API operation. 2665// 2666// The context must be non-nil and will be used for request cancellation. If 2667// the context is nil a panic will occur. In the future the SDK may create 2668// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2669// for more information on using Contexts. 2670func (c *Organizations) DeleteOrganizationWithContext(ctx aws.Context, input *DeleteOrganizationInput, opts ...request.Option) (*DeleteOrganizationOutput, error) { 2671 req, out := c.DeleteOrganizationRequest(input) 2672 req.SetContext(ctx) 2673 req.ApplyOptions(opts...) 2674 return out, req.Send() 2675} 2676 2677const opDeleteOrganizationalUnit = "DeleteOrganizationalUnit" 2678 2679// DeleteOrganizationalUnitRequest generates a "aws/request.Request" representing the 2680// client's request for the DeleteOrganizationalUnit operation. The "output" return 2681// value will be populated with the request's response once the request completes 2682// successfully. 2683// 2684// Use "Send" method on the returned Request to send the API call to the service. 2685// the "output" return value is not valid until after Send returns without error. 2686// 2687// See DeleteOrganizationalUnit for more information on using the DeleteOrganizationalUnit 2688// API call, and error handling. 2689// 2690// This method is useful when you want to inject custom logic or configuration 2691// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2692// 2693// 2694// // Example sending a request using the DeleteOrganizationalUnitRequest method. 2695// req, resp := client.DeleteOrganizationalUnitRequest(params) 2696// 2697// err := req.Send() 2698// if err == nil { // resp is now filled 2699// fmt.Println(resp) 2700// } 2701// 2702// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganizationalUnit 2703func (c *Organizations) DeleteOrganizationalUnitRequest(input *DeleteOrganizationalUnitInput) (req *request.Request, output *DeleteOrganizationalUnitOutput) { 2704 op := &request.Operation{ 2705 Name: opDeleteOrganizationalUnit, 2706 HTTPMethod: "POST", 2707 HTTPPath: "/", 2708 } 2709 2710 if input == nil { 2711 input = &DeleteOrganizationalUnitInput{} 2712 } 2713 2714 output = &DeleteOrganizationalUnitOutput{} 2715 req = c.newRequest(op, input, output) 2716 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2717 return 2718} 2719 2720// DeleteOrganizationalUnit API operation for AWS Organizations. 2721// 2722// Deletes an organizational unit (OU) from a root or another OU. You must first 2723// remove all accounts and child OUs from the OU that you want to delete. 2724// 2725// This operation can be called only from the organization's master account. 2726// 2727// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2728// with awserr.Error's Code and Message methods to get detailed information about 2729// the error. 2730// 2731// See the AWS API reference guide for AWS Organizations's 2732// API operation DeleteOrganizationalUnit for usage and error information. 2733// 2734// Returned Error Codes: 2735// * ErrCodeAccessDeniedException "AccessDeniedException" 2736// You don't have permissions to perform the requested operation. The user or 2737// role that is making the request must have at least one IAM permissions policy 2738// attached that grants the required permissions. For more information, see 2739// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 2740// in the IAM User Guide. 2741// 2742// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 2743// Your account isn't a member of an organization. To make this request, you 2744// must use the credentials of an account that belongs to an organization. 2745// 2746// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 2747// The target of the operation is currently being modified by a different request. 2748// Try again later. 2749// 2750// * ErrCodeInvalidInputException "InvalidInputException" 2751// The requested operation failed because you provided invalid values for one 2752// or more of the request parameters. This exception includes a reason that 2753// contains additional information about the violated limit: 2754// 2755// Some of the reasons in the following list might not be applicable to this 2756// specific API or operation: 2757// 2758// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 2759// can't be modified. 2760// 2761// * INPUT_REQUIRED: You must include a value for all required parameters. 2762// 2763// * INVALID_ENUM: You specified an invalid value. 2764// 2765// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 2766// characters. 2767// 2768// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 2769// at least one invalid value. 2770// 2771// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 2772// from the response to a previous call of the operation. 2773// 2774// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 2775// organization, or email) as a party. 2776// 2777// * INVALID_PATTERN: You provided a value that doesn't match the required 2778// pattern. 2779// 2780// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 2781// match the required pattern. 2782// 2783// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 2784// name can't begin with the reserved prefix AWSServiceRoleFor. 2785// 2786// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 2787// Name (ARN) for the organization. 2788// 2789// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 2790// 2791// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 2792// tag. You can’t add, edit, or delete system tag keys because they're 2793// reserved for AWS use. System tags don’t count against your tags per 2794// resource limit. 2795// 2796// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 2797// for the operation. 2798// 2799// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 2800// than allowed. 2801// 2802// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 2803// value than allowed. 2804// 2805// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 2806// than allowed. 2807// 2808// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 2809// value than allowed. 2810// 2811// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 2812// between entities in the same root. 2813// 2814// * ErrCodeOrganizationalUnitNotEmptyException "OrganizationalUnitNotEmptyException" 2815// The specified OU is not empty. Move all accounts to another root or to other 2816// OUs, remove all child OUs, and try the operation again. 2817// 2818// * ErrCodeOrganizationalUnitNotFoundException "OrganizationalUnitNotFoundException" 2819// We can't find an OU with the OrganizationalUnitId that you specified. 2820// 2821// * ErrCodeServiceException "ServiceException" 2822// AWS Organizations can't complete your request because of an internal service 2823// error. Try again later. 2824// 2825// * ErrCodeTooManyRequestsException "TooManyRequestsException" 2826// You have sent too many requests in too short a period of time. The limit 2827// helps protect against denial-of-service attacks. Try again later. 2828// 2829// For information on limits that affect AWS Organizations, see Limits of AWS 2830// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 2831// in the AWS Organizations User Guide. 2832// 2833// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganizationalUnit 2834func (c *Organizations) DeleteOrganizationalUnit(input *DeleteOrganizationalUnitInput) (*DeleteOrganizationalUnitOutput, error) { 2835 req, out := c.DeleteOrganizationalUnitRequest(input) 2836 return out, req.Send() 2837} 2838 2839// DeleteOrganizationalUnitWithContext is the same as DeleteOrganizationalUnit with the addition of 2840// the ability to pass a context and additional request options. 2841// 2842// See DeleteOrganizationalUnit for details on how to use this API operation. 2843// 2844// The context must be non-nil and will be used for request cancellation. If 2845// the context is nil a panic will occur. In the future the SDK may create 2846// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2847// for more information on using Contexts. 2848func (c *Organizations) DeleteOrganizationalUnitWithContext(ctx aws.Context, input *DeleteOrganizationalUnitInput, opts ...request.Option) (*DeleteOrganizationalUnitOutput, error) { 2849 req, out := c.DeleteOrganizationalUnitRequest(input) 2850 req.SetContext(ctx) 2851 req.ApplyOptions(opts...) 2852 return out, req.Send() 2853} 2854 2855const opDeletePolicy = "DeletePolicy" 2856 2857// DeletePolicyRequest generates a "aws/request.Request" representing the 2858// client's request for the DeletePolicy operation. The "output" return 2859// value will be populated with the request's response once the request completes 2860// successfully. 2861// 2862// Use "Send" method on the returned Request to send the API call to the service. 2863// the "output" return value is not valid until after Send returns without error. 2864// 2865// See DeletePolicy for more information on using the DeletePolicy 2866// API call, and error handling. 2867// 2868// This method is useful when you want to inject custom logic or configuration 2869// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2870// 2871// 2872// // Example sending a request using the DeletePolicyRequest method. 2873// req, resp := client.DeletePolicyRequest(params) 2874// 2875// err := req.Send() 2876// if err == nil { // resp is now filled 2877// fmt.Println(resp) 2878// } 2879// 2880// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeletePolicy 2881func (c *Organizations) DeletePolicyRequest(input *DeletePolicyInput) (req *request.Request, output *DeletePolicyOutput) { 2882 op := &request.Operation{ 2883 Name: opDeletePolicy, 2884 HTTPMethod: "POST", 2885 HTTPPath: "/", 2886 } 2887 2888 if input == nil { 2889 input = &DeletePolicyInput{} 2890 } 2891 2892 output = &DeletePolicyOutput{} 2893 req = c.newRequest(op, input, output) 2894 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2895 return 2896} 2897 2898// DeletePolicy API operation for AWS Organizations. 2899// 2900// Deletes the specified policy from your organization. Before you perform this 2901// operation, you must first detach the policy from all organizational units 2902// (OUs), roots, and accounts. 2903// 2904// This operation can be called only from the organization's master account. 2905// 2906// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2907// with awserr.Error's Code and Message methods to get detailed information about 2908// the error. 2909// 2910// See the AWS API reference guide for AWS Organizations's 2911// API operation DeletePolicy for usage and error information. 2912// 2913// Returned Error Codes: 2914// * ErrCodeAccessDeniedException "AccessDeniedException" 2915// You don't have permissions to perform the requested operation. The user or 2916// role that is making the request must have at least one IAM permissions policy 2917// attached that grants the required permissions. For more information, see 2918// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 2919// in the IAM User Guide. 2920// 2921// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 2922// Your account isn't a member of an organization. To make this request, you 2923// must use the credentials of an account that belongs to an organization. 2924// 2925// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 2926// The target of the operation is currently being modified by a different request. 2927// Try again later. 2928// 2929// * ErrCodeInvalidInputException "InvalidInputException" 2930// The requested operation failed because you provided invalid values for one 2931// or more of the request parameters. This exception includes a reason that 2932// contains additional information about the violated limit: 2933// 2934// Some of the reasons in the following list might not be applicable to this 2935// specific API or operation: 2936// 2937// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 2938// can't be modified. 2939// 2940// * INPUT_REQUIRED: You must include a value for all required parameters. 2941// 2942// * INVALID_ENUM: You specified an invalid value. 2943// 2944// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 2945// characters. 2946// 2947// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 2948// at least one invalid value. 2949// 2950// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 2951// from the response to a previous call of the operation. 2952// 2953// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 2954// organization, or email) as a party. 2955// 2956// * INVALID_PATTERN: You provided a value that doesn't match the required 2957// pattern. 2958// 2959// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 2960// match the required pattern. 2961// 2962// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 2963// name can't begin with the reserved prefix AWSServiceRoleFor. 2964// 2965// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 2966// Name (ARN) for the organization. 2967// 2968// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 2969// 2970// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 2971// tag. You can’t add, edit, or delete system tag keys because they're 2972// reserved for AWS use. System tags don’t count against your tags per 2973// resource limit. 2974// 2975// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 2976// for the operation. 2977// 2978// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 2979// than allowed. 2980// 2981// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 2982// value than allowed. 2983// 2984// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 2985// than allowed. 2986// 2987// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 2988// value than allowed. 2989// 2990// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 2991// between entities in the same root. 2992// 2993// * ErrCodePolicyInUseException "PolicyInUseException" 2994// The policy is attached to one or more entities. You must detach it from all 2995// roots, OUs, and accounts before performing this operation. 2996// 2997// * ErrCodePolicyNotFoundException "PolicyNotFoundException" 2998// We can't find a policy with the PolicyId that you specified. 2999// 3000// * ErrCodeServiceException "ServiceException" 3001// AWS Organizations can't complete your request because of an internal service 3002// error. Try again later. 3003// 3004// * ErrCodeTooManyRequestsException "TooManyRequestsException" 3005// You have sent too many requests in too short a period of time. The limit 3006// helps protect against denial-of-service attacks. Try again later. 3007// 3008// For information on limits that affect AWS Organizations, see Limits of AWS 3009// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 3010// in the AWS Organizations User Guide. 3011// 3012// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeletePolicy 3013func (c *Organizations) DeletePolicy(input *DeletePolicyInput) (*DeletePolicyOutput, error) { 3014 req, out := c.DeletePolicyRequest(input) 3015 return out, req.Send() 3016} 3017 3018// DeletePolicyWithContext is the same as DeletePolicy with the addition of 3019// the ability to pass a context and additional request options. 3020// 3021// See DeletePolicy for details on how to use this API operation. 3022// 3023// The context must be non-nil and will be used for request cancellation. If 3024// the context is nil a panic will occur. In the future the SDK may create 3025// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3026// for more information on using Contexts. 3027func (c *Organizations) DeletePolicyWithContext(ctx aws.Context, input *DeletePolicyInput, opts ...request.Option) (*DeletePolicyOutput, error) { 3028 req, out := c.DeletePolicyRequest(input) 3029 req.SetContext(ctx) 3030 req.ApplyOptions(opts...) 3031 return out, req.Send() 3032} 3033 3034const opDescribeAccount = "DescribeAccount" 3035 3036// DescribeAccountRequest generates a "aws/request.Request" representing the 3037// client's request for the DescribeAccount operation. The "output" return 3038// value will be populated with the request's response once the request completes 3039// successfully. 3040// 3041// Use "Send" method on the returned Request to send the API call to the service. 3042// the "output" return value is not valid until after Send returns without error. 3043// 3044// See DescribeAccount for more information on using the DescribeAccount 3045// API call, and error handling. 3046// 3047// This method is useful when you want to inject custom logic or configuration 3048// into the SDK's request lifecycle. Such as custom headers, or retry logic. 3049// 3050// 3051// // Example sending a request using the DescribeAccountRequest method. 3052// req, resp := client.DescribeAccountRequest(params) 3053// 3054// err := req.Send() 3055// if err == nil { // resp is now filled 3056// fmt.Println(resp) 3057// } 3058// 3059// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeAccount 3060func (c *Organizations) DescribeAccountRequest(input *DescribeAccountInput) (req *request.Request, output *DescribeAccountOutput) { 3061 op := &request.Operation{ 3062 Name: opDescribeAccount, 3063 HTTPMethod: "POST", 3064 HTTPPath: "/", 3065 } 3066 3067 if input == nil { 3068 input = &DescribeAccountInput{} 3069 } 3070 3071 output = &DescribeAccountOutput{} 3072 req = c.newRequest(op, input, output) 3073 return 3074} 3075 3076// DescribeAccount API operation for AWS Organizations. 3077// 3078// Retrieves AWS Organizations-related information about the specified account. 3079// 3080// This operation can be called only from the organization's master account. 3081// 3082// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 3083// with awserr.Error's Code and Message methods to get detailed information about 3084// the error. 3085// 3086// See the AWS API reference guide for AWS Organizations's 3087// API operation DescribeAccount for usage and error information. 3088// 3089// Returned Error Codes: 3090// * ErrCodeAccessDeniedException "AccessDeniedException" 3091// You don't have permissions to perform the requested operation. The user or 3092// role that is making the request must have at least one IAM permissions policy 3093// attached that grants the required permissions. For more information, see 3094// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 3095// in the IAM User Guide. 3096// 3097// * ErrCodeAccountNotFoundException "AccountNotFoundException" 3098// We can't find an AWS account with the AccountId that you specified, or the 3099// account whose credentials you used to make this request isn't a member of 3100// an organization. 3101// 3102// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 3103// Your account isn't a member of an organization. To make this request, you 3104// must use the credentials of an account that belongs to an organization. 3105// 3106// * ErrCodeInvalidInputException "InvalidInputException" 3107// The requested operation failed because you provided invalid values for one 3108// or more of the request parameters. This exception includes a reason that 3109// contains additional information about the violated limit: 3110// 3111// Some of the reasons in the following list might not be applicable to this 3112// specific API or operation: 3113// 3114// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 3115// can't be modified. 3116// 3117// * INPUT_REQUIRED: You must include a value for all required parameters. 3118// 3119// * INVALID_ENUM: You specified an invalid value. 3120// 3121// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 3122// characters. 3123// 3124// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 3125// at least one invalid value. 3126// 3127// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 3128// from the response to a previous call of the operation. 3129// 3130// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 3131// organization, or email) as a party. 3132// 3133// * INVALID_PATTERN: You provided a value that doesn't match the required 3134// pattern. 3135// 3136// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 3137// match the required pattern. 3138// 3139// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 3140// name can't begin with the reserved prefix AWSServiceRoleFor. 3141// 3142// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 3143// Name (ARN) for the organization. 3144// 3145// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 3146// 3147// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 3148// tag. You can’t add, edit, or delete system tag keys because they're 3149// reserved for AWS use. System tags don’t count against your tags per 3150// resource limit. 3151// 3152// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 3153// for the operation. 3154// 3155// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 3156// than allowed. 3157// 3158// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 3159// value than allowed. 3160// 3161// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 3162// than allowed. 3163// 3164// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 3165// value than allowed. 3166// 3167// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 3168// between entities in the same root. 3169// 3170// * ErrCodeServiceException "ServiceException" 3171// AWS Organizations can't complete your request because of an internal service 3172// error. Try again later. 3173// 3174// * ErrCodeTooManyRequestsException "TooManyRequestsException" 3175// You have sent too many requests in too short a period of time. The limit 3176// helps protect against denial-of-service attacks. Try again later. 3177// 3178// For information on limits that affect AWS Organizations, see Limits of AWS 3179// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 3180// in the AWS Organizations User Guide. 3181// 3182// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeAccount 3183func (c *Organizations) DescribeAccount(input *DescribeAccountInput) (*DescribeAccountOutput, error) { 3184 req, out := c.DescribeAccountRequest(input) 3185 return out, req.Send() 3186} 3187 3188// DescribeAccountWithContext is the same as DescribeAccount with the addition of 3189// the ability to pass a context and additional request options. 3190// 3191// See DescribeAccount for details on how to use this API operation. 3192// 3193// The context must be non-nil and will be used for request cancellation. If 3194// the context is nil a panic will occur. In the future the SDK may create 3195// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3196// for more information on using Contexts. 3197func (c *Organizations) DescribeAccountWithContext(ctx aws.Context, input *DescribeAccountInput, opts ...request.Option) (*DescribeAccountOutput, error) { 3198 req, out := c.DescribeAccountRequest(input) 3199 req.SetContext(ctx) 3200 req.ApplyOptions(opts...) 3201 return out, req.Send() 3202} 3203 3204const opDescribeCreateAccountStatus = "DescribeCreateAccountStatus" 3205 3206// DescribeCreateAccountStatusRequest generates a "aws/request.Request" representing the 3207// client's request for the DescribeCreateAccountStatus operation. The "output" return 3208// value will be populated with the request's response once the request completes 3209// successfully. 3210// 3211// Use "Send" method on the returned Request to send the API call to the service. 3212// the "output" return value is not valid until after Send returns without error. 3213// 3214// See DescribeCreateAccountStatus for more information on using the DescribeCreateAccountStatus 3215// API call, and error handling. 3216// 3217// This method is useful when you want to inject custom logic or configuration 3218// into the SDK's request lifecycle. Such as custom headers, or retry logic. 3219// 3220// 3221// // Example sending a request using the DescribeCreateAccountStatusRequest method. 3222// req, resp := client.DescribeCreateAccountStatusRequest(params) 3223// 3224// err := req.Send() 3225// if err == nil { // resp is now filled 3226// fmt.Println(resp) 3227// } 3228// 3229// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus 3230func (c *Organizations) DescribeCreateAccountStatusRequest(input *DescribeCreateAccountStatusInput) (req *request.Request, output *DescribeCreateAccountStatusOutput) { 3231 op := &request.Operation{ 3232 Name: opDescribeCreateAccountStatus, 3233 HTTPMethod: "POST", 3234 HTTPPath: "/", 3235 } 3236 3237 if input == nil { 3238 input = &DescribeCreateAccountStatusInput{} 3239 } 3240 3241 output = &DescribeCreateAccountStatusOutput{} 3242 req = c.newRequest(op, input, output) 3243 return 3244} 3245 3246// DescribeCreateAccountStatus API operation for AWS Organizations. 3247// 3248// Retrieves the current status of an asynchronous request to create an account. 3249// 3250// This operation can be called only from the organization's master account. 3251// 3252// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 3253// with awserr.Error's Code and Message methods to get detailed information about 3254// the error. 3255// 3256// See the AWS API reference guide for AWS Organizations's 3257// API operation DescribeCreateAccountStatus for usage and error information. 3258// 3259// Returned Error Codes: 3260// * ErrCodeAccessDeniedException "AccessDeniedException" 3261// You don't have permissions to perform the requested operation. The user or 3262// role that is making the request must have at least one IAM permissions policy 3263// attached that grants the required permissions. For more information, see 3264// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 3265// in the IAM User Guide. 3266// 3267// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 3268// Your account isn't a member of an organization. To make this request, you 3269// must use the credentials of an account that belongs to an organization. 3270// 3271// * ErrCodeCreateAccountStatusNotFoundException "CreateAccountStatusNotFoundException" 3272// We can't find an create account request with the CreateAccountRequestId that 3273// you specified. 3274// 3275// * ErrCodeInvalidInputException "InvalidInputException" 3276// The requested operation failed because you provided invalid values for one 3277// or more of the request parameters. This exception includes a reason that 3278// contains additional information about the violated limit: 3279// 3280// Some of the reasons in the following list might not be applicable to this 3281// specific API or operation: 3282// 3283// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 3284// can't be modified. 3285// 3286// * INPUT_REQUIRED: You must include a value for all required parameters. 3287// 3288// * INVALID_ENUM: You specified an invalid value. 3289// 3290// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 3291// characters. 3292// 3293// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 3294// at least one invalid value. 3295// 3296// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 3297// from the response to a previous call of the operation. 3298// 3299// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 3300// organization, or email) as a party. 3301// 3302// * INVALID_PATTERN: You provided a value that doesn't match the required 3303// pattern. 3304// 3305// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 3306// match the required pattern. 3307// 3308// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 3309// name can't begin with the reserved prefix AWSServiceRoleFor. 3310// 3311// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 3312// Name (ARN) for the organization. 3313// 3314// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 3315// 3316// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 3317// tag. You can’t add, edit, or delete system tag keys because they're 3318// reserved for AWS use. System tags don’t count against your tags per 3319// resource limit. 3320// 3321// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 3322// for the operation. 3323// 3324// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 3325// than allowed. 3326// 3327// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 3328// value than allowed. 3329// 3330// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 3331// than allowed. 3332// 3333// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 3334// value than allowed. 3335// 3336// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 3337// between entities in the same root. 3338// 3339// * ErrCodeServiceException "ServiceException" 3340// AWS Organizations can't complete your request because of an internal service 3341// error. Try again later. 3342// 3343// * ErrCodeTooManyRequestsException "TooManyRequestsException" 3344// You have sent too many requests in too short a period of time. The limit 3345// helps protect against denial-of-service attacks. Try again later. 3346// 3347// For information on limits that affect AWS Organizations, see Limits of AWS 3348// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 3349// in the AWS Organizations User Guide. 3350// 3351// * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException" 3352// This action isn't available in the current Region. 3353// 3354// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus 3355func (c *Organizations) DescribeCreateAccountStatus(input *DescribeCreateAccountStatusInput) (*DescribeCreateAccountStatusOutput, error) { 3356 req, out := c.DescribeCreateAccountStatusRequest(input) 3357 return out, req.Send() 3358} 3359 3360// DescribeCreateAccountStatusWithContext is the same as DescribeCreateAccountStatus with the addition of 3361// the ability to pass a context and additional request options. 3362// 3363// See DescribeCreateAccountStatus for details on how to use this API operation. 3364// 3365// The context must be non-nil and will be used for request cancellation. If 3366// the context is nil a panic will occur. In the future the SDK may create 3367// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3368// for more information on using Contexts. 3369func (c *Organizations) DescribeCreateAccountStatusWithContext(ctx aws.Context, input *DescribeCreateAccountStatusInput, opts ...request.Option) (*DescribeCreateAccountStatusOutput, error) { 3370 req, out := c.DescribeCreateAccountStatusRequest(input) 3371 req.SetContext(ctx) 3372 req.ApplyOptions(opts...) 3373 return out, req.Send() 3374} 3375 3376const opDescribeHandshake = "DescribeHandshake" 3377 3378// DescribeHandshakeRequest generates a "aws/request.Request" representing the 3379// client's request for the DescribeHandshake operation. The "output" return 3380// value will be populated with the request's response once the request completes 3381// successfully. 3382// 3383// Use "Send" method on the returned Request to send the API call to the service. 3384// the "output" return value is not valid until after Send returns without error. 3385// 3386// See DescribeHandshake for more information on using the DescribeHandshake 3387// API call, and error handling. 3388// 3389// This method is useful when you want to inject custom logic or configuration 3390// into the SDK's request lifecycle. Such as custom headers, or retry logic. 3391// 3392// 3393// // Example sending a request using the DescribeHandshakeRequest method. 3394// req, resp := client.DescribeHandshakeRequest(params) 3395// 3396// err := req.Send() 3397// if err == nil { // resp is now filled 3398// fmt.Println(resp) 3399// } 3400// 3401// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeHandshake 3402func (c *Organizations) DescribeHandshakeRequest(input *DescribeHandshakeInput) (req *request.Request, output *DescribeHandshakeOutput) { 3403 op := &request.Operation{ 3404 Name: opDescribeHandshake, 3405 HTTPMethod: "POST", 3406 HTTPPath: "/", 3407 } 3408 3409 if input == nil { 3410 input = &DescribeHandshakeInput{} 3411 } 3412 3413 output = &DescribeHandshakeOutput{} 3414 req = c.newRequest(op, input, output) 3415 return 3416} 3417 3418// DescribeHandshake API operation for AWS Organizations. 3419// 3420// Retrieves information about a previously requested handshake. The handshake 3421// ID comes from the response to the original InviteAccountToOrganization operation 3422// that generated the handshake. 3423// 3424// You can access handshakes that are ACCEPTED, DECLINED, or CANCELED for only 3425// 30 days after they change to that state. They're then deleted and no longer 3426// accessible. 3427// 3428// This operation can be called from any account in the organization. 3429// 3430// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 3431// with awserr.Error's Code and Message methods to get detailed information about 3432// the error. 3433// 3434// See the AWS API reference guide for AWS Organizations's 3435// API operation DescribeHandshake for usage and error information. 3436// 3437// Returned Error Codes: 3438// * ErrCodeAccessDeniedException "AccessDeniedException" 3439// You don't have permissions to perform the requested operation. The user or 3440// role that is making the request must have at least one IAM permissions policy 3441// attached that grants the required permissions. For more information, see 3442// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 3443// in the IAM User Guide. 3444// 3445// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 3446// The target of the operation is currently being modified by a different request. 3447// Try again later. 3448// 3449// * ErrCodeHandshakeNotFoundException "HandshakeNotFoundException" 3450// We can't find a handshake with the HandshakeId that you specified. 3451// 3452// * ErrCodeInvalidInputException "InvalidInputException" 3453// The requested operation failed because you provided invalid values for one 3454// or more of the request parameters. This exception includes a reason that 3455// contains additional information about the violated limit: 3456// 3457// Some of the reasons in the following list might not be applicable to this 3458// specific API or operation: 3459// 3460// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 3461// can't be modified. 3462// 3463// * INPUT_REQUIRED: You must include a value for all required parameters. 3464// 3465// * INVALID_ENUM: You specified an invalid value. 3466// 3467// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 3468// characters. 3469// 3470// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 3471// at least one invalid value. 3472// 3473// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 3474// from the response to a previous call of the operation. 3475// 3476// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 3477// organization, or email) as a party. 3478// 3479// * INVALID_PATTERN: You provided a value that doesn't match the required 3480// pattern. 3481// 3482// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 3483// match the required pattern. 3484// 3485// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 3486// name can't begin with the reserved prefix AWSServiceRoleFor. 3487// 3488// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 3489// Name (ARN) for the organization. 3490// 3491// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 3492// 3493// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 3494// tag. You can’t add, edit, or delete system tag keys because they're 3495// reserved for AWS use. System tags don’t count against your tags per 3496// resource limit. 3497// 3498// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 3499// for the operation. 3500// 3501// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 3502// than allowed. 3503// 3504// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 3505// value than allowed. 3506// 3507// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 3508// than allowed. 3509// 3510// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 3511// value than allowed. 3512// 3513// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 3514// between entities in the same root. 3515// 3516// * ErrCodeServiceException "ServiceException" 3517// AWS Organizations can't complete your request because of an internal service 3518// error. Try again later. 3519// 3520// * ErrCodeTooManyRequestsException "TooManyRequestsException" 3521// You have sent too many requests in too short a period of time. The limit 3522// helps protect against denial-of-service attacks. Try again later. 3523// 3524// For information on limits that affect AWS Organizations, see Limits of AWS 3525// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 3526// in the AWS Organizations User Guide. 3527// 3528// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeHandshake 3529func (c *Organizations) DescribeHandshake(input *DescribeHandshakeInput) (*DescribeHandshakeOutput, error) { 3530 req, out := c.DescribeHandshakeRequest(input) 3531 return out, req.Send() 3532} 3533 3534// DescribeHandshakeWithContext is the same as DescribeHandshake with the addition of 3535// the ability to pass a context and additional request options. 3536// 3537// See DescribeHandshake for details on how to use this API operation. 3538// 3539// The context must be non-nil and will be used for request cancellation. If 3540// the context is nil a panic will occur. In the future the SDK may create 3541// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3542// for more information on using Contexts. 3543func (c *Organizations) DescribeHandshakeWithContext(ctx aws.Context, input *DescribeHandshakeInput, opts ...request.Option) (*DescribeHandshakeOutput, error) { 3544 req, out := c.DescribeHandshakeRequest(input) 3545 req.SetContext(ctx) 3546 req.ApplyOptions(opts...) 3547 return out, req.Send() 3548} 3549 3550const opDescribeOrganization = "DescribeOrganization" 3551 3552// DescribeOrganizationRequest generates a "aws/request.Request" representing the 3553// client's request for the DescribeOrganization operation. The "output" return 3554// value will be populated with the request's response once the request completes 3555// successfully. 3556// 3557// Use "Send" method on the returned Request to send the API call to the service. 3558// the "output" return value is not valid until after Send returns without error. 3559// 3560// See DescribeOrganization for more information on using the DescribeOrganization 3561// API call, and error handling. 3562// 3563// This method is useful when you want to inject custom logic or configuration 3564// into the SDK's request lifecycle. Such as custom headers, or retry logic. 3565// 3566// 3567// // Example sending a request using the DescribeOrganizationRequest method. 3568// req, resp := client.DescribeOrganizationRequest(params) 3569// 3570// err := req.Send() 3571// if err == nil { // resp is now filled 3572// fmt.Println(resp) 3573// } 3574// 3575// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganization 3576func (c *Organizations) DescribeOrganizationRequest(input *DescribeOrganizationInput) (req *request.Request, output *DescribeOrganizationOutput) { 3577 op := &request.Operation{ 3578 Name: opDescribeOrganization, 3579 HTTPMethod: "POST", 3580 HTTPPath: "/", 3581 } 3582 3583 if input == nil { 3584 input = &DescribeOrganizationInput{} 3585 } 3586 3587 output = &DescribeOrganizationOutput{} 3588 req = c.newRequest(op, input, output) 3589 return 3590} 3591 3592// DescribeOrganization API operation for AWS Organizations. 3593// 3594// Retrieves information about the organization that the user's account belongs 3595// to. 3596// 3597// This operation can be called from any account in the organization. 3598// 3599// Even if a policy type is shown as available in the organization, you can 3600// disable it separately at the root level with DisablePolicyType. Use ListRoots 3601// to see the status of policy types for a specified root. 3602// 3603// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 3604// with awserr.Error's Code and Message methods to get detailed information about 3605// the error. 3606// 3607// See the AWS API reference guide for AWS Organizations's 3608// API operation DescribeOrganization for usage and error information. 3609// 3610// Returned Error Codes: 3611// * ErrCodeAccessDeniedException "AccessDeniedException" 3612// You don't have permissions to perform the requested operation. The user or 3613// role that is making the request must have at least one IAM permissions policy 3614// attached that grants the required permissions. For more information, see 3615// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 3616// in the IAM User Guide. 3617// 3618// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 3619// Your account isn't a member of an organization. To make this request, you 3620// must use the credentials of an account that belongs to an organization. 3621// 3622// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 3623// The target of the operation is currently being modified by a different request. 3624// Try again later. 3625// 3626// * ErrCodeServiceException "ServiceException" 3627// AWS Organizations can't complete your request because of an internal service 3628// error. Try again later. 3629// 3630// * ErrCodeTooManyRequestsException "TooManyRequestsException" 3631// You have sent too many requests in too short a period of time. The limit 3632// helps protect against denial-of-service attacks. Try again later. 3633// 3634// For information on limits that affect AWS Organizations, see Limits of AWS 3635// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 3636// in the AWS Organizations User Guide. 3637// 3638// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganization 3639func (c *Organizations) DescribeOrganization(input *DescribeOrganizationInput) (*DescribeOrganizationOutput, error) { 3640 req, out := c.DescribeOrganizationRequest(input) 3641 return out, req.Send() 3642} 3643 3644// DescribeOrganizationWithContext is the same as DescribeOrganization with the addition of 3645// the ability to pass a context and additional request options. 3646// 3647// See DescribeOrganization for details on how to use this API operation. 3648// 3649// The context must be non-nil and will be used for request cancellation. If 3650// the context is nil a panic will occur. In the future the SDK may create 3651// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3652// for more information on using Contexts. 3653func (c *Organizations) DescribeOrganizationWithContext(ctx aws.Context, input *DescribeOrganizationInput, opts ...request.Option) (*DescribeOrganizationOutput, error) { 3654 req, out := c.DescribeOrganizationRequest(input) 3655 req.SetContext(ctx) 3656 req.ApplyOptions(opts...) 3657 return out, req.Send() 3658} 3659 3660const opDescribeOrganizationalUnit = "DescribeOrganizationalUnit" 3661 3662// DescribeOrganizationalUnitRequest generates a "aws/request.Request" representing the 3663// client's request for the DescribeOrganizationalUnit operation. The "output" return 3664// value will be populated with the request's response once the request completes 3665// successfully. 3666// 3667// Use "Send" method on the returned Request to send the API call to the service. 3668// the "output" return value is not valid until after Send returns without error. 3669// 3670// See DescribeOrganizationalUnit for more information on using the DescribeOrganizationalUnit 3671// API call, and error handling. 3672// 3673// This method is useful when you want to inject custom logic or configuration 3674// into the SDK's request lifecycle. Such as custom headers, or retry logic. 3675// 3676// 3677// // Example sending a request using the DescribeOrganizationalUnitRequest method. 3678// req, resp := client.DescribeOrganizationalUnitRequest(params) 3679// 3680// err := req.Send() 3681// if err == nil { // resp is now filled 3682// fmt.Println(resp) 3683// } 3684// 3685// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationalUnit 3686func (c *Organizations) DescribeOrganizationalUnitRequest(input *DescribeOrganizationalUnitInput) (req *request.Request, output *DescribeOrganizationalUnitOutput) { 3687 op := &request.Operation{ 3688 Name: opDescribeOrganizationalUnit, 3689 HTTPMethod: "POST", 3690 HTTPPath: "/", 3691 } 3692 3693 if input == nil { 3694 input = &DescribeOrganizationalUnitInput{} 3695 } 3696 3697 output = &DescribeOrganizationalUnitOutput{} 3698 req = c.newRequest(op, input, output) 3699 return 3700} 3701 3702// DescribeOrganizationalUnit API operation for AWS Organizations. 3703// 3704// Retrieves information about an organizational unit (OU). 3705// 3706// This operation can be called only from the organization's master account. 3707// 3708// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 3709// with awserr.Error's Code and Message methods to get detailed information about 3710// the error. 3711// 3712// See the AWS API reference guide for AWS Organizations's 3713// API operation DescribeOrganizationalUnit for usage and error information. 3714// 3715// Returned Error Codes: 3716// * ErrCodeAccessDeniedException "AccessDeniedException" 3717// You don't have permissions to perform the requested operation. The user or 3718// role that is making the request must have at least one IAM permissions policy 3719// attached that grants the required permissions. For more information, see 3720// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 3721// in the IAM User Guide. 3722// 3723// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 3724// Your account isn't a member of an organization. To make this request, you 3725// must use the credentials of an account that belongs to an organization. 3726// 3727// * ErrCodeInvalidInputException "InvalidInputException" 3728// The requested operation failed because you provided invalid values for one 3729// or more of the request parameters. This exception includes a reason that 3730// contains additional information about the violated limit: 3731// 3732// Some of the reasons in the following list might not be applicable to this 3733// specific API or operation: 3734// 3735// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 3736// can't be modified. 3737// 3738// * INPUT_REQUIRED: You must include a value for all required parameters. 3739// 3740// * INVALID_ENUM: You specified an invalid value. 3741// 3742// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 3743// characters. 3744// 3745// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 3746// at least one invalid value. 3747// 3748// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 3749// from the response to a previous call of the operation. 3750// 3751// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 3752// organization, or email) as a party. 3753// 3754// * INVALID_PATTERN: You provided a value that doesn't match the required 3755// pattern. 3756// 3757// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 3758// match the required pattern. 3759// 3760// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 3761// name can't begin with the reserved prefix AWSServiceRoleFor. 3762// 3763// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 3764// Name (ARN) for the organization. 3765// 3766// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 3767// 3768// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 3769// tag. You can’t add, edit, or delete system tag keys because they're 3770// reserved for AWS use. System tags don’t count against your tags per 3771// resource limit. 3772// 3773// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 3774// for the operation. 3775// 3776// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 3777// than allowed. 3778// 3779// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 3780// value than allowed. 3781// 3782// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 3783// than allowed. 3784// 3785// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 3786// value than allowed. 3787// 3788// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 3789// between entities in the same root. 3790// 3791// * ErrCodeOrganizationalUnitNotFoundException "OrganizationalUnitNotFoundException" 3792// We can't find an OU with the OrganizationalUnitId that you specified. 3793// 3794// * ErrCodeServiceException "ServiceException" 3795// AWS Organizations can't complete your request because of an internal service 3796// error. Try again later. 3797// 3798// * ErrCodeTooManyRequestsException "TooManyRequestsException" 3799// You have sent too many requests in too short a period of time. The limit 3800// helps protect against denial-of-service attacks. Try again later. 3801// 3802// For information on limits that affect AWS Organizations, see Limits of AWS 3803// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 3804// in the AWS Organizations User Guide. 3805// 3806// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationalUnit 3807func (c *Organizations) DescribeOrganizationalUnit(input *DescribeOrganizationalUnitInput) (*DescribeOrganizationalUnitOutput, error) { 3808 req, out := c.DescribeOrganizationalUnitRequest(input) 3809 return out, req.Send() 3810} 3811 3812// DescribeOrganizationalUnitWithContext is the same as DescribeOrganizationalUnit with the addition of 3813// the ability to pass a context and additional request options. 3814// 3815// See DescribeOrganizationalUnit for details on how to use this API operation. 3816// 3817// The context must be non-nil and will be used for request cancellation. If 3818// the context is nil a panic will occur. In the future the SDK may create 3819// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3820// for more information on using Contexts. 3821func (c *Organizations) DescribeOrganizationalUnitWithContext(ctx aws.Context, input *DescribeOrganizationalUnitInput, opts ...request.Option) (*DescribeOrganizationalUnitOutput, error) { 3822 req, out := c.DescribeOrganizationalUnitRequest(input) 3823 req.SetContext(ctx) 3824 req.ApplyOptions(opts...) 3825 return out, req.Send() 3826} 3827 3828const opDescribePolicy = "DescribePolicy" 3829 3830// DescribePolicyRequest generates a "aws/request.Request" representing the 3831// client's request for the DescribePolicy operation. The "output" return 3832// value will be populated with the request's response once the request completes 3833// successfully. 3834// 3835// Use "Send" method on the returned Request to send the API call to the service. 3836// the "output" return value is not valid until after Send returns without error. 3837// 3838// See DescribePolicy for more information on using the DescribePolicy 3839// API call, and error handling. 3840// 3841// This method is useful when you want to inject custom logic or configuration 3842// into the SDK's request lifecycle. Such as custom headers, or retry logic. 3843// 3844// 3845// // Example sending a request using the DescribePolicyRequest method. 3846// req, resp := client.DescribePolicyRequest(params) 3847// 3848// err := req.Send() 3849// if err == nil { // resp is now filled 3850// fmt.Println(resp) 3851// } 3852// 3853// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribePolicy 3854func (c *Organizations) DescribePolicyRequest(input *DescribePolicyInput) (req *request.Request, output *DescribePolicyOutput) { 3855 op := &request.Operation{ 3856 Name: opDescribePolicy, 3857 HTTPMethod: "POST", 3858 HTTPPath: "/", 3859 } 3860 3861 if input == nil { 3862 input = &DescribePolicyInput{} 3863 } 3864 3865 output = &DescribePolicyOutput{} 3866 req = c.newRequest(op, input, output) 3867 return 3868} 3869 3870// DescribePolicy API operation for AWS Organizations. 3871// 3872// Retrieves information about a policy. 3873// 3874// This operation can be called only from the organization's master account. 3875// 3876// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 3877// with awserr.Error's Code and Message methods to get detailed information about 3878// the error. 3879// 3880// See the AWS API reference guide for AWS Organizations's 3881// API operation DescribePolicy for usage and error information. 3882// 3883// Returned Error Codes: 3884// * ErrCodeAccessDeniedException "AccessDeniedException" 3885// You don't have permissions to perform the requested operation. The user or 3886// role that is making the request must have at least one IAM permissions policy 3887// attached that grants the required permissions. For more information, see 3888// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 3889// in the IAM User Guide. 3890// 3891// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 3892// Your account isn't a member of an organization. To make this request, you 3893// must use the credentials of an account that belongs to an organization. 3894// 3895// * ErrCodeInvalidInputException "InvalidInputException" 3896// The requested operation failed because you provided invalid values for one 3897// or more of the request parameters. This exception includes a reason that 3898// contains additional information about the violated limit: 3899// 3900// Some of the reasons in the following list might not be applicable to this 3901// specific API or operation: 3902// 3903// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 3904// can't be modified. 3905// 3906// * INPUT_REQUIRED: You must include a value for all required parameters. 3907// 3908// * INVALID_ENUM: You specified an invalid value. 3909// 3910// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 3911// characters. 3912// 3913// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 3914// at least one invalid value. 3915// 3916// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 3917// from the response to a previous call of the operation. 3918// 3919// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 3920// organization, or email) as a party. 3921// 3922// * INVALID_PATTERN: You provided a value that doesn't match the required 3923// pattern. 3924// 3925// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 3926// match the required pattern. 3927// 3928// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 3929// name can't begin with the reserved prefix AWSServiceRoleFor. 3930// 3931// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 3932// Name (ARN) for the organization. 3933// 3934// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 3935// 3936// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 3937// tag. You can’t add, edit, or delete system tag keys because they're 3938// reserved for AWS use. System tags don’t count against your tags per 3939// resource limit. 3940// 3941// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 3942// for the operation. 3943// 3944// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 3945// than allowed. 3946// 3947// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 3948// value than allowed. 3949// 3950// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 3951// than allowed. 3952// 3953// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 3954// value than allowed. 3955// 3956// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 3957// between entities in the same root. 3958// 3959// * ErrCodePolicyNotFoundException "PolicyNotFoundException" 3960// We can't find a policy with the PolicyId that you specified. 3961// 3962// * ErrCodeServiceException "ServiceException" 3963// AWS Organizations can't complete your request because of an internal service 3964// error. Try again later. 3965// 3966// * ErrCodeTooManyRequestsException "TooManyRequestsException" 3967// You have sent too many requests in too short a period of time. The limit 3968// helps protect against denial-of-service attacks. Try again later. 3969// 3970// For information on limits that affect AWS Organizations, see Limits of AWS 3971// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 3972// in the AWS Organizations User Guide. 3973// 3974// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribePolicy 3975func (c *Organizations) DescribePolicy(input *DescribePolicyInput) (*DescribePolicyOutput, error) { 3976 req, out := c.DescribePolicyRequest(input) 3977 return out, req.Send() 3978} 3979 3980// DescribePolicyWithContext is the same as DescribePolicy with the addition of 3981// the ability to pass a context and additional request options. 3982// 3983// See DescribePolicy for details on how to use this API operation. 3984// 3985// The context must be non-nil and will be used for request cancellation. If 3986// the context is nil a panic will occur. In the future the SDK may create 3987// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3988// for more information on using Contexts. 3989func (c *Organizations) DescribePolicyWithContext(ctx aws.Context, input *DescribePolicyInput, opts ...request.Option) (*DescribePolicyOutput, error) { 3990 req, out := c.DescribePolicyRequest(input) 3991 req.SetContext(ctx) 3992 req.ApplyOptions(opts...) 3993 return out, req.Send() 3994} 3995 3996const opDetachPolicy = "DetachPolicy" 3997 3998// DetachPolicyRequest generates a "aws/request.Request" representing the 3999// client's request for the DetachPolicy operation. The "output" return 4000// value will be populated with the request's response once the request completes 4001// successfully. 4002// 4003// Use "Send" method on the returned Request to send the API call to the service. 4004// the "output" return value is not valid until after Send returns without error. 4005// 4006// See DetachPolicy for more information on using the DetachPolicy 4007// API call, and error handling. 4008// 4009// This method is useful when you want to inject custom logic or configuration 4010// into the SDK's request lifecycle. Such as custom headers, or retry logic. 4011// 4012// 4013// // Example sending a request using the DetachPolicyRequest method. 4014// req, resp := client.DetachPolicyRequest(params) 4015// 4016// err := req.Send() 4017// if err == nil { // resp is now filled 4018// fmt.Println(resp) 4019// } 4020// 4021// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DetachPolicy 4022func (c *Organizations) DetachPolicyRequest(input *DetachPolicyInput) (req *request.Request, output *DetachPolicyOutput) { 4023 op := &request.Operation{ 4024 Name: opDetachPolicy, 4025 HTTPMethod: "POST", 4026 HTTPPath: "/", 4027 } 4028 4029 if input == nil { 4030 input = &DetachPolicyInput{} 4031 } 4032 4033 output = &DetachPolicyOutput{} 4034 req = c.newRequest(op, input, output) 4035 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 4036 return 4037} 4038 4039// DetachPolicy API operation for AWS Organizations. 4040// 4041// Detaches a policy from a target root, organizational unit (OU), or account. 4042// If the policy being detached is a service control policy (SCP), the changes 4043// to permissions for IAM users and roles in affected accounts are immediate. 4044// 4045// Note: Every root, OU, and account must have at least one SCP attached. If 4046// you want to replace the default FullAWSAccess policy with one that limits 4047// the permissions that can be delegated, you must attach the replacement policy 4048// before you can remove the default one. This is the authorization strategy 4049// of whitelisting (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_about-scps.html#orgs_policies_whitelist). 4050// If you instead attach a second SCP and leave the FullAWSAccess SCP still 4051// attached, and specify "Effect": "Deny" in the second SCP to override the 4052// "Effect": "Allow" in the FullAWSAccess policy (or any other attached SCP), 4053// you're using the authorization strategy of blacklisting (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_about-scps.html#orgs_policies_blacklist) . 4054// 4055// This operation can be called only from the organization's master account. 4056// 4057// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4058// with awserr.Error's Code and Message methods to get detailed information about 4059// the error. 4060// 4061// See the AWS API reference guide for AWS Organizations's 4062// API operation DetachPolicy for usage and error information. 4063// 4064// Returned Error Codes: 4065// * ErrCodeAccessDeniedException "AccessDeniedException" 4066// You don't have permissions to perform the requested operation. The user or 4067// role that is making the request must have at least one IAM permissions policy 4068// attached that grants the required permissions. For more information, see 4069// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 4070// in the IAM User Guide. 4071// 4072// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 4073// Your account isn't a member of an organization. To make this request, you 4074// must use the credentials of an account that belongs to an organization. 4075// 4076// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 4077// The target of the operation is currently being modified by a different request. 4078// Try again later. 4079// 4080// * ErrCodeConstraintViolationException "ConstraintViolationException" 4081// Performing this operation violates a minimum or maximum value limit. For 4082// example, attempting to remove the last service control policy (SCP) from 4083// an OU or root, inviting or creating too many accounts to the organization, 4084// or attaching too many policies to an account, OU, or root. This exception 4085// includes a reason that contains additional information about the violated 4086// limit. 4087// 4088// Some of the reasons in the following list might not be applicable to this 4089// specific API or operation: 4090// 4091// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 4092// from the organization that doesn't yet have enough information to exist 4093// as a standalone account. This account requires you to first agree to the 4094// AWS Customer Agreement. Follow the steps at To leave an organization when 4095// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 4096// in the AWS Organizations User Guide. 4097// 4098// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 4099// an account from the organization that doesn't yet have enough information 4100// to exist as a standalone account. This account requires you to first complete 4101// phone verification. Follow the steps at To leave an organization when 4102// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 4103// in the AWS Organizations User Guide. 4104// 4105// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 4106// of accounts that you can create in one day. 4107// 4108// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 4109// the number of accounts in an organization. If you need more accounts, 4110// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 4111// request an increase in your limit. Or the number of invitations that you 4112// tried to send would cause you to exceed the limit of accounts in your 4113// organization. Send fewer invitations or contact AWS Support to request 4114// an increase in the number of accounts. Deleted and closed accounts still 4115// count toward your limit. If you get receive this exception when running 4116// a command immediately after creating the organization, wait one hour and 4117// try again. If after an hour it continues to fail with this error, contact 4118// AWS Support (https://console.aws.amazon.com/support/home#/). 4119// 4120// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 4121// handshakes that you can send in one day. 4122// 4123// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 4124// in this organization, you first must migrate the organization's master 4125// account to the marketplace that corresponds to the master account's address. 4126// For example, accounts with India addresses must be associated with the 4127// AISPL marketplace. All accounts in an organization must be associated 4128// with the same marketplace. 4129// 4130// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 4131// must first provide contact a valid address and phone number for the master 4132// account. Then try the operation again. 4133// 4134// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 4135// master account must have an associated account in the AWS GovCloud (US-West) 4136// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 4137// in the AWS GovCloud User Guide. 4138// 4139// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 4140// with this master account, you first must associate a valid payment instrument, 4141// such as a credit card, with the account. Follow the steps at To leave 4142// an organization when all required account information has not yet been 4143// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 4144// in the AWS Organizations User Guide. 4145// 4146// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 4147// number of policies of a certain type that can be attached to an entity 4148// at one time. 4149// 4150// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 4151// on this resource. 4152// 4153// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 4154// with this member account, you first must associate a valid payment instrument, 4155// such as a credit card, with the account. Follow the steps at To leave 4156// an organization when all required account information has not yet been 4157// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 4158// in the AWS Organizations User Guide. 4159// 4160// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 4161// policy from an entity that would cause the entity to have fewer than the 4162// minimum number of policies of a certain type required. 4163// 4164// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 4165// too many levels deep. 4166// 4167// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 4168// that requires the organization to be configured to support all features. 4169// An organization that supports only consolidated billing features can't 4170// perform this operation. 4171// 4172// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 4173// that you can have in an organization. 4174// 4175// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 4176// policies that you can have in an organization. 4177// 4178// * ErrCodeInvalidInputException "InvalidInputException" 4179// The requested operation failed because you provided invalid values for one 4180// or more of the request parameters. This exception includes a reason that 4181// contains additional information about the violated limit: 4182// 4183// Some of the reasons in the following list might not be applicable to this 4184// specific API or operation: 4185// 4186// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 4187// can't be modified. 4188// 4189// * INPUT_REQUIRED: You must include a value for all required parameters. 4190// 4191// * INVALID_ENUM: You specified an invalid value. 4192// 4193// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 4194// characters. 4195// 4196// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 4197// at least one invalid value. 4198// 4199// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 4200// from the response to a previous call of the operation. 4201// 4202// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 4203// organization, or email) as a party. 4204// 4205// * INVALID_PATTERN: You provided a value that doesn't match the required 4206// pattern. 4207// 4208// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 4209// match the required pattern. 4210// 4211// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 4212// name can't begin with the reserved prefix AWSServiceRoleFor. 4213// 4214// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 4215// Name (ARN) for the organization. 4216// 4217// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 4218// 4219// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 4220// tag. You can’t add, edit, or delete system tag keys because they're 4221// reserved for AWS use. System tags don’t count against your tags per 4222// resource limit. 4223// 4224// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 4225// for the operation. 4226// 4227// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 4228// than allowed. 4229// 4230// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 4231// value than allowed. 4232// 4233// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 4234// than allowed. 4235// 4236// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 4237// value than allowed. 4238// 4239// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 4240// between entities in the same root. 4241// 4242// * ErrCodePolicyNotAttachedException "PolicyNotAttachedException" 4243// The policy isn't attached to the specified target in the specified root. 4244// 4245// * ErrCodePolicyNotFoundException "PolicyNotFoundException" 4246// We can't find a policy with the PolicyId that you specified. 4247// 4248// * ErrCodeServiceException "ServiceException" 4249// AWS Organizations can't complete your request because of an internal service 4250// error. Try again later. 4251// 4252// * ErrCodeTargetNotFoundException "TargetNotFoundException" 4253// We can't find a root, OU, or account with the TargetId that you specified. 4254// 4255// * ErrCodeTooManyRequestsException "TooManyRequestsException" 4256// You have sent too many requests in too short a period of time. The limit 4257// helps protect against denial-of-service attacks. Try again later. 4258// 4259// For information on limits that affect AWS Organizations, see Limits of AWS 4260// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 4261// in the AWS Organizations User Guide. 4262// 4263// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DetachPolicy 4264func (c *Organizations) DetachPolicy(input *DetachPolicyInput) (*DetachPolicyOutput, error) { 4265 req, out := c.DetachPolicyRequest(input) 4266 return out, req.Send() 4267} 4268 4269// DetachPolicyWithContext is the same as DetachPolicy with the addition of 4270// the ability to pass a context and additional request options. 4271// 4272// See DetachPolicy for details on how to use this API operation. 4273// 4274// The context must be non-nil and will be used for request cancellation. If 4275// the context is nil a panic will occur. In the future the SDK may create 4276// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 4277// for more information on using Contexts. 4278func (c *Organizations) DetachPolicyWithContext(ctx aws.Context, input *DetachPolicyInput, opts ...request.Option) (*DetachPolicyOutput, error) { 4279 req, out := c.DetachPolicyRequest(input) 4280 req.SetContext(ctx) 4281 req.ApplyOptions(opts...) 4282 return out, req.Send() 4283} 4284 4285const opDisableAWSServiceAccess = "DisableAWSServiceAccess" 4286 4287// DisableAWSServiceAccessRequest generates a "aws/request.Request" representing the 4288// client's request for the DisableAWSServiceAccess operation. The "output" return 4289// value will be populated with the request's response once the request completes 4290// successfully. 4291// 4292// Use "Send" method on the returned Request to send the API call to the service. 4293// the "output" return value is not valid until after Send returns without error. 4294// 4295// See DisableAWSServiceAccess for more information on using the DisableAWSServiceAccess 4296// API call, and error handling. 4297// 4298// This method is useful when you want to inject custom logic or configuration 4299// into the SDK's request lifecycle. Such as custom headers, or retry logic. 4300// 4301// 4302// // Example sending a request using the DisableAWSServiceAccessRequest method. 4303// req, resp := client.DisableAWSServiceAccessRequest(params) 4304// 4305// err := req.Send() 4306// if err == nil { // resp is now filled 4307// fmt.Println(resp) 4308// } 4309// 4310// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisableAWSServiceAccess 4311func (c *Organizations) DisableAWSServiceAccessRequest(input *DisableAWSServiceAccessInput) (req *request.Request, output *DisableAWSServiceAccessOutput) { 4312 op := &request.Operation{ 4313 Name: opDisableAWSServiceAccess, 4314 HTTPMethod: "POST", 4315 HTTPPath: "/", 4316 } 4317 4318 if input == nil { 4319 input = &DisableAWSServiceAccessInput{} 4320 } 4321 4322 output = &DisableAWSServiceAccessOutput{} 4323 req = c.newRequest(op, input, output) 4324 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 4325 return 4326} 4327 4328// DisableAWSServiceAccess API operation for AWS Organizations. 4329// 4330// Disables the integration of an AWS service (the service that is specified 4331// by ServicePrincipal) with AWS Organizations. When you disable integration, 4332// the specified service no longer can create a service-linked role (http://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html) 4333// in new accounts in your organization. This means the service can't perform 4334// operations on your behalf on any new accounts in your organization. The service 4335// can still perform operations in older accounts until the service completes 4336// its clean-up from AWS Organizations. 4337// 4338// We recommend that you disable integration between AWS Organizations and the 4339// specified AWS service by using the console or commands that are provided 4340// by the specified service. Doing so ensures that the other service is aware 4341// that it can clean up any resources that are required only for the integration. 4342// How the service cleans up its resources in the organization's accounts depends 4343// on that service. For more information, see the documentation for the other 4344// AWS service. 4345// 4346// After you perform the DisableAWSServiceAccess operation, the specified service 4347// can no longer perform operations in your organization's accounts unless the 4348// operations are explicitly permitted by the IAM policies that are attached 4349// to your roles. 4350// 4351// For more information about integrating other services with AWS Organizations, 4352// including the list of services that work with Organizations, see Integrating 4353// AWS Organizations with Other AWS Services (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html) 4354// in the AWS Organizations User Guide. 4355// 4356// This operation can be called only from the organization's master account. 4357// 4358// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4359// with awserr.Error's Code and Message methods to get detailed information about 4360// the error. 4361// 4362// See the AWS API reference guide for AWS Organizations's 4363// API operation DisableAWSServiceAccess for usage and error information. 4364// 4365// Returned Error Codes: 4366// * ErrCodeAccessDeniedException "AccessDeniedException" 4367// You don't have permissions to perform the requested operation. The user or 4368// role that is making the request must have at least one IAM permissions policy 4369// attached that grants the required permissions. For more information, see 4370// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 4371// in the IAM User Guide. 4372// 4373// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 4374// Your account isn't a member of an organization. To make this request, you 4375// must use the credentials of an account that belongs to an organization. 4376// 4377// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 4378// The target of the operation is currently being modified by a different request. 4379// Try again later. 4380// 4381// * ErrCodeConstraintViolationException "ConstraintViolationException" 4382// Performing this operation violates a minimum or maximum value limit. For 4383// example, attempting to remove the last service control policy (SCP) from 4384// an OU or root, inviting or creating too many accounts to the organization, 4385// or attaching too many policies to an account, OU, or root. This exception 4386// includes a reason that contains additional information about the violated 4387// limit. 4388// 4389// Some of the reasons in the following list might not be applicable to this 4390// specific API or operation: 4391// 4392// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 4393// from the organization that doesn't yet have enough information to exist 4394// as a standalone account. This account requires you to first agree to the 4395// AWS Customer Agreement. Follow the steps at To leave an organization when 4396// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 4397// in the AWS Organizations User Guide. 4398// 4399// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 4400// an account from the organization that doesn't yet have enough information 4401// to exist as a standalone account. This account requires you to first complete 4402// phone verification. Follow the steps at To leave an organization when 4403// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 4404// in the AWS Organizations User Guide. 4405// 4406// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 4407// of accounts that you can create in one day. 4408// 4409// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 4410// the number of accounts in an organization. If you need more accounts, 4411// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 4412// request an increase in your limit. Or the number of invitations that you 4413// tried to send would cause you to exceed the limit of accounts in your 4414// organization. Send fewer invitations or contact AWS Support to request 4415// an increase in the number of accounts. Deleted and closed accounts still 4416// count toward your limit. If you get receive this exception when running 4417// a command immediately after creating the organization, wait one hour and 4418// try again. If after an hour it continues to fail with this error, contact 4419// AWS Support (https://console.aws.amazon.com/support/home#/). 4420// 4421// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 4422// handshakes that you can send in one day. 4423// 4424// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 4425// in this organization, you first must migrate the organization's master 4426// account to the marketplace that corresponds to the master account's address. 4427// For example, accounts with India addresses must be associated with the 4428// AISPL marketplace. All accounts in an organization must be associated 4429// with the same marketplace. 4430// 4431// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 4432// must first provide contact a valid address and phone number for the master 4433// account. Then try the operation again. 4434// 4435// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 4436// master account must have an associated account in the AWS GovCloud (US-West) 4437// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 4438// in the AWS GovCloud User Guide. 4439// 4440// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 4441// with this master account, you first must associate a valid payment instrument, 4442// such as a credit card, with the account. Follow the steps at To leave 4443// an organization when all required account information has not yet been 4444// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 4445// in the AWS Organizations User Guide. 4446// 4447// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 4448// number of policies of a certain type that can be attached to an entity 4449// at one time. 4450// 4451// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 4452// on this resource. 4453// 4454// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 4455// with this member account, you first must associate a valid payment instrument, 4456// such as a credit card, with the account. Follow the steps at To leave 4457// an organization when all required account information has not yet been 4458// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 4459// in the AWS Organizations User Guide. 4460// 4461// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 4462// policy from an entity that would cause the entity to have fewer than the 4463// minimum number of policies of a certain type required. 4464// 4465// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 4466// too many levels deep. 4467// 4468// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 4469// that requires the organization to be configured to support all features. 4470// An organization that supports only consolidated billing features can't 4471// perform this operation. 4472// 4473// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 4474// that you can have in an organization. 4475// 4476// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 4477// policies that you can have in an organization. 4478// 4479// * ErrCodeInvalidInputException "InvalidInputException" 4480// The requested operation failed because you provided invalid values for one 4481// or more of the request parameters. This exception includes a reason that 4482// contains additional information about the violated limit: 4483// 4484// Some of the reasons in the following list might not be applicable to this 4485// specific API or operation: 4486// 4487// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 4488// can't be modified. 4489// 4490// * INPUT_REQUIRED: You must include a value for all required parameters. 4491// 4492// * INVALID_ENUM: You specified an invalid value. 4493// 4494// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 4495// characters. 4496// 4497// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 4498// at least one invalid value. 4499// 4500// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 4501// from the response to a previous call of the operation. 4502// 4503// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 4504// organization, or email) as a party. 4505// 4506// * INVALID_PATTERN: You provided a value that doesn't match the required 4507// pattern. 4508// 4509// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 4510// match the required pattern. 4511// 4512// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 4513// name can't begin with the reserved prefix AWSServiceRoleFor. 4514// 4515// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 4516// Name (ARN) for the organization. 4517// 4518// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 4519// 4520// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 4521// tag. You can’t add, edit, or delete system tag keys because they're 4522// reserved for AWS use. System tags don’t count against your tags per 4523// resource limit. 4524// 4525// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 4526// for the operation. 4527// 4528// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 4529// than allowed. 4530// 4531// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 4532// value than allowed. 4533// 4534// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 4535// than allowed. 4536// 4537// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 4538// value than allowed. 4539// 4540// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 4541// between entities in the same root. 4542// 4543// * ErrCodeServiceException "ServiceException" 4544// AWS Organizations can't complete your request because of an internal service 4545// error. Try again later. 4546// 4547// * ErrCodeTooManyRequestsException "TooManyRequestsException" 4548// You have sent too many requests in too short a period of time. The limit 4549// helps protect against denial-of-service attacks. Try again later. 4550// 4551// For information on limits that affect AWS Organizations, see Limits of AWS 4552// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 4553// in the AWS Organizations User Guide. 4554// 4555// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisableAWSServiceAccess 4556func (c *Organizations) DisableAWSServiceAccess(input *DisableAWSServiceAccessInput) (*DisableAWSServiceAccessOutput, error) { 4557 req, out := c.DisableAWSServiceAccessRequest(input) 4558 return out, req.Send() 4559} 4560 4561// DisableAWSServiceAccessWithContext is the same as DisableAWSServiceAccess with the addition of 4562// the ability to pass a context and additional request options. 4563// 4564// See DisableAWSServiceAccess for details on how to use this API operation. 4565// 4566// The context must be non-nil and will be used for request cancellation. If 4567// the context is nil a panic will occur. In the future the SDK may create 4568// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 4569// for more information on using Contexts. 4570func (c *Organizations) DisableAWSServiceAccessWithContext(ctx aws.Context, input *DisableAWSServiceAccessInput, opts ...request.Option) (*DisableAWSServiceAccessOutput, error) { 4571 req, out := c.DisableAWSServiceAccessRequest(input) 4572 req.SetContext(ctx) 4573 req.ApplyOptions(opts...) 4574 return out, req.Send() 4575} 4576 4577const opDisablePolicyType = "DisablePolicyType" 4578 4579// DisablePolicyTypeRequest generates a "aws/request.Request" representing the 4580// client's request for the DisablePolicyType operation. The "output" return 4581// value will be populated with the request's response once the request completes 4582// successfully. 4583// 4584// Use "Send" method on the returned Request to send the API call to the service. 4585// the "output" return value is not valid until after Send returns without error. 4586// 4587// See DisablePolicyType for more information on using the DisablePolicyType 4588// API call, and error handling. 4589// 4590// This method is useful when you want to inject custom logic or configuration 4591// into the SDK's request lifecycle. Such as custom headers, or retry logic. 4592// 4593// 4594// // Example sending a request using the DisablePolicyTypeRequest method. 4595// req, resp := client.DisablePolicyTypeRequest(params) 4596// 4597// err := req.Send() 4598// if err == nil { // resp is now filled 4599// fmt.Println(resp) 4600// } 4601// 4602// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyType 4603func (c *Organizations) DisablePolicyTypeRequest(input *DisablePolicyTypeInput) (req *request.Request, output *DisablePolicyTypeOutput) { 4604 op := &request.Operation{ 4605 Name: opDisablePolicyType, 4606 HTTPMethod: "POST", 4607 HTTPPath: "/", 4608 } 4609 4610 if input == nil { 4611 input = &DisablePolicyTypeInput{} 4612 } 4613 4614 output = &DisablePolicyTypeOutput{} 4615 req = c.newRequest(op, input, output) 4616 return 4617} 4618 4619// DisablePolicyType API operation for AWS Organizations. 4620// 4621// Disables an organizational control policy type in a root. A policy of a certain 4622// type can be attached to entities in a root only if that type is enabled in 4623// the root. After you perform this operation, you no longer can attach policies 4624// of the specified type to that root or to any organizational unit (OU) or 4625// account in that root. You can undo this by using the EnablePolicyType operation. 4626// 4627// This is an asynchronous request that AWS performs in the background. If you 4628// disable a policy for a root, it still appears enabled for the organization 4629// if all features (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) 4630// are enabled for the organization. AWS recommends that you first use ListRoots 4631// to see the status of policy types for a specified root, and then use this 4632// operation. 4633// 4634// This operation can be called only from the organization's master account. 4635// 4636// To view the status of available policy types in the organization, use DescribeOrganization. 4637// 4638// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4639// with awserr.Error's Code and Message methods to get detailed information about 4640// the error. 4641// 4642// See the AWS API reference guide for AWS Organizations's 4643// API operation DisablePolicyType for usage and error information. 4644// 4645// Returned Error Codes: 4646// * ErrCodeAccessDeniedException "AccessDeniedException" 4647// You don't have permissions to perform the requested operation. The user or 4648// role that is making the request must have at least one IAM permissions policy 4649// attached that grants the required permissions. For more information, see 4650// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 4651// in the IAM User Guide. 4652// 4653// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 4654// Your account isn't a member of an organization. To make this request, you 4655// must use the credentials of an account that belongs to an organization. 4656// 4657// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 4658// The target of the operation is currently being modified by a different request. 4659// Try again later. 4660// 4661// * ErrCodeConstraintViolationException "ConstraintViolationException" 4662// Performing this operation violates a minimum or maximum value limit. For 4663// example, attempting to remove the last service control policy (SCP) from 4664// an OU or root, inviting or creating too many accounts to the organization, 4665// or attaching too many policies to an account, OU, or root. This exception 4666// includes a reason that contains additional information about the violated 4667// limit. 4668// 4669// Some of the reasons in the following list might not be applicable to this 4670// specific API or operation: 4671// 4672// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 4673// from the organization that doesn't yet have enough information to exist 4674// as a standalone account. This account requires you to first agree to the 4675// AWS Customer Agreement. Follow the steps at To leave an organization when 4676// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 4677// in the AWS Organizations User Guide. 4678// 4679// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 4680// an account from the organization that doesn't yet have enough information 4681// to exist as a standalone account. This account requires you to first complete 4682// phone verification. Follow the steps at To leave an organization when 4683// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 4684// in the AWS Organizations User Guide. 4685// 4686// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 4687// of accounts that you can create in one day. 4688// 4689// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 4690// the number of accounts in an organization. If you need more accounts, 4691// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 4692// request an increase in your limit. Or the number of invitations that you 4693// tried to send would cause you to exceed the limit of accounts in your 4694// organization. Send fewer invitations or contact AWS Support to request 4695// an increase in the number of accounts. Deleted and closed accounts still 4696// count toward your limit. If you get receive this exception when running 4697// a command immediately after creating the organization, wait one hour and 4698// try again. If after an hour it continues to fail with this error, contact 4699// AWS Support (https://console.aws.amazon.com/support/home#/). 4700// 4701// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 4702// handshakes that you can send in one day. 4703// 4704// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 4705// in this organization, you first must migrate the organization's master 4706// account to the marketplace that corresponds to the master account's address. 4707// For example, accounts with India addresses must be associated with the 4708// AISPL marketplace. All accounts in an organization must be associated 4709// with the same marketplace. 4710// 4711// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 4712// must first provide contact a valid address and phone number for the master 4713// account. Then try the operation again. 4714// 4715// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 4716// master account must have an associated account in the AWS GovCloud (US-West) 4717// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 4718// in the AWS GovCloud User Guide. 4719// 4720// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 4721// with this master account, you first must associate a valid payment instrument, 4722// such as a credit card, with the account. Follow the steps at To leave 4723// an organization when all required account information has not yet been 4724// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 4725// in the AWS Organizations User Guide. 4726// 4727// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 4728// number of policies of a certain type that can be attached to an entity 4729// at one time. 4730// 4731// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 4732// on this resource. 4733// 4734// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 4735// with this member account, you first must associate a valid payment instrument, 4736// such as a credit card, with the account. Follow the steps at To leave 4737// an organization when all required account information has not yet been 4738// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 4739// in the AWS Organizations User Guide. 4740// 4741// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 4742// policy from an entity that would cause the entity to have fewer than the 4743// minimum number of policies of a certain type required. 4744// 4745// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 4746// too many levels deep. 4747// 4748// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 4749// that requires the organization to be configured to support all features. 4750// An organization that supports only consolidated billing features can't 4751// perform this operation. 4752// 4753// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 4754// that you can have in an organization. 4755// 4756// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 4757// policies that you can have in an organization. 4758// 4759// * ErrCodeInvalidInputException "InvalidInputException" 4760// The requested operation failed because you provided invalid values for one 4761// or more of the request parameters. This exception includes a reason that 4762// contains additional information about the violated limit: 4763// 4764// Some of the reasons in the following list might not be applicable to this 4765// specific API or operation: 4766// 4767// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 4768// can't be modified. 4769// 4770// * INPUT_REQUIRED: You must include a value for all required parameters. 4771// 4772// * INVALID_ENUM: You specified an invalid value. 4773// 4774// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 4775// characters. 4776// 4777// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 4778// at least one invalid value. 4779// 4780// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 4781// from the response to a previous call of the operation. 4782// 4783// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 4784// organization, or email) as a party. 4785// 4786// * INVALID_PATTERN: You provided a value that doesn't match the required 4787// pattern. 4788// 4789// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 4790// match the required pattern. 4791// 4792// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 4793// name can't begin with the reserved prefix AWSServiceRoleFor. 4794// 4795// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 4796// Name (ARN) for the organization. 4797// 4798// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 4799// 4800// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 4801// tag. You can’t add, edit, or delete system tag keys because they're 4802// reserved for AWS use. System tags don’t count against your tags per 4803// resource limit. 4804// 4805// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 4806// for the operation. 4807// 4808// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 4809// than allowed. 4810// 4811// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 4812// value than allowed. 4813// 4814// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 4815// than allowed. 4816// 4817// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 4818// value than allowed. 4819// 4820// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 4821// between entities in the same root. 4822// 4823// * ErrCodePolicyTypeNotEnabledException "PolicyTypeNotEnabledException" 4824// The specified policy type isn't currently enabled in this root. You can't 4825// attach policies of the specified type to entities in a root until you enable 4826// that type in the root. For more information, see Enabling All Features in 4827// Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) 4828// in the AWS Organizations User Guide. 4829// 4830// * ErrCodeRootNotFoundException "RootNotFoundException" 4831// We can't find a root with the RootId that you specified. 4832// 4833// * ErrCodeServiceException "ServiceException" 4834// AWS Organizations can't complete your request because of an internal service 4835// error. Try again later. 4836// 4837// * ErrCodeTooManyRequestsException "TooManyRequestsException" 4838// You have sent too many requests in too short a period of time. The limit 4839// helps protect against denial-of-service attacks. Try again later. 4840// 4841// For information on limits that affect AWS Organizations, see Limits of AWS 4842// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 4843// in the AWS Organizations User Guide. 4844// 4845// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyType 4846func (c *Organizations) DisablePolicyType(input *DisablePolicyTypeInput) (*DisablePolicyTypeOutput, error) { 4847 req, out := c.DisablePolicyTypeRequest(input) 4848 return out, req.Send() 4849} 4850 4851// DisablePolicyTypeWithContext is the same as DisablePolicyType with the addition of 4852// the ability to pass a context and additional request options. 4853// 4854// See DisablePolicyType for details on how to use this API operation. 4855// 4856// The context must be non-nil and will be used for request cancellation. If 4857// the context is nil a panic will occur. In the future the SDK may create 4858// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 4859// for more information on using Contexts. 4860func (c *Organizations) DisablePolicyTypeWithContext(ctx aws.Context, input *DisablePolicyTypeInput, opts ...request.Option) (*DisablePolicyTypeOutput, error) { 4861 req, out := c.DisablePolicyTypeRequest(input) 4862 req.SetContext(ctx) 4863 req.ApplyOptions(opts...) 4864 return out, req.Send() 4865} 4866 4867const opEnableAWSServiceAccess = "EnableAWSServiceAccess" 4868 4869// EnableAWSServiceAccessRequest generates a "aws/request.Request" representing the 4870// client's request for the EnableAWSServiceAccess operation. The "output" return 4871// value will be populated with the request's response once the request completes 4872// successfully. 4873// 4874// Use "Send" method on the returned Request to send the API call to the service. 4875// the "output" return value is not valid until after Send returns without error. 4876// 4877// See EnableAWSServiceAccess for more information on using the EnableAWSServiceAccess 4878// API call, and error handling. 4879// 4880// This method is useful when you want to inject custom logic or configuration 4881// into the SDK's request lifecycle. Such as custom headers, or retry logic. 4882// 4883// 4884// // Example sending a request using the EnableAWSServiceAccessRequest method. 4885// req, resp := client.EnableAWSServiceAccessRequest(params) 4886// 4887// err := req.Send() 4888// if err == nil { // resp is now filled 4889// fmt.Println(resp) 4890// } 4891// 4892// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAWSServiceAccess 4893func (c *Organizations) EnableAWSServiceAccessRequest(input *EnableAWSServiceAccessInput) (req *request.Request, output *EnableAWSServiceAccessOutput) { 4894 op := &request.Operation{ 4895 Name: opEnableAWSServiceAccess, 4896 HTTPMethod: "POST", 4897 HTTPPath: "/", 4898 } 4899 4900 if input == nil { 4901 input = &EnableAWSServiceAccessInput{} 4902 } 4903 4904 output = &EnableAWSServiceAccessOutput{} 4905 req = c.newRequest(op, input, output) 4906 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 4907 return 4908} 4909 4910// EnableAWSServiceAccess API operation for AWS Organizations. 4911// 4912// Enables the integration of an AWS service (the service that is specified 4913// by ServicePrincipal) with AWS Organizations. When you enable integration, 4914// you allow the specified service to create a service-linked role (http://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html) 4915// in all the accounts in your organization. This allows the service to perform 4916// operations on your behalf in your organization and its accounts. 4917// 4918// We recommend that you enable integration between AWS Organizations and the 4919// specified AWS service by using the console or commands that are provided 4920// by the specified service. Doing so ensures that the service is aware that 4921// it can create the resources that are required for the integration. How the 4922// service creates those resources in the organization's accounts depends on 4923// that service. For more information, see the documentation for the other AWS 4924// service. 4925// 4926// For more information about enabling services to integrate with AWS Organizations, 4927// see Integrating AWS Organizations with Other AWS Services (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html) 4928// in the AWS Organizations User Guide. 4929// 4930// This operation can be called only from the organization's master account 4931// and only if the organization has enabled all features (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html). 4932// 4933// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4934// with awserr.Error's Code and Message methods to get detailed information about 4935// the error. 4936// 4937// See the AWS API reference guide for AWS Organizations's 4938// API operation EnableAWSServiceAccess for usage and error information. 4939// 4940// Returned Error Codes: 4941// * ErrCodeAccessDeniedException "AccessDeniedException" 4942// You don't have permissions to perform the requested operation. The user or 4943// role that is making the request must have at least one IAM permissions policy 4944// attached that grants the required permissions. For more information, see 4945// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 4946// in the IAM User Guide. 4947// 4948// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 4949// Your account isn't a member of an organization. To make this request, you 4950// must use the credentials of an account that belongs to an organization. 4951// 4952// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 4953// The target of the operation is currently being modified by a different request. 4954// Try again later. 4955// 4956// * ErrCodeConstraintViolationException "ConstraintViolationException" 4957// Performing this operation violates a minimum or maximum value limit. For 4958// example, attempting to remove the last service control policy (SCP) from 4959// an OU or root, inviting or creating too many accounts to the organization, 4960// or attaching too many policies to an account, OU, or root. This exception 4961// includes a reason that contains additional information about the violated 4962// limit. 4963// 4964// Some of the reasons in the following list might not be applicable to this 4965// specific API or operation: 4966// 4967// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 4968// from the organization that doesn't yet have enough information to exist 4969// as a standalone account. This account requires you to first agree to the 4970// AWS Customer Agreement. Follow the steps at To leave an organization when 4971// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 4972// in the AWS Organizations User Guide. 4973// 4974// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 4975// an account from the organization that doesn't yet have enough information 4976// to exist as a standalone account. This account requires you to first complete 4977// phone verification. Follow the steps at To leave an organization when 4978// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 4979// in the AWS Organizations User Guide. 4980// 4981// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 4982// of accounts that you can create in one day. 4983// 4984// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 4985// the number of accounts in an organization. If you need more accounts, 4986// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 4987// request an increase in your limit. Or the number of invitations that you 4988// tried to send would cause you to exceed the limit of accounts in your 4989// organization. Send fewer invitations or contact AWS Support to request 4990// an increase in the number of accounts. Deleted and closed accounts still 4991// count toward your limit. If you get receive this exception when running 4992// a command immediately after creating the organization, wait one hour and 4993// try again. If after an hour it continues to fail with this error, contact 4994// AWS Support (https://console.aws.amazon.com/support/home#/). 4995// 4996// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 4997// handshakes that you can send in one day. 4998// 4999// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 5000// in this organization, you first must migrate the organization's master 5001// account to the marketplace that corresponds to the master account's address. 5002// For example, accounts with India addresses must be associated with the 5003// AISPL marketplace. All accounts in an organization must be associated 5004// with the same marketplace. 5005// 5006// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 5007// must first provide contact a valid address and phone number for the master 5008// account. Then try the operation again. 5009// 5010// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 5011// master account must have an associated account in the AWS GovCloud (US-West) 5012// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 5013// in the AWS GovCloud User Guide. 5014// 5015// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 5016// with this master account, you first must associate a valid payment instrument, 5017// such as a credit card, with the account. Follow the steps at To leave 5018// an organization when all required account information has not yet been 5019// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 5020// in the AWS Organizations User Guide. 5021// 5022// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 5023// number of policies of a certain type that can be attached to an entity 5024// at one time. 5025// 5026// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 5027// on this resource. 5028// 5029// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 5030// with this member account, you first must associate a valid payment instrument, 5031// such as a credit card, with the account. Follow the steps at To leave 5032// an organization when all required account information has not yet been 5033// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 5034// in the AWS Organizations User Guide. 5035// 5036// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 5037// policy from an entity that would cause the entity to have fewer than the 5038// minimum number of policies of a certain type required. 5039// 5040// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 5041// too many levels deep. 5042// 5043// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 5044// that requires the organization to be configured to support all features. 5045// An organization that supports only consolidated billing features can't 5046// perform this operation. 5047// 5048// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 5049// that you can have in an organization. 5050// 5051// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 5052// policies that you can have in an organization. 5053// 5054// * ErrCodeInvalidInputException "InvalidInputException" 5055// The requested operation failed because you provided invalid values for one 5056// or more of the request parameters. This exception includes a reason that 5057// contains additional information about the violated limit: 5058// 5059// Some of the reasons in the following list might not be applicable to this 5060// specific API or operation: 5061// 5062// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 5063// can't be modified. 5064// 5065// * INPUT_REQUIRED: You must include a value for all required parameters. 5066// 5067// * INVALID_ENUM: You specified an invalid value. 5068// 5069// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 5070// characters. 5071// 5072// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 5073// at least one invalid value. 5074// 5075// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 5076// from the response to a previous call of the operation. 5077// 5078// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 5079// organization, or email) as a party. 5080// 5081// * INVALID_PATTERN: You provided a value that doesn't match the required 5082// pattern. 5083// 5084// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 5085// match the required pattern. 5086// 5087// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 5088// name can't begin with the reserved prefix AWSServiceRoleFor. 5089// 5090// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 5091// Name (ARN) for the organization. 5092// 5093// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 5094// 5095// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 5096// tag. You can’t add, edit, or delete system tag keys because they're 5097// reserved for AWS use. System tags don’t count against your tags per 5098// resource limit. 5099// 5100// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 5101// for the operation. 5102// 5103// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 5104// than allowed. 5105// 5106// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 5107// value than allowed. 5108// 5109// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 5110// than allowed. 5111// 5112// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 5113// value than allowed. 5114// 5115// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 5116// between entities in the same root. 5117// 5118// * ErrCodeServiceException "ServiceException" 5119// AWS Organizations can't complete your request because of an internal service 5120// error. Try again later. 5121// 5122// * ErrCodeTooManyRequestsException "TooManyRequestsException" 5123// You have sent too many requests in too short a period of time. The limit 5124// helps protect against denial-of-service attacks. Try again later. 5125// 5126// For information on limits that affect AWS Organizations, see Limits of AWS 5127// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 5128// in the AWS Organizations User Guide. 5129// 5130// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAWSServiceAccess 5131func (c *Organizations) EnableAWSServiceAccess(input *EnableAWSServiceAccessInput) (*EnableAWSServiceAccessOutput, error) { 5132 req, out := c.EnableAWSServiceAccessRequest(input) 5133 return out, req.Send() 5134} 5135 5136// EnableAWSServiceAccessWithContext is the same as EnableAWSServiceAccess with the addition of 5137// the ability to pass a context and additional request options. 5138// 5139// See EnableAWSServiceAccess for details on how to use this API operation. 5140// 5141// The context must be non-nil and will be used for request cancellation. If 5142// the context is nil a panic will occur. In the future the SDK may create 5143// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 5144// for more information on using Contexts. 5145func (c *Organizations) EnableAWSServiceAccessWithContext(ctx aws.Context, input *EnableAWSServiceAccessInput, opts ...request.Option) (*EnableAWSServiceAccessOutput, error) { 5146 req, out := c.EnableAWSServiceAccessRequest(input) 5147 req.SetContext(ctx) 5148 req.ApplyOptions(opts...) 5149 return out, req.Send() 5150} 5151 5152const opEnableAllFeatures = "EnableAllFeatures" 5153 5154// EnableAllFeaturesRequest generates a "aws/request.Request" representing the 5155// client's request for the EnableAllFeatures operation. The "output" return 5156// value will be populated with the request's response once the request completes 5157// successfully. 5158// 5159// Use "Send" method on the returned Request to send the API call to the service. 5160// the "output" return value is not valid until after Send returns without error. 5161// 5162// See EnableAllFeatures for more information on using the EnableAllFeatures 5163// API call, and error handling. 5164// 5165// This method is useful when you want to inject custom logic or configuration 5166// into the SDK's request lifecycle. Such as custom headers, or retry logic. 5167// 5168// 5169// // Example sending a request using the EnableAllFeaturesRequest method. 5170// req, resp := client.EnableAllFeaturesRequest(params) 5171// 5172// err := req.Send() 5173// if err == nil { // resp is now filled 5174// fmt.Println(resp) 5175// } 5176// 5177// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAllFeatures 5178func (c *Organizations) EnableAllFeaturesRequest(input *EnableAllFeaturesInput) (req *request.Request, output *EnableAllFeaturesOutput) { 5179 op := &request.Operation{ 5180 Name: opEnableAllFeatures, 5181 HTTPMethod: "POST", 5182 HTTPPath: "/", 5183 } 5184 5185 if input == nil { 5186 input = &EnableAllFeaturesInput{} 5187 } 5188 5189 output = &EnableAllFeaturesOutput{} 5190 req = c.newRequest(op, input, output) 5191 return 5192} 5193 5194// EnableAllFeatures API operation for AWS Organizations. 5195// 5196// Enables all features in an organization. This enables the use of organization 5197// policies that can restrict the services and actions that can be called in 5198// each account. Until you enable all features, you have access only to consolidated 5199// billing, and you can't use any of the advanced account administration features 5200// that AWS Organizations supports. For more information, see Enabling All Features 5201// in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) 5202// in the AWS Organizations User Guide. 5203// 5204// This operation is required only for organizations that were created explicitly 5205// with only the consolidated billing features enabled. Calling this operation 5206// sends a handshake to every invited account in the organization. The feature 5207// set change can be finalized and the additional features enabled only after 5208// all administrators in the invited accounts approve the change by accepting 5209// the handshake. 5210// 5211// After you enable all features, you can separately enable or disable individual 5212// policy types in a root using EnablePolicyType and DisablePolicyType. To see 5213// the status of policy types in a root, use ListRoots. 5214// 5215// After all invited member accounts accept the handshake, you finalize the 5216// feature set change by accepting the handshake that contains "Action": "ENABLE_ALL_FEATURES". 5217// This completes the change. 5218// 5219// After you enable all features in your organization, the master account in 5220// the organization can apply policies on all member accounts. These policies 5221// can restrict what users and even administrators in those accounts can do. 5222// The master account can apply policies that prevent accounts from leaving 5223// the organization. Ensure that your account administrators are aware of this. 5224// 5225// This operation can be called only from the organization's master account. 5226// 5227// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 5228// with awserr.Error's Code and Message methods to get detailed information about 5229// the error. 5230// 5231// See the AWS API reference guide for AWS Organizations's 5232// API operation EnableAllFeatures for usage and error information. 5233// 5234// Returned Error Codes: 5235// * ErrCodeAccessDeniedException "AccessDeniedException" 5236// You don't have permissions to perform the requested operation. The user or 5237// role that is making the request must have at least one IAM permissions policy 5238// attached that grants the required permissions. For more information, see 5239// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 5240// in the IAM User Guide. 5241// 5242// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 5243// Your account isn't a member of an organization. To make this request, you 5244// must use the credentials of an account that belongs to an organization. 5245// 5246// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 5247// The target of the operation is currently being modified by a different request. 5248// Try again later. 5249// 5250// * ErrCodeHandshakeConstraintViolationException "HandshakeConstraintViolationException" 5251// The requested operation would violate the constraint identified in the reason 5252// code. 5253// 5254// Some of the reasons in the following list might not be applicable to this 5255// specific API or operation: 5256// 5257// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 5258// the number of accounts in an organization. Note that deleted and closed 5259// accounts still count toward your limit. If you get this exception immediately 5260// after creating the organization, wait one hour and try again. If after 5261// an hour it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/). 5262// 5263// * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because 5264// the invited account is already a member of an organization. 5265// 5266// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 5267// handshakes that you can send in one day. 5268// 5269// * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations 5270// to join an organization while it's in the process of enabling all features. 5271// You can resume inviting accounts after you finalize the process when all 5272// accounts have agreed to the change. 5273// 5274// * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid 5275// because the organization has already enabled all features. 5276// 5277// * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because 5278// the account is from a different marketplace than the accounts in the organization. 5279// For example, accounts with India addresses must be associated with the 5280// AISPL marketplace. All accounts in an organization must be from the same 5281// marketplace. 5282// 5283// * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to 5284// change the membership of an account too quickly after its previous change. 5285// 5286// * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an 5287// account that doesn't have a payment instrument, such as a credit card, 5288// associated with it. 5289// 5290// * ErrCodeInvalidInputException "InvalidInputException" 5291// The requested operation failed because you provided invalid values for one 5292// or more of the request parameters. This exception includes a reason that 5293// contains additional information about the violated limit: 5294// 5295// Some of the reasons in the following list might not be applicable to this 5296// specific API or operation: 5297// 5298// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 5299// can't be modified. 5300// 5301// * INPUT_REQUIRED: You must include a value for all required parameters. 5302// 5303// * INVALID_ENUM: You specified an invalid value. 5304// 5305// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 5306// characters. 5307// 5308// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 5309// at least one invalid value. 5310// 5311// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 5312// from the response to a previous call of the operation. 5313// 5314// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 5315// organization, or email) as a party. 5316// 5317// * INVALID_PATTERN: You provided a value that doesn't match the required 5318// pattern. 5319// 5320// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 5321// match the required pattern. 5322// 5323// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 5324// name can't begin with the reserved prefix AWSServiceRoleFor. 5325// 5326// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 5327// Name (ARN) for the organization. 5328// 5329// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 5330// 5331// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 5332// tag. You can’t add, edit, or delete system tag keys because they're 5333// reserved for AWS use. System tags don’t count against your tags per 5334// resource limit. 5335// 5336// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 5337// for the operation. 5338// 5339// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 5340// than allowed. 5341// 5342// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 5343// value than allowed. 5344// 5345// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 5346// than allowed. 5347// 5348// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 5349// value than allowed. 5350// 5351// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 5352// between entities in the same root. 5353// 5354// * ErrCodeServiceException "ServiceException" 5355// AWS Organizations can't complete your request because of an internal service 5356// error. Try again later. 5357// 5358// * ErrCodeTooManyRequestsException "TooManyRequestsException" 5359// You have sent too many requests in too short a period of time. The limit 5360// helps protect against denial-of-service attacks. Try again later. 5361// 5362// For information on limits that affect AWS Organizations, see Limits of AWS 5363// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 5364// in the AWS Organizations User Guide. 5365// 5366// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAllFeatures 5367func (c *Organizations) EnableAllFeatures(input *EnableAllFeaturesInput) (*EnableAllFeaturesOutput, error) { 5368 req, out := c.EnableAllFeaturesRequest(input) 5369 return out, req.Send() 5370} 5371 5372// EnableAllFeaturesWithContext is the same as EnableAllFeatures with the addition of 5373// the ability to pass a context and additional request options. 5374// 5375// See EnableAllFeatures for details on how to use this API operation. 5376// 5377// The context must be non-nil and will be used for request cancellation. If 5378// the context is nil a panic will occur. In the future the SDK may create 5379// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 5380// for more information on using Contexts. 5381func (c *Organizations) EnableAllFeaturesWithContext(ctx aws.Context, input *EnableAllFeaturesInput, opts ...request.Option) (*EnableAllFeaturesOutput, error) { 5382 req, out := c.EnableAllFeaturesRequest(input) 5383 req.SetContext(ctx) 5384 req.ApplyOptions(opts...) 5385 return out, req.Send() 5386} 5387 5388const opEnablePolicyType = "EnablePolicyType" 5389 5390// EnablePolicyTypeRequest generates a "aws/request.Request" representing the 5391// client's request for the EnablePolicyType operation. The "output" return 5392// value will be populated with the request's response once the request completes 5393// successfully. 5394// 5395// Use "Send" method on the returned Request to send the API call to the service. 5396// the "output" return value is not valid until after Send returns without error. 5397// 5398// See EnablePolicyType for more information on using the EnablePolicyType 5399// API call, and error handling. 5400// 5401// This method is useful when you want to inject custom logic or configuration 5402// into the SDK's request lifecycle. Such as custom headers, or retry logic. 5403// 5404// 5405// // Example sending a request using the EnablePolicyTypeRequest method. 5406// req, resp := client.EnablePolicyTypeRequest(params) 5407// 5408// err := req.Send() 5409// if err == nil { // resp is now filled 5410// fmt.Println(resp) 5411// } 5412// 5413// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyType 5414func (c *Organizations) EnablePolicyTypeRequest(input *EnablePolicyTypeInput) (req *request.Request, output *EnablePolicyTypeOutput) { 5415 op := &request.Operation{ 5416 Name: opEnablePolicyType, 5417 HTTPMethod: "POST", 5418 HTTPPath: "/", 5419 } 5420 5421 if input == nil { 5422 input = &EnablePolicyTypeInput{} 5423 } 5424 5425 output = &EnablePolicyTypeOutput{} 5426 req = c.newRequest(op, input, output) 5427 return 5428} 5429 5430// EnablePolicyType API operation for AWS Organizations. 5431// 5432// Enables a policy type in a root. After you enable a policy type in a root, 5433// you can attach policies of that type to the root, any organizational unit 5434// (OU), or account in that root. You can undo this by using the DisablePolicyType 5435// operation. 5436// 5437// This is an asynchronous request that AWS performs in the background. AWS 5438// recommends that you first use ListRoots to see the status of policy types 5439// for a specified root, and then use this operation. 5440// 5441// This operation can be called only from the organization's master account. 5442// 5443// You can enable a policy type in a root only if that policy type is available 5444// in the organization. To view the status of available policy types in the 5445// organization, use DescribeOrganization. 5446// 5447// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 5448// with awserr.Error's Code and Message methods to get detailed information about 5449// the error. 5450// 5451// See the AWS API reference guide for AWS Organizations's 5452// API operation EnablePolicyType for usage and error information. 5453// 5454// Returned Error Codes: 5455// * ErrCodeAccessDeniedException "AccessDeniedException" 5456// You don't have permissions to perform the requested operation. The user or 5457// role that is making the request must have at least one IAM permissions policy 5458// attached that grants the required permissions. For more information, see 5459// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 5460// in the IAM User Guide. 5461// 5462// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 5463// Your account isn't a member of an organization. To make this request, you 5464// must use the credentials of an account that belongs to an organization. 5465// 5466// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 5467// The target of the operation is currently being modified by a different request. 5468// Try again later. 5469// 5470// * ErrCodeConstraintViolationException "ConstraintViolationException" 5471// Performing this operation violates a minimum or maximum value limit. For 5472// example, attempting to remove the last service control policy (SCP) from 5473// an OU or root, inviting or creating too many accounts to the organization, 5474// or attaching too many policies to an account, OU, or root. This exception 5475// includes a reason that contains additional information about the violated 5476// limit. 5477// 5478// Some of the reasons in the following list might not be applicable to this 5479// specific API or operation: 5480// 5481// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 5482// from the organization that doesn't yet have enough information to exist 5483// as a standalone account. This account requires you to first agree to the 5484// AWS Customer Agreement. Follow the steps at To leave an organization when 5485// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 5486// in the AWS Organizations User Guide. 5487// 5488// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 5489// an account from the organization that doesn't yet have enough information 5490// to exist as a standalone account. This account requires you to first complete 5491// phone verification. Follow the steps at To leave an organization when 5492// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 5493// in the AWS Organizations User Guide. 5494// 5495// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 5496// of accounts that you can create in one day. 5497// 5498// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 5499// the number of accounts in an organization. If you need more accounts, 5500// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 5501// request an increase in your limit. Or the number of invitations that you 5502// tried to send would cause you to exceed the limit of accounts in your 5503// organization. Send fewer invitations or contact AWS Support to request 5504// an increase in the number of accounts. Deleted and closed accounts still 5505// count toward your limit. If you get receive this exception when running 5506// a command immediately after creating the organization, wait one hour and 5507// try again. If after an hour it continues to fail with this error, contact 5508// AWS Support (https://console.aws.amazon.com/support/home#/). 5509// 5510// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 5511// handshakes that you can send in one day. 5512// 5513// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 5514// in this organization, you first must migrate the organization's master 5515// account to the marketplace that corresponds to the master account's address. 5516// For example, accounts with India addresses must be associated with the 5517// AISPL marketplace. All accounts in an organization must be associated 5518// with the same marketplace. 5519// 5520// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 5521// must first provide contact a valid address and phone number for the master 5522// account. Then try the operation again. 5523// 5524// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 5525// master account must have an associated account in the AWS GovCloud (US-West) 5526// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 5527// in the AWS GovCloud User Guide. 5528// 5529// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 5530// with this master account, you first must associate a valid payment instrument, 5531// such as a credit card, with the account. Follow the steps at To leave 5532// an organization when all required account information has not yet been 5533// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 5534// in the AWS Organizations User Guide. 5535// 5536// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 5537// number of policies of a certain type that can be attached to an entity 5538// at one time. 5539// 5540// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 5541// on this resource. 5542// 5543// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 5544// with this member account, you first must associate a valid payment instrument, 5545// such as a credit card, with the account. Follow the steps at To leave 5546// an organization when all required account information has not yet been 5547// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 5548// in the AWS Organizations User Guide. 5549// 5550// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 5551// policy from an entity that would cause the entity to have fewer than the 5552// minimum number of policies of a certain type required. 5553// 5554// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 5555// too many levels deep. 5556// 5557// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 5558// that requires the organization to be configured to support all features. 5559// An organization that supports only consolidated billing features can't 5560// perform this operation. 5561// 5562// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 5563// that you can have in an organization. 5564// 5565// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 5566// policies that you can have in an organization. 5567// 5568// * ErrCodeInvalidInputException "InvalidInputException" 5569// The requested operation failed because you provided invalid values for one 5570// or more of the request parameters. This exception includes a reason that 5571// contains additional information about the violated limit: 5572// 5573// Some of the reasons in the following list might not be applicable to this 5574// specific API or operation: 5575// 5576// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 5577// can't be modified. 5578// 5579// * INPUT_REQUIRED: You must include a value for all required parameters. 5580// 5581// * INVALID_ENUM: You specified an invalid value. 5582// 5583// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 5584// characters. 5585// 5586// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 5587// at least one invalid value. 5588// 5589// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 5590// from the response to a previous call of the operation. 5591// 5592// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 5593// organization, or email) as a party. 5594// 5595// * INVALID_PATTERN: You provided a value that doesn't match the required 5596// pattern. 5597// 5598// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 5599// match the required pattern. 5600// 5601// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 5602// name can't begin with the reserved prefix AWSServiceRoleFor. 5603// 5604// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 5605// Name (ARN) for the organization. 5606// 5607// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 5608// 5609// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 5610// tag. You can’t add, edit, or delete system tag keys because they're 5611// reserved for AWS use. System tags don’t count against your tags per 5612// resource limit. 5613// 5614// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 5615// for the operation. 5616// 5617// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 5618// than allowed. 5619// 5620// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 5621// value than allowed. 5622// 5623// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 5624// than allowed. 5625// 5626// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 5627// value than allowed. 5628// 5629// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 5630// between entities in the same root. 5631// 5632// * ErrCodePolicyTypeAlreadyEnabledException "PolicyTypeAlreadyEnabledException" 5633// The specified policy type is already enabled in the specified root. 5634// 5635// * ErrCodeRootNotFoundException "RootNotFoundException" 5636// We can't find a root with the RootId that you specified. 5637// 5638// * ErrCodeServiceException "ServiceException" 5639// AWS Organizations can't complete your request because of an internal service 5640// error. Try again later. 5641// 5642// * ErrCodeTooManyRequestsException "TooManyRequestsException" 5643// You have sent too many requests in too short a period of time. The limit 5644// helps protect against denial-of-service attacks. Try again later. 5645// 5646// For information on limits that affect AWS Organizations, see Limits of AWS 5647// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 5648// in the AWS Organizations User Guide. 5649// 5650// * ErrCodePolicyTypeNotAvailableForOrganizationException "PolicyTypeNotAvailableForOrganizationException" 5651// You can't use the specified policy type with the feature set currently enabled 5652// for this organization. For example, you can enable SCPs only after you enable 5653// all features in the organization. For more information, see Enabling and 5654// Disabling a Policy Type on a Root (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root) 5655// in the AWS Organizations User Guide. 5656// 5657// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyType 5658func (c *Organizations) EnablePolicyType(input *EnablePolicyTypeInput) (*EnablePolicyTypeOutput, error) { 5659 req, out := c.EnablePolicyTypeRequest(input) 5660 return out, req.Send() 5661} 5662 5663// EnablePolicyTypeWithContext is the same as EnablePolicyType with the addition of 5664// the ability to pass a context and additional request options. 5665// 5666// See EnablePolicyType for details on how to use this API operation. 5667// 5668// The context must be non-nil and will be used for request cancellation. If 5669// the context is nil a panic will occur. In the future the SDK may create 5670// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 5671// for more information on using Contexts. 5672func (c *Organizations) EnablePolicyTypeWithContext(ctx aws.Context, input *EnablePolicyTypeInput, opts ...request.Option) (*EnablePolicyTypeOutput, error) { 5673 req, out := c.EnablePolicyTypeRequest(input) 5674 req.SetContext(ctx) 5675 req.ApplyOptions(opts...) 5676 return out, req.Send() 5677} 5678 5679const opInviteAccountToOrganization = "InviteAccountToOrganization" 5680 5681// InviteAccountToOrganizationRequest generates a "aws/request.Request" representing the 5682// client's request for the InviteAccountToOrganization operation. The "output" return 5683// value will be populated with the request's response once the request completes 5684// successfully. 5685// 5686// Use "Send" method on the returned Request to send the API call to the service. 5687// the "output" return value is not valid until after Send returns without error. 5688// 5689// See InviteAccountToOrganization for more information on using the InviteAccountToOrganization 5690// API call, and error handling. 5691// 5692// This method is useful when you want to inject custom logic or configuration 5693// into the SDK's request lifecycle. Such as custom headers, or retry logic. 5694// 5695// 5696// // Example sending a request using the InviteAccountToOrganizationRequest method. 5697// req, resp := client.InviteAccountToOrganizationRequest(params) 5698// 5699// err := req.Send() 5700// if err == nil { // resp is now filled 5701// fmt.Println(resp) 5702// } 5703// 5704// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/InviteAccountToOrganization 5705func (c *Organizations) InviteAccountToOrganizationRequest(input *InviteAccountToOrganizationInput) (req *request.Request, output *InviteAccountToOrganizationOutput) { 5706 op := &request.Operation{ 5707 Name: opInviteAccountToOrganization, 5708 HTTPMethod: "POST", 5709 HTTPPath: "/", 5710 } 5711 5712 if input == nil { 5713 input = &InviteAccountToOrganizationInput{} 5714 } 5715 5716 output = &InviteAccountToOrganizationOutput{} 5717 req = c.newRequest(op, input, output) 5718 return 5719} 5720 5721// InviteAccountToOrganization API operation for AWS Organizations. 5722// 5723// Sends an invitation to another account to join your organization as a member 5724// account. AWS Organizations sends email on your behalf to the email address 5725// that is associated with the other account's owner. The invitation is implemented 5726// as a Handshake whose details are in the response. 5727// 5728// * You can invite AWS accounts only from the same seller as the master 5729// account. For example, if your organization's master account was created 5730// by Amazon Internet Services Pvt. Ltd (AISPL), an AWS seller in India, 5731// you can invite only other AISPL accounts to your organization. You can't 5732// combine accounts from AISPL and AWS or from any other AWS seller. For 5733// more information, see Consolidated Billing in India (http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/useconsolidatedbilliing-India.html). 5734// 5735// * If you receive an exception that indicates that you exceeded your account 5736// limits for the organization or that the operation failed because your 5737// organization is still initializing, wait one hour and then try again. 5738// If the error persists after an hour, contact AWS Support (https://console.aws.amazon.com/support/home#/). 5739// 5740// This operation can be called only from the organization's master account. 5741// 5742// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 5743// with awserr.Error's Code and Message methods to get detailed information about 5744// the error. 5745// 5746// See the AWS API reference guide for AWS Organizations's 5747// API operation InviteAccountToOrganization for usage and error information. 5748// 5749// Returned Error Codes: 5750// * ErrCodeAccessDeniedException "AccessDeniedException" 5751// You don't have permissions to perform the requested operation. The user or 5752// role that is making the request must have at least one IAM permissions policy 5753// attached that grants the required permissions. For more information, see 5754// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 5755// in the IAM User Guide. 5756// 5757// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 5758// Your account isn't a member of an organization. To make this request, you 5759// must use the credentials of an account that belongs to an organization. 5760// 5761// * ErrCodeAccountOwnerNotVerifiedException "AccountOwnerNotVerifiedException" 5762// You can't invite an existing account to your organization until you verify 5763// that you own the email address associated with the master account. For more 5764// information, see Email Address Verification (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_create.html#about-email-verification) 5765// in the AWS Organizations User Guide. 5766// 5767// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 5768// The target of the operation is currently being modified by a different request. 5769// Try again later. 5770// 5771// * ErrCodeHandshakeConstraintViolationException "HandshakeConstraintViolationException" 5772// The requested operation would violate the constraint identified in the reason 5773// code. 5774// 5775// Some of the reasons in the following list might not be applicable to this 5776// specific API or operation: 5777// 5778// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 5779// the number of accounts in an organization. Note that deleted and closed 5780// accounts still count toward your limit. If you get this exception immediately 5781// after creating the organization, wait one hour and try again. If after 5782// an hour it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/). 5783// 5784// * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because 5785// the invited account is already a member of an organization. 5786// 5787// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 5788// handshakes that you can send in one day. 5789// 5790// * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations 5791// to join an organization while it's in the process of enabling all features. 5792// You can resume inviting accounts after you finalize the process when all 5793// accounts have agreed to the change. 5794// 5795// * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid 5796// because the organization has already enabled all features. 5797// 5798// * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because 5799// the account is from a different marketplace than the accounts in the organization. 5800// For example, accounts with India addresses must be associated with the 5801// AISPL marketplace. All accounts in an organization must be from the same 5802// marketplace. 5803// 5804// * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to 5805// change the membership of an account too quickly after its previous change. 5806// 5807// * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an 5808// account that doesn't have a payment instrument, such as a credit card, 5809// associated with it. 5810// 5811// * ErrCodeDuplicateHandshakeException "DuplicateHandshakeException" 5812// A handshake with the same action and target already exists. For example, 5813// if you invited an account to join your organization, the invited account 5814// might already have a pending invitation from this organization. If you intend 5815// to resend an invitation to an account, ensure that existing handshakes that 5816// might be considered duplicates are canceled or declined. 5817// 5818// * ErrCodeInvalidInputException "InvalidInputException" 5819// The requested operation failed because you provided invalid values for one 5820// or more of the request parameters. This exception includes a reason that 5821// contains additional information about the violated limit: 5822// 5823// Some of the reasons in the following list might not be applicable to this 5824// specific API or operation: 5825// 5826// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 5827// can't be modified. 5828// 5829// * INPUT_REQUIRED: You must include a value for all required parameters. 5830// 5831// * INVALID_ENUM: You specified an invalid value. 5832// 5833// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 5834// characters. 5835// 5836// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 5837// at least one invalid value. 5838// 5839// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 5840// from the response to a previous call of the operation. 5841// 5842// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 5843// organization, or email) as a party. 5844// 5845// * INVALID_PATTERN: You provided a value that doesn't match the required 5846// pattern. 5847// 5848// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 5849// match the required pattern. 5850// 5851// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 5852// name can't begin with the reserved prefix AWSServiceRoleFor. 5853// 5854// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 5855// Name (ARN) for the organization. 5856// 5857// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 5858// 5859// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 5860// tag. You can’t add, edit, or delete system tag keys because they're 5861// reserved for AWS use. System tags don’t count against your tags per 5862// resource limit. 5863// 5864// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 5865// for the operation. 5866// 5867// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 5868// than allowed. 5869// 5870// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 5871// value than allowed. 5872// 5873// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 5874// than allowed. 5875// 5876// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 5877// value than allowed. 5878// 5879// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 5880// between entities in the same root. 5881// 5882// * ErrCodeFinalizingOrganizationException "FinalizingOrganizationException" 5883// AWS Organizations couldn't perform the operation because your organization 5884// hasn't finished initializing. This can take up to an hour. Try again later. 5885// If after one hour you continue to receive this error, contact AWS Support 5886// (https://console.aws.amazon.com/support/home#/). 5887// 5888// * ErrCodeServiceException "ServiceException" 5889// AWS Organizations can't complete your request because of an internal service 5890// error. Try again later. 5891// 5892// * ErrCodeTooManyRequestsException "TooManyRequestsException" 5893// You have sent too many requests in too short a period of time. The limit 5894// helps protect against denial-of-service attacks. Try again later. 5895// 5896// For information on limits that affect AWS Organizations, see Limits of AWS 5897// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 5898// in the AWS Organizations User Guide. 5899// 5900// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/InviteAccountToOrganization 5901func (c *Organizations) InviteAccountToOrganization(input *InviteAccountToOrganizationInput) (*InviteAccountToOrganizationOutput, error) { 5902 req, out := c.InviteAccountToOrganizationRequest(input) 5903 return out, req.Send() 5904} 5905 5906// InviteAccountToOrganizationWithContext is the same as InviteAccountToOrganization with the addition of 5907// the ability to pass a context and additional request options. 5908// 5909// See InviteAccountToOrganization for details on how to use this API operation. 5910// 5911// The context must be non-nil and will be used for request cancellation. If 5912// the context is nil a panic will occur. In the future the SDK may create 5913// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 5914// for more information on using Contexts. 5915func (c *Organizations) InviteAccountToOrganizationWithContext(ctx aws.Context, input *InviteAccountToOrganizationInput, opts ...request.Option) (*InviteAccountToOrganizationOutput, error) { 5916 req, out := c.InviteAccountToOrganizationRequest(input) 5917 req.SetContext(ctx) 5918 req.ApplyOptions(opts...) 5919 return out, req.Send() 5920} 5921 5922const opLeaveOrganization = "LeaveOrganization" 5923 5924// LeaveOrganizationRequest generates a "aws/request.Request" representing the 5925// client's request for the LeaveOrganization operation. The "output" return 5926// value will be populated with the request's response once the request completes 5927// successfully. 5928// 5929// Use "Send" method on the returned Request to send the API call to the service. 5930// the "output" return value is not valid until after Send returns without error. 5931// 5932// See LeaveOrganization for more information on using the LeaveOrganization 5933// API call, and error handling. 5934// 5935// This method is useful when you want to inject custom logic or configuration 5936// into the SDK's request lifecycle. Such as custom headers, or retry logic. 5937// 5938// 5939// // Example sending a request using the LeaveOrganizationRequest method. 5940// req, resp := client.LeaveOrganizationRequest(params) 5941// 5942// err := req.Send() 5943// if err == nil { // resp is now filled 5944// fmt.Println(resp) 5945// } 5946// 5947// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/LeaveOrganization 5948func (c *Organizations) LeaveOrganizationRequest(input *LeaveOrganizationInput) (req *request.Request, output *LeaveOrganizationOutput) { 5949 op := &request.Operation{ 5950 Name: opLeaveOrganization, 5951 HTTPMethod: "POST", 5952 HTTPPath: "/", 5953 } 5954 5955 if input == nil { 5956 input = &LeaveOrganizationInput{} 5957 } 5958 5959 output = &LeaveOrganizationOutput{} 5960 req = c.newRequest(op, input, output) 5961 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 5962 return 5963} 5964 5965// LeaveOrganization API operation for AWS Organizations. 5966// 5967// Removes a member account from its parent organization. This version of the 5968// operation is performed by the account that wants to leave. To remove a member 5969// account as a user in the master account, use RemoveAccountFromOrganization 5970// instead. 5971// 5972// This operation can be called only from a member account in the organization. 5973// 5974// * The master account in an organization with all features enabled can 5975// set service control policies (SCPs) that can restrict what administrators 5976// of member accounts can do, including preventing them from successfully 5977// calling LeaveOrganization and leaving the organization. 5978// 5979// * You can leave an organization as a member account only if the account 5980// is configured with the information required to operate as a standalone 5981// account. When you create an account in an organization using the AWS Organizations 5982// console, API, or CLI commands, the information required of standalone 5983// accounts is not automatically collected. For each account that you want 5984// to make standalone, you must accept the end user license agreement (EULA), 5985// choose a support plan, provide and verify the required contact information, 5986// and provide a current payment method. AWS uses the payment method to charge 5987// for any billable (not free tier) AWS activity that occurs while the account 5988// isn't attached to an organization. Follow the steps at To leave an organization 5989// when all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 5990// in the AWS Organizations User Guide. 5991// 5992// * You can leave an organization only after you enable IAM user access 5993// to billing in your account. For more information, see Activating Access 5994// to the Billing and Cost Management Console (http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate) 5995// in the AWS Billing and Cost Management User Guide. 5996// 5997// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 5998// with awserr.Error's Code and Message methods to get detailed information about 5999// the error. 6000// 6001// See the AWS API reference guide for AWS Organizations's 6002// API operation LeaveOrganization for usage and error information. 6003// 6004// Returned Error Codes: 6005// * ErrCodeAccessDeniedException "AccessDeniedException" 6006// You don't have permissions to perform the requested operation. The user or 6007// role that is making the request must have at least one IAM permissions policy 6008// attached that grants the required permissions. For more information, see 6009// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 6010// in the IAM User Guide. 6011// 6012// * ErrCodeAccountNotFoundException "AccountNotFoundException" 6013// We can't find an AWS account with the AccountId that you specified, or the 6014// account whose credentials you used to make this request isn't a member of 6015// an organization. 6016// 6017// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 6018// Your account isn't a member of an organization. To make this request, you 6019// must use the credentials of an account that belongs to an organization. 6020// 6021// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 6022// The target of the operation is currently being modified by a different request. 6023// Try again later. 6024// 6025// * ErrCodeConstraintViolationException "ConstraintViolationException" 6026// Performing this operation violates a minimum or maximum value limit. For 6027// example, attempting to remove the last service control policy (SCP) from 6028// an OU or root, inviting or creating too many accounts to the organization, 6029// or attaching too many policies to an account, OU, or root. This exception 6030// includes a reason that contains additional information about the violated 6031// limit. 6032// 6033// Some of the reasons in the following list might not be applicable to this 6034// specific API or operation: 6035// 6036// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 6037// from the organization that doesn't yet have enough information to exist 6038// as a standalone account. This account requires you to first agree to the 6039// AWS Customer Agreement. Follow the steps at To leave an organization when 6040// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 6041// in the AWS Organizations User Guide. 6042// 6043// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 6044// an account from the organization that doesn't yet have enough information 6045// to exist as a standalone account. This account requires you to first complete 6046// phone verification. Follow the steps at To leave an organization when 6047// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 6048// in the AWS Organizations User Guide. 6049// 6050// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 6051// of accounts that you can create in one day. 6052// 6053// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 6054// the number of accounts in an organization. If you need more accounts, 6055// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 6056// request an increase in your limit. Or the number of invitations that you 6057// tried to send would cause you to exceed the limit of accounts in your 6058// organization. Send fewer invitations or contact AWS Support to request 6059// an increase in the number of accounts. Deleted and closed accounts still 6060// count toward your limit. If you get receive this exception when running 6061// a command immediately after creating the organization, wait one hour and 6062// try again. If after an hour it continues to fail with this error, contact 6063// AWS Support (https://console.aws.amazon.com/support/home#/). 6064// 6065// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 6066// handshakes that you can send in one day. 6067// 6068// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 6069// in this organization, you first must migrate the organization's master 6070// account to the marketplace that corresponds to the master account's address. 6071// For example, accounts with India addresses must be associated with the 6072// AISPL marketplace. All accounts in an organization must be associated 6073// with the same marketplace. 6074// 6075// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 6076// must first provide contact a valid address and phone number for the master 6077// account. Then try the operation again. 6078// 6079// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 6080// master account must have an associated account in the AWS GovCloud (US-West) 6081// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 6082// in the AWS GovCloud User Guide. 6083// 6084// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 6085// with this master account, you first must associate a valid payment instrument, 6086// such as a credit card, with the account. Follow the steps at To leave 6087// an organization when all required account information has not yet been 6088// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 6089// in the AWS Organizations User Guide. 6090// 6091// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 6092// number of policies of a certain type that can be attached to an entity 6093// at one time. 6094// 6095// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 6096// on this resource. 6097// 6098// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 6099// with this member account, you first must associate a valid payment instrument, 6100// such as a credit card, with the account. Follow the steps at To leave 6101// an organization when all required account information has not yet been 6102// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 6103// in the AWS Organizations User Guide. 6104// 6105// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 6106// policy from an entity that would cause the entity to have fewer than the 6107// minimum number of policies of a certain type required. 6108// 6109// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 6110// too many levels deep. 6111// 6112// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 6113// that requires the organization to be configured to support all features. 6114// An organization that supports only consolidated billing features can't 6115// perform this operation. 6116// 6117// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 6118// that you can have in an organization. 6119// 6120// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 6121// policies that you can have in an organization. 6122// 6123// * ErrCodeInvalidInputException "InvalidInputException" 6124// The requested operation failed because you provided invalid values for one 6125// or more of the request parameters. This exception includes a reason that 6126// contains additional information about the violated limit: 6127// 6128// Some of the reasons in the following list might not be applicable to this 6129// specific API or operation: 6130// 6131// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 6132// can't be modified. 6133// 6134// * INPUT_REQUIRED: You must include a value for all required parameters. 6135// 6136// * INVALID_ENUM: You specified an invalid value. 6137// 6138// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 6139// characters. 6140// 6141// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 6142// at least one invalid value. 6143// 6144// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 6145// from the response to a previous call of the operation. 6146// 6147// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 6148// organization, or email) as a party. 6149// 6150// * INVALID_PATTERN: You provided a value that doesn't match the required 6151// pattern. 6152// 6153// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 6154// match the required pattern. 6155// 6156// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 6157// name can't begin with the reserved prefix AWSServiceRoleFor. 6158// 6159// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 6160// Name (ARN) for the organization. 6161// 6162// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 6163// 6164// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 6165// tag. You can’t add, edit, or delete system tag keys because they're 6166// reserved for AWS use. System tags don’t count against your tags per 6167// resource limit. 6168// 6169// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 6170// for the operation. 6171// 6172// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 6173// than allowed. 6174// 6175// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 6176// value than allowed. 6177// 6178// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 6179// than allowed. 6180// 6181// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 6182// value than allowed. 6183// 6184// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 6185// between entities in the same root. 6186// 6187// * ErrCodeMasterCannotLeaveOrganizationException "MasterCannotLeaveOrganizationException" 6188// You can't remove a master account from an organization. If you want the master 6189// account to become a member account in another organization, you must first 6190// delete the current organization of the master account. 6191// 6192// * ErrCodeServiceException "ServiceException" 6193// AWS Organizations can't complete your request because of an internal service 6194// error. Try again later. 6195// 6196// * ErrCodeTooManyRequestsException "TooManyRequestsException" 6197// You have sent too many requests in too short a period of time. The limit 6198// helps protect against denial-of-service attacks. Try again later. 6199// 6200// For information on limits that affect AWS Organizations, see Limits of AWS 6201// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 6202// in the AWS Organizations User Guide. 6203// 6204// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/LeaveOrganization 6205func (c *Organizations) LeaveOrganization(input *LeaveOrganizationInput) (*LeaveOrganizationOutput, error) { 6206 req, out := c.LeaveOrganizationRequest(input) 6207 return out, req.Send() 6208} 6209 6210// LeaveOrganizationWithContext is the same as LeaveOrganization with the addition of 6211// the ability to pass a context and additional request options. 6212// 6213// See LeaveOrganization for details on how to use this API operation. 6214// 6215// The context must be non-nil and will be used for request cancellation. If 6216// the context is nil a panic will occur. In the future the SDK may create 6217// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 6218// for more information on using Contexts. 6219func (c *Organizations) LeaveOrganizationWithContext(ctx aws.Context, input *LeaveOrganizationInput, opts ...request.Option) (*LeaveOrganizationOutput, error) { 6220 req, out := c.LeaveOrganizationRequest(input) 6221 req.SetContext(ctx) 6222 req.ApplyOptions(opts...) 6223 return out, req.Send() 6224} 6225 6226const opListAWSServiceAccessForOrganization = "ListAWSServiceAccessForOrganization" 6227 6228// ListAWSServiceAccessForOrganizationRequest generates a "aws/request.Request" representing the 6229// client's request for the ListAWSServiceAccessForOrganization operation. The "output" return 6230// value will be populated with the request's response once the request completes 6231// successfully. 6232// 6233// Use "Send" method on the returned Request to send the API call to the service. 6234// the "output" return value is not valid until after Send returns without error. 6235// 6236// See ListAWSServiceAccessForOrganization for more information on using the ListAWSServiceAccessForOrganization 6237// API call, and error handling. 6238// 6239// This method is useful when you want to inject custom logic or configuration 6240// into the SDK's request lifecycle. Such as custom headers, or retry logic. 6241// 6242// 6243// // Example sending a request using the ListAWSServiceAccessForOrganizationRequest method. 6244// req, resp := client.ListAWSServiceAccessForOrganizationRequest(params) 6245// 6246// err := req.Send() 6247// if err == nil { // resp is now filled 6248// fmt.Println(resp) 6249// } 6250// 6251// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAWSServiceAccessForOrganization 6252func (c *Organizations) ListAWSServiceAccessForOrganizationRequest(input *ListAWSServiceAccessForOrganizationInput) (req *request.Request, output *ListAWSServiceAccessForOrganizationOutput) { 6253 op := &request.Operation{ 6254 Name: opListAWSServiceAccessForOrganization, 6255 HTTPMethod: "POST", 6256 HTTPPath: "/", 6257 Paginator: &request.Paginator{ 6258 InputTokens: []string{"NextToken"}, 6259 OutputTokens: []string{"NextToken"}, 6260 LimitToken: "MaxResults", 6261 TruncationToken: "", 6262 }, 6263 } 6264 6265 if input == nil { 6266 input = &ListAWSServiceAccessForOrganizationInput{} 6267 } 6268 6269 output = &ListAWSServiceAccessForOrganizationOutput{} 6270 req = c.newRequest(op, input, output) 6271 return 6272} 6273 6274// ListAWSServiceAccessForOrganization API operation for AWS Organizations. 6275// 6276// Returns a list of the AWS services that you enabled to integrate with your 6277// organization. After a service on this list creates the resources that it 6278// requires for the integration, it can perform operations on your organization 6279// and its accounts. 6280// 6281// For more information about integrating other services with AWS Organizations, 6282// including the list of services that currently work with Organizations, see 6283// Integrating AWS Organizations with Other AWS Services (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html) 6284// in the AWS Organizations User Guide. 6285// 6286// This operation can be called only from the organization's master account. 6287// 6288// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 6289// with awserr.Error's Code and Message methods to get detailed information about 6290// the error. 6291// 6292// See the AWS API reference guide for AWS Organizations's 6293// API operation ListAWSServiceAccessForOrganization for usage and error information. 6294// 6295// Returned Error Codes: 6296// * ErrCodeAccessDeniedException "AccessDeniedException" 6297// You don't have permissions to perform the requested operation. The user or 6298// role that is making the request must have at least one IAM permissions policy 6299// attached that grants the required permissions. For more information, see 6300// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 6301// in the IAM User Guide. 6302// 6303// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 6304// Your account isn't a member of an organization. To make this request, you 6305// must use the credentials of an account that belongs to an organization. 6306// 6307// * ErrCodeConstraintViolationException "ConstraintViolationException" 6308// Performing this operation violates a minimum or maximum value limit. For 6309// example, attempting to remove the last service control policy (SCP) from 6310// an OU or root, inviting or creating too many accounts to the organization, 6311// or attaching too many policies to an account, OU, or root. This exception 6312// includes a reason that contains additional information about the violated 6313// limit. 6314// 6315// Some of the reasons in the following list might not be applicable to this 6316// specific API or operation: 6317// 6318// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 6319// from the organization that doesn't yet have enough information to exist 6320// as a standalone account. This account requires you to first agree to the 6321// AWS Customer Agreement. Follow the steps at To leave an organization when 6322// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 6323// in the AWS Organizations User Guide. 6324// 6325// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 6326// an account from the organization that doesn't yet have enough information 6327// to exist as a standalone account. This account requires you to first complete 6328// phone verification. Follow the steps at To leave an organization when 6329// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 6330// in the AWS Organizations User Guide. 6331// 6332// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 6333// of accounts that you can create in one day. 6334// 6335// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 6336// the number of accounts in an organization. If you need more accounts, 6337// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 6338// request an increase in your limit. Or the number of invitations that you 6339// tried to send would cause you to exceed the limit of accounts in your 6340// organization. Send fewer invitations or contact AWS Support to request 6341// an increase in the number of accounts. Deleted and closed accounts still 6342// count toward your limit. If you get receive this exception when running 6343// a command immediately after creating the organization, wait one hour and 6344// try again. If after an hour it continues to fail with this error, contact 6345// AWS Support (https://console.aws.amazon.com/support/home#/). 6346// 6347// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 6348// handshakes that you can send in one day. 6349// 6350// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 6351// in this organization, you first must migrate the organization's master 6352// account to the marketplace that corresponds to the master account's address. 6353// For example, accounts with India addresses must be associated with the 6354// AISPL marketplace. All accounts in an organization must be associated 6355// with the same marketplace. 6356// 6357// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 6358// must first provide contact a valid address and phone number for the master 6359// account. Then try the operation again. 6360// 6361// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 6362// master account must have an associated account in the AWS GovCloud (US-West) 6363// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 6364// in the AWS GovCloud User Guide. 6365// 6366// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 6367// with this master account, you first must associate a valid payment instrument, 6368// such as a credit card, with the account. Follow the steps at To leave 6369// an organization when all required account information has not yet been 6370// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 6371// in the AWS Organizations User Guide. 6372// 6373// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 6374// number of policies of a certain type that can be attached to an entity 6375// at one time. 6376// 6377// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 6378// on this resource. 6379// 6380// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 6381// with this member account, you first must associate a valid payment instrument, 6382// such as a credit card, with the account. Follow the steps at To leave 6383// an organization when all required account information has not yet been 6384// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 6385// in the AWS Organizations User Guide. 6386// 6387// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 6388// policy from an entity that would cause the entity to have fewer than the 6389// minimum number of policies of a certain type required. 6390// 6391// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 6392// too many levels deep. 6393// 6394// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 6395// that requires the organization to be configured to support all features. 6396// An organization that supports only consolidated billing features can't 6397// perform this operation. 6398// 6399// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 6400// that you can have in an organization. 6401// 6402// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 6403// policies that you can have in an organization. 6404// 6405// * ErrCodeInvalidInputException "InvalidInputException" 6406// The requested operation failed because you provided invalid values for one 6407// or more of the request parameters. This exception includes a reason that 6408// contains additional information about the violated limit: 6409// 6410// Some of the reasons in the following list might not be applicable to this 6411// specific API or operation: 6412// 6413// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 6414// can't be modified. 6415// 6416// * INPUT_REQUIRED: You must include a value for all required parameters. 6417// 6418// * INVALID_ENUM: You specified an invalid value. 6419// 6420// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 6421// characters. 6422// 6423// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 6424// at least one invalid value. 6425// 6426// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 6427// from the response to a previous call of the operation. 6428// 6429// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 6430// organization, or email) as a party. 6431// 6432// * INVALID_PATTERN: You provided a value that doesn't match the required 6433// pattern. 6434// 6435// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 6436// match the required pattern. 6437// 6438// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 6439// name can't begin with the reserved prefix AWSServiceRoleFor. 6440// 6441// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 6442// Name (ARN) for the organization. 6443// 6444// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 6445// 6446// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 6447// tag. You can’t add, edit, or delete system tag keys because they're 6448// reserved for AWS use. System tags don’t count against your tags per 6449// resource limit. 6450// 6451// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 6452// for the operation. 6453// 6454// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 6455// than allowed. 6456// 6457// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 6458// value than allowed. 6459// 6460// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 6461// than allowed. 6462// 6463// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 6464// value than allowed. 6465// 6466// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 6467// between entities in the same root. 6468// 6469// * ErrCodeServiceException "ServiceException" 6470// AWS Organizations can't complete your request because of an internal service 6471// error. Try again later. 6472// 6473// * ErrCodeTooManyRequestsException "TooManyRequestsException" 6474// You have sent too many requests in too short a period of time. The limit 6475// helps protect against denial-of-service attacks. Try again later. 6476// 6477// For information on limits that affect AWS Organizations, see Limits of AWS 6478// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 6479// in the AWS Organizations User Guide. 6480// 6481// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAWSServiceAccessForOrganization 6482func (c *Organizations) ListAWSServiceAccessForOrganization(input *ListAWSServiceAccessForOrganizationInput) (*ListAWSServiceAccessForOrganizationOutput, error) { 6483 req, out := c.ListAWSServiceAccessForOrganizationRequest(input) 6484 return out, req.Send() 6485} 6486 6487// ListAWSServiceAccessForOrganizationWithContext is the same as ListAWSServiceAccessForOrganization with the addition of 6488// the ability to pass a context and additional request options. 6489// 6490// See ListAWSServiceAccessForOrganization for details on how to use this API operation. 6491// 6492// The context must be non-nil and will be used for request cancellation. If 6493// the context is nil a panic will occur. In the future the SDK may create 6494// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 6495// for more information on using Contexts. 6496func (c *Organizations) ListAWSServiceAccessForOrganizationWithContext(ctx aws.Context, input *ListAWSServiceAccessForOrganizationInput, opts ...request.Option) (*ListAWSServiceAccessForOrganizationOutput, error) { 6497 req, out := c.ListAWSServiceAccessForOrganizationRequest(input) 6498 req.SetContext(ctx) 6499 req.ApplyOptions(opts...) 6500 return out, req.Send() 6501} 6502 6503// ListAWSServiceAccessForOrganizationPages iterates over the pages of a ListAWSServiceAccessForOrganization operation, 6504// calling the "fn" function with the response data for each page. To stop 6505// iterating, return false from the fn function. 6506// 6507// See ListAWSServiceAccessForOrganization method for more information on how to use this operation. 6508// 6509// Note: This operation can generate multiple requests to a service. 6510// 6511// // Example iterating over at most 3 pages of a ListAWSServiceAccessForOrganization operation. 6512// pageNum := 0 6513// err := client.ListAWSServiceAccessForOrganizationPages(params, 6514// func(page *organizations.ListAWSServiceAccessForOrganizationOutput, lastPage bool) bool { 6515// pageNum++ 6516// fmt.Println(page) 6517// return pageNum <= 3 6518// }) 6519// 6520func (c *Organizations) ListAWSServiceAccessForOrganizationPages(input *ListAWSServiceAccessForOrganizationInput, fn func(*ListAWSServiceAccessForOrganizationOutput, bool) bool) error { 6521 return c.ListAWSServiceAccessForOrganizationPagesWithContext(aws.BackgroundContext(), input, fn) 6522} 6523 6524// ListAWSServiceAccessForOrganizationPagesWithContext same as ListAWSServiceAccessForOrganizationPages except 6525// it takes a Context and allows setting request options on the pages. 6526// 6527// The context must be non-nil and will be used for request cancellation. If 6528// the context is nil a panic will occur. In the future the SDK may create 6529// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 6530// for more information on using Contexts. 6531func (c *Organizations) ListAWSServiceAccessForOrganizationPagesWithContext(ctx aws.Context, input *ListAWSServiceAccessForOrganizationInput, fn func(*ListAWSServiceAccessForOrganizationOutput, bool) bool, opts ...request.Option) error { 6532 p := request.Pagination{ 6533 NewRequest: func() (*request.Request, error) { 6534 var inCpy *ListAWSServiceAccessForOrganizationInput 6535 if input != nil { 6536 tmp := *input 6537 inCpy = &tmp 6538 } 6539 req, _ := c.ListAWSServiceAccessForOrganizationRequest(inCpy) 6540 req.SetContext(ctx) 6541 req.ApplyOptions(opts...) 6542 return req, nil 6543 }, 6544 } 6545 6546 cont := true 6547 for p.Next() && cont { 6548 cont = fn(p.Page().(*ListAWSServiceAccessForOrganizationOutput), !p.HasNextPage()) 6549 } 6550 return p.Err() 6551} 6552 6553const opListAccounts = "ListAccounts" 6554 6555// ListAccountsRequest generates a "aws/request.Request" representing the 6556// client's request for the ListAccounts operation. The "output" return 6557// value will be populated with the request's response once the request completes 6558// successfully. 6559// 6560// Use "Send" method on the returned Request to send the API call to the service. 6561// the "output" return value is not valid until after Send returns without error. 6562// 6563// See ListAccounts for more information on using the ListAccounts 6564// API call, and error handling. 6565// 6566// This method is useful when you want to inject custom logic or configuration 6567// into the SDK's request lifecycle. Such as custom headers, or retry logic. 6568// 6569// 6570// // Example sending a request using the ListAccountsRequest method. 6571// req, resp := client.ListAccountsRequest(params) 6572// 6573// err := req.Send() 6574// if err == nil { // resp is now filled 6575// fmt.Println(resp) 6576// } 6577// 6578// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccounts 6579func (c *Organizations) ListAccountsRequest(input *ListAccountsInput) (req *request.Request, output *ListAccountsOutput) { 6580 op := &request.Operation{ 6581 Name: opListAccounts, 6582 HTTPMethod: "POST", 6583 HTTPPath: "/", 6584 Paginator: &request.Paginator{ 6585 InputTokens: []string{"NextToken"}, 6586 OutputTokens: []string{"NextToken"}, 6587 LimitToken: "MaxResults", 6588 TruncationToken: "", 6589 }, 6590 } 6591 6592 if input == nil { 6593 input = &ListAccountsInput{} 6594 } 6595 6596 output = &ListAccountsOutput{} 6597 req = c.newRequest(op, input, output) 6598 return 6599} 6600 6601// ListAccounts API operation for AWS Organizations. 6602// 6603// Lists all the accounts in the organization. To request only the accounts 6604// in a specified root or organizational unit (OU), use the ListAccountsForParent 6605// operation instead. 6606// 6607// Always check the NextToken response parameter for a null value when calling 6608// a List* operation. These operations can occasionally return an empty set 6609// of results even when there are more results available. The NextToken response 6610// parameter value is null only when there are no more results to display. 6611// 6612// This operation can be called only from the organization's master account. 6613// 6614// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 6615// with awserr.Error's Code and Message methods to get detailed information about 6616// the error. 6617// 6618// See the AWS API reference guide for AWS Organizations's 6619// API operation ListAccounts for usage and error information. 6620// 6621// Returned Error Codes: 6622// * ErrCodeAccessDeniedException "AccessDeniedException" 6623// You don't have permissions to perform the requested operation. The user or 6624// role that is making the request must have at least one IAM permissions policy 6625// attached that grants the required permissions. For more information, see 6626// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 6627// in the IAM User Guide. 6628// 6629// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 6630// Your account isn't a member of an organization. To make this request, you 6631// must use the credentials of an account that belongs to an organization. 6632// 6633// * ErrCodeInvalidInputException "InvalidInputException" 6634// The requested operation failed because you provided invalid values for one 6635// or more of the request parameters. This exception includes a reason that 6636// contains additional information about the violated limit: 6637// 6638// Some of the reasons in the following list might not be applicable to this 6639// specific API or operation: 6640// 6641// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 6642// can't be modified. 6643// 6644// * INPUT_REQUIRED: You must include a value for all required parameters. 6645// 6646// * INVALID_ENUM: You specified an invalid value. 6647// 6648// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 6649// characters. 6650// 6651// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 6652// at least one invalid value. 6653// 6654// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 6655// from the response to a previous call of the operation. 6656// 6657// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 6658// organization, or email) as a party. 6659// 6660// * INVALID_PATTERN: You provided a value that doesn't match the required 6661// pattern. 6662// 6663// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 6664// match the required pattern. 6665// 6666// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 6667// name can't begin with the reserved prefix AWSServiceRoleFor. 6668// 6669// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 6670// Name (ARN) for the organization. 6671// 6672// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 6673// 6674// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 6675// tag. You can’t add, edit, or delete system tag keys because they're 6676// reserved for AWS use. System tags don’t count against your tags per 6677// resource limit. 6678// 6679// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 6680// for the operation. 6681// 6682// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 6683// than allowed. 6684// 6685// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 6686// value than allowed. 6687// 6688// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 6689// than allowed. 6690// 6691// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 6692// value than allowed. 6693// 6694// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 6695// between entities in the same root. 6696// 6697// * ErrCodeServiceException "ServiceException" 6698// AWS Organizations can't complete your request because of an internal service 6699// error. Try again later. 6700// 6701// * ErrCodeTooManyRequestsException "TooManyRequestsException" 6702// You have sent too many requests in too short a period of time. The limit 6703// helps protect against denial-of-service attacks. Try again later. 6704// 6705// For information on limits that affect AWS Organizations, see Limits of AWS 6706// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 6707// in the AWS Organizations User Guide. 6708// 6709// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccounts 6710func (c *Organizations) ListAccounts(input *ListAccountsInput) (*ListAccountsOutput, error) { 6711 req, out := c.ListAccountsRequest(input) 6712 return out, req.Send() 6713} 6714 6715// ListAccountsWithContext is the same as ListAccounts with the addition of 6716// the ability to pass a context and additional request options. 6717// 6718// See ListAccounts for details on how to use this API operation. 6719// 6720// The context must be non-nil and will be used for request cancellation. If 6721// the context is nil a panic will occur. In the future the SDK may create 6722// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 6723// for more information on using Contexts. 6724func (c *Organizations) ListAccountsWithContext(ctx aws.Context, input *ListAccountsInput, opts ...request.Option) (*ListAccountsOutput, error) { 6725 req, out := c.ListAccountsRequest(input) 6726 req.SetContext(ctx) 6727 req.ApplyOptions(opts...) 6728 return out, req.Send() 6729} 6730 6731// ListAccountsPages iterates over the pages of a ListAccounts operation, 6732// calling the "fn" function with the response data for each page. To stop 6733// iterating, return false from the fn function. 6734// 6735// See ListAccounts method for more information on how to use this operation. 6736// 6737// Note: This operation can generate multiple requests to a service. 6738// 6739// // Example iterating over at most 3 pages of a ListAccounts operation. 6740// pageNum := 0 6741// err := client.ListAccountsPages(params, 6742// func(page *organizations.ListAccountsOutput, lastPage bool) bool { 6743// pageNum++ 6744// fmt.Println(page) 6745// return pageNum <= 3 6746// }) 6747// 6748func (c *Organizations) ListAccountsPages(input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool) error { 6749 return c.ListAccountsPagesWithContext(aws.BackgroundContext(), input, fn) 6750} 6751 6752// ListAccountsPagesWithContext same as ListAccountsPages except 6753// it takes a Context and allows setting request options on the pages. 6754// 6755// The context must be non-nil and will be used for request cancellation. If 6756// the context is nil a panic will occur. In the future the SDK may create 6757// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 6758// for more information on using Contexts. 6759func (c *Organizations) ListAccountsPagesWithContext(ctx aws.Context, input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool, opts ...request.Option) error { 6760 p := request.Pagination{ 6761 NewRequest: func() (*request.Request, error) { 6762 var inCpy *ListAccountsInput 6763 if input != nil { 6764 tmp := *input 6765 inCpy = &tmp 6766 } 6767 req, _ := c.ListAccountsRequest(inCpy) 6768 req.SetContext(ctx) 6769 req.ApplyOptions(opts...) 6770 return req, nil 6771 }, 6772 } 6773 6774 cont := true 6775 for p.Next() && cont { 6776 cont = fn(p.Page().(*ListAccountsOutput), !p.HasNextPage()) 6777 } 6778 return p.Err() 6779} 6780 6781const opListAccountsForParent = "ListAccountsForParent" 6782 6783// ListAccountsForParentRequest generates a "aws/request.Request" representing the 6784// client's request for the ListAccountsForParent operation. The "output" return 6785// value will be populated with the request's response once the request completes 6786// successfully. 6787// 6788// Use "Send" method on the returned Request to send the API call to the service. 6789// the "output" return value is not valid until after Send returns without error. 6790// 6791// See ListAccountsForParent for more information on using the ListAccountsForParent 6792// API call, and error handling. 6793// 6794// This method is useful when you want to inject custom logic or configuration 6795// into the SDK's request lifecycle. Such as custom headers, or retry logic. 6796// 6797// 6798// // Example sending a request using the ListAccountsForParentRequest method. 6799// req, resp := client.ListAccountsForParentRequest(params) 6800// 6801// err := req.Send() 6802// if err == nil { // resp is now filled 6803// fmt.Println(resp) 6804// } 6805// 6806// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccountsForParent 6807func (c *Organizations) ListAccountsForParentRequest(input *ListAccountsForParentInput) (req *request.Request, output *ListAccountsForParentOutput) { 6808 op := &request.Operation{ 6809 Name: opListAccountsForParent, 6810 HTTPMethod: "POST", 6811 HTTPPath: "/", 6812 Paginator: &request.Paginator{ 6813 InputTokens: []string{"NextToken"}, 6814 OutputTokens: []string{"NextToken"}, 6815 LimitToken: "MaxResults", 6816 TruncationToken: "", 6817 }, 6818 } 6819 6820 if input == nil { 6821 input = &ListAccountsForParentInput{} 6822 } 6823 6824 output = &ListAccountsForParentOutput{} 6825 req = c.newRequest(op, input, output) 6826 return 6827} 6828 6829// ListAccountsForParent API operation for AWS Organizations. 6830// 6831// Lists the accounts in an organization that are contained by the specified 6832// target root or organizational unit (OU). If you specify the root, you get 6833// a list of all the accounts that aren't in any OU. If you specify an OU, you 6834// get a list of all the accounts in only that OU and not in any child OUs. 6835// To get a list of all accounts in the organization, use the ListAccounts operation. 6836// 6837// Always check the NextToken response parameter for a null value when calling 6838// a List* operation. These operations can occasionally return an empty set 6839// of results even when there are more results available. The NextToken response 6840// parameter value is null only when there are no more results to display. 6841// 6842// This operation can be called only from the organization's master account. 6843// 6844// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 6845// with awserr.Error's Code and Message methods to get detailed information about 6846// the error. 6847// 6848// See the AWS API reference guide for AWS Organizations's 6849// API operation ListAccountsForParent for usage and error information. 6850// 6851// Returned Error Codes: 6852// * ErrCodeAccessDeniedException "AccessDeniedException" 6853// You don't have permissions to perform the requested operation. The user or 6854// role that is making the request must have at least one IAM permissions policy 6855// attached that grants the required permissions. For more information, see 6856// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 6857// in the IAM User Guide. 6858// 6859// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 6860// Your account isn't a member of an organization. To make this request, you 6861// must use the credentials of an account that belongs to an organization. 6862// 6863// * ErrCodeInvalidInputException "InvalidInputException" 6864// The requested operation failed because you provided invalid values for one 6865// or more of the request parameters. This exception includes a reason that 6866// contains additional information about the violated limit: 6867// 6868// Some of the reasons in the following list might not be applicable to this 6869// specific API or operation: 6870// 6871// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 6872// can't be modified. 6873// 6874// * INPUT_REQUIRED: You must include a value for all required parameters. 6875// 6876// * INVALID_ENUM: You specified an invalid value. 6877// 6878// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 6879// characters. 6880// 6881// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 6882// at least one invalid value. 6883// 6884// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 6885// from the response to a previous call of the operation. 6886// 6887// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 6888// organization, or email) as a party. 6889// 6890// * INVALID_PATTERN: You provided a value that doesn't match the required 6891// pattern. 6892// 6893// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 6894// match the required pattern. 6895// 6896// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 6897// name can't begin with the reserved prefix AWSServiceRoleFor. 6898// 6899// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 6900// Name (ARN) for the organization. 6901// 6902// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 6903// 6904// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 6905// tag. You can’t add, edit, or delete system tag keys because they're 6906// reserved for AWS use. System tags don’t count against your tags per 6907// resource limit. 6908// 6909// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 6910// for the operation. 6911// 6912// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 6913// than allowed. 6914// 6915// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 6916// value than allowed. 6917// 6918// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 6919// than allowed. 6920// 6921// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 6922// value than allowed. 6923// 6924// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 6925// between entities in the same root. 6926// 6927// * ErrCodeParentNotFoundException "ParentNotFoundException" 6928// We can't find a root or OU with the ParentId that you specified. 6929// 6930// * ErrCodeServiceException "ServiceException" 6931// AWS Organizations can't complete your request because of an internal service 6932// error. Try again later. 6933// 6934// * ErrCodeTooManyRequestsException "TooManyRequestsException" 6935// You have sent too many requests in too short a period of time. The limit 6936// helps protect against denial-of-service attacks. Try again later. 6937// 6938// For information on limits that affect AWS Organizations, see Limits of AWS 6939// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 6940// in the AWS Organizations User Guide. 6941// 6942// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccountsForParent 6943func (c *Organizations) ListAccountsForParent(input *ListAccountsForParentInput) (*ListAccountsForParentOutput, error) { 6944 req, out := c.ListAccountsForParentRequest(input) 6945 return out, req.Send() 6946} 6947 6948// ListAccountsForParentWithContext is the same as ListAccountsForParent with the addition of 6949// the ability to pass a context and additional request options. 6950// 6951// See ListAccountsForParent for details on how to use this API operation. 6952// 6953// The context must be non-nil and will be used for request cancellation. If 6954// the context is nil a panic will occur. In the future the SDK may create 6955// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 6956// for more information on using Contexts. 6957func (c *Organizations) ListAccountsForParentWithContext(ctx aws.Context, input *ListAccountsForParentInput, opts ...request.Option) (*ListAccountsForParentOutput, error) { 6958 req, out := c.ListAccountsForParentRequest(input) 6959 req.SetContext(ctx) 6960 req.ApplyOptions(opts...) 6961 return out, req.Send() 6962} 6963 6964// ListAccountsForParentPages iterates over the pages of a ListAccountsForParent operation, 6965// calling the "fn" function with the response data for each page. To stop 6966// iterating, return false from the fn function. 6967// 6968// See ListAccountsForParent method for more information on how to use this operation. 6969// 6970// Note: This operation can generate multiple requests to a service. 6971// 6972// // Example iterating over at most 3 pages of a ListAccountsForParent operation. 6973// pageNum := 0 6974// err := client.ListAccountsForParentPages(params, 6975// func(page *organizations.ListAccountsForParentOutput, lastPage bool) bool { 6976// pageNum++ 6977// fmt.Println(page) 6978// return pageNum <= 3 6979// }) 6980// 6981func (c *Organizations) ListAccountsForParentPages(input *ListAccountsForParentInput, fn func(*ListAccountsForParentOutput, bool) bool) error { 6982 return c.ListAccountsForParentPagesWithContext(aws.BackgroundContext(), input, fn) 6983} 6984 6985// ListAccountsForParentPagesWithContext same as ListAccountsForParentPages except 6986// it takes a Context and allows setting request options on the pages. 6987// 6988// The context must be non-nil and will be used for request cancellation. If 6989// the context is nil a panic will occur. In the future the SDK may create 6990// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 6991// for more information on using Contexts. 6992func (c *Organizations) ListAccountsForParentPagesWithContext(ctx aws.Context, input *ListAccountsForParentInput, fn func(*ListAccountsForParentOutput, bool) bool, opts ...request.Option) error { 6993 p := request.Pagination{ 6994 NewRequest: func() (*request.Request, error) { 6995 var inCpy *ListAccountsForParentInput 6996 if input != nil { 6997 tmp := *input 6998 inCpy = &tmp 6999 } 7000 req, _ := c.ListAccountsForParentRequest(inCpy) 7001 req.SetContext(ctx) 7002 req.ApplyOptions(opts...) 7003 return req, nil 7004 }, 7005 } 7006 7007 cont := true 7008 for p.Next() && cont { 7009 cont = fn(p.Page().(*ListAccountsForParentOutput), !p.HasNextPage()) 7010 } 7011 return p.Err() 7012} 7013 7014const opListChildren = "ListChildren" 7015 7016// ListChildrenRequest generates a "aws/request.Request" representing the 7017// client's request for the ListChildren operation. The "output" return 7018// value will be populated with the request's response once the request completes 7019// successfully. 7020// 7021// Use "Send" method on the returned Request to send the API call to the service. 7022// the "output" return value is not valid until after Send returns without error. 7023// 7024// See ListChildren for more information on using the ListChildren 7025// API call, and error handling. 7026// 7027// This method is useful when you want to inject custom logic or configuration 7028// into the SDK's request lifecycle. Such as custom headers, or retry logic. 7029// 7030// 7031// // Example sending a request using the ListChildrenRequest method. 7032// req, resp := client.ListChildrenRequest(params) 7033// 7034// err := req.Send() 7035// if err == nil { // resp is now filled 7036// fmt.Println(resp) 7037// } 7038// 7039// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListChildren 7040func (c *Organizations) ListChildrenRequest(input *ListChildrenInput) (req *request.Request, output *ListChildrenOutput) { 7041 op := &request.Operation{ 7042 Name: opListChildren, 7043 HTTPMethod: "POST", 7044 HTTPPath: "/", 7045 Paginator: &request.Paginator{ 7046 InputTokens: []string{"NextToken"}, 7047 OutputTokens: []string{"NextToken"}, 7048 LimitToken: "MaxResults", 7049 TruncationToken: "", 7050 }, 7051 } 7052 7053 if input == nil { 7054 input = &ListChildrenInput{} 7055 } 7056 7057 output = &ListChildrenOutput{} 7058 req = c.newRequest(op, input, output) 7059 return 7060} 7061 7062// ListChildren API operation for AWS Organizations. 7063// 7064// Lists all of the organizational units (OUs) or accounts that are contained 7065// in the specified parent OU or root. This operation, along with ListParents 7066// enables you to traverse the tree structure that makes up this root. 7067// 7068// Always check the NextToken response parameter for a null value when calling 7069// a List* operation. These operations can occasionally return an empty set 7070// of results even when there are more results available. The NextToken response 7071// parameter value is null only when there are no more results to display. 7072// 7073// This operation can be called only from the organization's master account. 7074// 7075// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 7076// with awserr.Error's Code and Message methods to get detailed information about 7077// the error. 7078// 7079// See the AWS API reference guide for AWS Organizations's 7080// API operation ListChildren for usage and error information. 7081// 7082// Returned Error Codes: 7083// * ErrCodeAccessDeniedException "AccessDeniedException" 7084// You don't have permissions to perform the requested operation. The user or 7085// role that is making the request must have at least one IAM permissions policy 7086// attached that grants the required permissions. For more information, see 7087// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 7088// in the IAM User Guide. 7089// 7090// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 7091// Your account isn't a member of an organization. To make this request, you 7092// must use the credentials of an account that belongs to an organization. 7093// 7094// * ErrCodeInvalidInputException "InvalidInputException" 7095// The requested operation failed because you provided invalid values for one 7096// or more of the request parameters. This exception includes a reason that 7097// contains additional information about the violated limit: 7098// 7099// Some of the reasons in the following list might not be applicable to this 7100// specific API or operation: 7101// 7102// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 7103// can't be modified. 7104// 7105// * INPUT_REQUIRED: You must include a value for all required parameters. 7106// 7107// * INVALID_ENUM: You specified an invalid value. 7108// 7109// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 7110// characters. 7111// 7112// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 7113// at least one invalid value. 7114// 7115// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 7116// from the response to a previous call of the operation. 7117// 7118// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 7119// organization, or email) as a party. 7120// 7121// * INVALID_PATTERN: You provided a value that doesn't match the required 7122// pattern. 7123// 7124// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 7125// match the required pattern. 7126// 7127// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 7128// name can't begin with the reserved prefix AWSServiceRoleFor. 7129// 7130// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 7131// Name (ARN) for the organization. 7132// 7133// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 7134// 7135// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 7136// tag. You can’t add, edit, or delete system tag keys because they're 7137// reserved for AWS use. System tags don’t count against your tags per 7138// resource limit. 7139// 7140// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 7141// for the operation. 7142// 7143// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 7144// than allowed. 7145// 7146// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 7147// value than allowed. 7148// 7149// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 7150// than allowed. 7151// 7152// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 7153// value than allowed. 7154// 7155// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 7156// between entities in the same root. 7157// 7158// * ErrCodeParentNotFoundException "ParentNotFoundException" 7159// We can't find a root or OU with the ParentId that you specified. 7160// 7161// * ErrCodeServiceException "ServiceException" 7162// AWS Organizations can't complete your request because of an internal service 7163// error. Try again later. 7164// 7165// * ErrCodeTooManyRequestsException "TooManyRequestsException" 7166// You have sent too many requests in too short a period of time. The limit 7167// helps protect against denial-of-service attacks. Try again later. 7168// 7169// For information on limits that affect AWS Organizations, see Limits of AWS 7170// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 7171// in the AWS Organizations User Guide. 7172// 7173// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListChildren 7174func (c *Organizations) ListChildren(input *ListChildrenInput) (*ListChildrenOutput, error) { 7175 req, out := c.ListChildrenRequest(input) 7176 return out, req.Send() 7177} 7178 7179// ListChildrenWithContext is the same as ListChildren with the addition of 7180// the ability to pass a context and additional request options. 7181// 7182// See ListChildren for details on how to use this API operation. 7183// 7184// The context must be non-nil and will be used for request cancellation. If 7185// the context is nil a panic will occur. In the future the SDK may create 7186// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 7187// for more information on using Contexts. 7188func (c *Organizations) ListChildrenWithContext(ctx aws.Context, input *ListChildrenInput, opts ...request.Option) (*ListChildrenOutput, error) { 7189 req, out := c.ListChildrenRequest(input) 7190 req.SetContext(ctx) 7191 req.ApplyOptions(opts...) 7192 return out, req.Send() 7193} 7194 7195// ListChildrenPages iterates over the pages of a ListChildren operation, 7196// calling the "fn" function with the response data for each page. To stop 7197// iterating, return false from the fn function. 7198// 7199// See ListChildren method for more information on how to use this operation. 7200// 7201// Note: This operation can generate multiple requests to a service. 7202// 7203// // Example iterating over at most 3 pages of a ListChildren operation. 7204// pageNum := 0 7205// err := client.ListChildrenPages(params, 7206// func(page *organizations.ListChildrenOutput, lastPage bool) bool { 7207// pageNum++ 7208// fmt.Println(page) 7209// return pageNum <= 3 7210// }) 7211// 7212func (c *Organizations) ListChildrenPages(input *ListChildrenInput, fn func(*ListChildrenOutput, bool) bool) error { 7213 return c.ListChildrenPagesWithContext(aws.BackgroundContext(), input, fn) 7214} 7215 7216// ListChildrenPagesWithContext same as ListChildrenPages except 7217// it takes a Context and allows setting request options on the pages. 7218// 7219// The context must be non-nil and will be used for request cancellation. If 7220// the context is nil a panic will occur. In the future the SDK may create 7221// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 7222// for more information on using Contexts. 7223func (c *Organizations) ListChildrenPagesWithContext(ctx aws.Context, input *ListChildrenInput, fn func(*ListChildrenOutput, bool) bool, opts ...request.Option) error { 7224 p := request.Pagination{ 7225 NewRequest: func() (*request.Request, error) { 7226 var inCpy *ListChildrenInput 7227 if input != nil { 7228 tmp := *input 7229 inCpy = &tmp 7230 } 7231 req, _ := c.ListChildrenRequest(inCpy) 7232 req.SetContext(ctx) 7233 req.ApplyOptions(opts...) 7234 return req, nil 7235 }, 7236 } 7237 7238 cont := true 7239 for p.Next() && cont { 7240 cont = fn(p.Page().(*ListChildrenOutput), !p.HasNextPage()) 7241 } 7242 return p.Err() 7243} 7244 7245const opListCreateAccountStatus = "ListCreateAccountStatus" 7246 7247// ListCreateAccountStatusRequest generates a "aws/request.Request" representing the 7248// client's request for the ListCreateAccountStatus operation. The "output" return 7249// value will be populated with the request's response once the request completes 7250// successfully. 7251// 7252// Use "Send" method on the returned Request to send the API call to the service. 7253// the "output" return value is not valid until after Send returns without error. 7254// 7255// See ListCreateAccountStatus for more information on using the ListCreateAccountStatus 7256// API call, and error handling. 7257// 7258// This method is useful when you want to inject custom logic or configuration 7259// into the SDK's request lifecycle. Such as custom headers, or retry logic. 7260// 7261// 7262// // Example sending a request using the ListCreateAccountStatusRequest method. 7263// req, resp := client.ListCreateAccountStatusRequest(params) 7264// 7265// err := req.Send() 7266// if err == nil { // resp is now filled 7267// fmt.Println(resp) 7268// } 7269// 7270// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus 7271func (c *Organizations) ListCreateAccountStatusRequest(input *ListCreateAccountStatusInput) (req *request.Request, output *ListCreateAccountStatusOutput) { 7272 op := &request.Operation{ 7273 Name: opListCreateAccountStatus, 7274 HTTPMethod: "POST", 7275 HTTPPath: "/", 7276 Paginator: &request.Paginator{ 7277 InputTokens: []string{"NextToken"}, 7278 OutputTokens: []string{"NextToken"}, 7279 LimitToken: "MaxResults", 7280 TruncationToken: "", 7281 }, 7282 } 7283 7284 if input == nil { 7285 input = &ListCreateAccountStatusInput{} 7286 } 7287 7288 output = &ListCreateAccountStatusOutput{} 7289 req = c.newRequest(op, input, output) 7290 return 7291} 7292 7293// ListCreateAccountStatus API operation for AWS Organizations. 7294// 7295// Lists the account creation requests that match the specified status that 7296// is currently being tracked for the organization. 7297// 7298// Always check the NextToken response parameter for a null value when calling 7299// a List* operation. These operations can occasionally return an empty set 7300// of results even when there are more results available. The NextToken response 7301// parameter value is null only when there are no more results to display. 7302// 7303// This operation can be called only from the organization's master account. 7304// 7305// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 7306// with awserr.Error's Code and Message methods to get detailed information about 7307// the error. 7308// 7309// See the AWS API reference guide for AWS Organizations's 7310// API operation ListCreateAccountStatus for usage and error information. 7311// 7312// Returned Error Codes: 7313// * ErrCodeAccessDeniedException "AccessDeniedException" 7314// You don't have permissions to perform the requested operation. The user or 7315// role that is making the request must have at least one IAM permissions policy 7316// attached that grants the required permissions. For more information, see 7317// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 7318// in the IAM User Guide. 7319// 7320// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 7321// Your account isn't a member of an organization. To make this request, you 7322// must use the credentials of an account that belongs to an organization. 7323// 7324// * ErrCodeInvalidInputException "InvalidInputException" 7325// The requested operation failed because you provided invalid values for one 7326// or more of the request parameters. This exception includes a reason that 7327// contains additional information about the violated limit: 7328// 7329// Some of the reasons in the following list might not be applicable to this 7330// specific API or operation: 7331// 7332// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 7333// can't be modified. 7334// 7335// * INPUT_REQUIRED: You must include a value for all required parameters. 7336// 7337// * INVALID_ENUM: You specified an invalid value. 7338// 7339// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 7340// characters. 7341// 7342// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 7343// at least one invalid value. 7344// 7345// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 7346// from the response to a previous call of the operation. 7347// 7348// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 7349// organization, or email) as a party. 7350// 7351// * INVALID_PATTERN: You provided a value that doesn't match the required 7352// pattern. 7353// 7354// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 7355// match the required pattern. 7356// 7357// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 7358// name can't begin with the reserved prefix AWSServiceRoleFor. 7359// 7360// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 7361// Name (ARN) for the organization. 7362// 7363// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 7364// 7365// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 7366// tag. You can’t add, edit, or delete system tag keys because they're 7367// reserved for AWS use. System tags don’t count against your tags per 7368// resource limit. 7369// 7370// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 7371// for the operation. 7372// 7373// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 7374// than allowed. 7375// 7376// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 7377// value than allowed. 7378// 7379// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 7380// than allowed. 7381// 7382// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 7383// value than allowed. 7384// 7385// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 7386// between entities in the same root. 7387// 7388// * ErrCodeServiceException "ServiceException" 7389// AWS Organizations can't complete your request because of an internal service 7390// error. Try again later. 7391// 7392// * ErrCodeTooManyRequestsException "TooManyRequestsException" 7393// You have sent too many requests in too short a period of time. The limit 7394// helps protect against denial-of-service attacks. Try again later. 7395// 7396// For information on limits that affect AWS Organizations, see Limits of AWS 7397// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 7398// in the AWS Organizations User Guide. 7399// 7400// * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException" 7401// This action isn't available in the current Region. 7402// 7403// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus 7404func (c *Organizations) ListCreateAccountStatus(input *ListCreateAccountStatusInput) (*ListCreateAccountStatusOutput, error) { 7405 req, out := c.ListCreateAccountStatusRequest(input) 7406 return out, req.Send() 7407} 7408 7409// ListCreateAccountStatusWithContext is the same as ListCreateAccountStatus with the addition of 7410// the ability to pass a context and additional request options. 7411// 7412// See ListCreateAccountStatus for details on how to use this API operation. 7413// 7414// The context must be non-nil and will be used for request cancellation. If 7415// the context is nil a panic will occur. In the future the SDK may create 7416// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 7417// for more information on using Contexts. 7418func (c *Organizations) ListCreateAccountStatusWithContext(ctx aws.Context, input *ListCreateAccountStatusInput, opts ...request.Option) (*ListCreateAccountStatusOutput, error) { 7419 req, out := c.ListCreateAccountStatusRequest(input) 7420 req.SetContext(ctx) 7421 req.ApplyOptions(opts...) 7422 return out, req.Send() 7423} 7424 7425// ListCreateAccountStatusPages iterates over the pages of a ListCreateAccountStatus operation, 7426// calling the "fn" function with the response data for each page. To stop 7427// iterating, return false from the fn function. 7428// 7429// See ListCreateAccountStatus method for more information on how to use this operation. 7430// 7431// Note: This operation can generate multiple requests to a service. 7432// 7433// // Example iterating over at most 3 pages of a ListCreateAccountStatus operation. 7434// pageNum := 0 7435// err := client.ListCreateAccountStatusPages(params, 7436// func(page *organizations.ListCreateAccountStatusOutput, lastPage bool) bool { 7437// pageNum++ 7438// fmt.Println(page) 7439// return pageNum <= 3 7440// }) 7441// 7442func (c *Organizations) ListCreateAccountStatusPages(input *ListCreateAccountStatusInput, fn func(*ListCreateAccountStatusOutput, bool) bool) error { 7443 return c.ListCreateAccountStatusPagesWithContext(aws.BackgroundContext(), input, fn) 7444} 7445 7446// ListCreateAccountStatusPagesWithContext same as ListCreateAccountStatusPages except 7447// it takes a Context and allows setting request options on the pages. 7448// 7449// The context must be non-nil and will be used for request cancellation. If 7450// the context is nil a panic will occur. In the future the SDK may create 7451// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 7452// for more information on using Contexts. 7453func (c *Organizations) ListCreateAccountStatusPagesWithContext(ctx aws.Context, input *ListCreateAccountStatusInput, fn func(*ListCreateAccountStatusOutput, bool) bool, opts ...request.Option) error { 7454 p := request.Pagination{ 7455 NewRequest: func() (*request.Request, error) { 7456 var inCpy *ListCreateAccountStatusInput 7457 if input != nil { 7458 tmp := *input 7459 inCpy = &tmp 7460 } 7461 req, _ := c.ListCreateAccountStatusRequest(inCpy) 7462 req.SetContext(ctx) 7463 req.ApplyOptions(opts...) 7464 return req, nil 7465 }, 7466 } 7467 7468 cont := true 7469 for p.Next() && cont { 7470 cont = fn(p.Page().(*ListCreateAccountStatusOutput), !p.HasNextPage()) 7471 } 7472 return p.Err() 7473} 7474 7475const opListHandshakesForAccount = "ListHandshakesForAccount" 7476 7477// ListHandshakesForAccountRequest generates a "aws/request.Request" representing the 7478// client's request for the ListHandshakesForAccount operation. The "output" return 7479// value will be populated with the request's response once the request completes 7480// successfully. 7481// 7482// Use "Send" method on the returned Request to send the API call to the service. 7483// the "output" return value is not valid until after Send returns without error. 7484// 7485// See ListHandshakesForAccount for more information on using the ListHandshakesForAccount 7486// API call, and error handling. 7487// 7488// This method is useful when you want to inject custom logic or configuration 7489// into the SDK's request lifecycle. Such as custom headers, or retry logic. 7490// 7491// 7492// // Example sending a request using the ListHandshakesForAccountRequest method. 7493// req, resp := client.ListHandshakesForAccountRequest(params) 7494// 7495// err := req.Send() 7496// if err == nil { // resp is now filled 7497// fmt.Println(resp) 7498// } 7499// 7500// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForAccount 7501func (c *Organizations) ListHandshakesForAccountRequest(input *ListHandshakesForAccountInput) (req *request.Request, output *ListHandshakesForAccountOutput) { 7502 op := &request.Operation{ 7503 Name: opListHandshakesForAccount, 7504 HTTPMethod: "POST", 7505 HTTPPath: "/", 7506 Paginator: &request.Paginator{ 7507 InputTokens: []string{"NextToken"}, 7508 OutputTokens: []string{"NextToken"}, 7509 LimitToken: "MaxResults", 7510 TruncationToken: "", 7511 }, 7512 } 7513 7514 if input == nil { 7515 input = &ListHandshakesForAccountInput{} 7516 } 7517 7518 output = &ListHandshakesForAccountOutput{} 7519 req = c.newRequest(op, input, output) 7520 return 7521} 7522 7523// ListHandshakesForAccount API operation for AWS Organizations. 7524// 7525// Lists the current handshakes that are associated with the account of the 7526// requesting user. 7527// 7528// Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the results 7529// of this API for only 30 days after changing to that state. After that, they're 7530// deleted and no longer accessible. 7531// 7532// Always check the NextToken response parameter for a null value when calling 7533// a List* operation. These operations can occasionally return an empty set 7534// of results even when there are more results available. The NextToken response 7535// parameter value is null only when there are no more results to display. 7536// 7537// This operation can be called from any account in the organization. 7538// 7539// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 7540// with awserr.Error's Code and Message methods to get detailed information about 7541// the error. 7542// 7543// See the AWS API reference guide for AWS Organizations's 7544// API operation ListHandshakesForAccount for usage and error information. 7545// 7546// Returned Error Codes: 7547// * ErrCodeAccessDeniedException "AccessDeniedException" 7548// You don't have permissions to perform the requested operation. The user or 7549// role that is making the request must have at least one IAM permissions policy 7550// attached that grants the required permissions. For more information, see 7551// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 7552// in the IAM User Guide. 7553// 7554// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 7555// The target of the operation is currently being modified by a different request. 7556// Try again later. 7557// 7558// * ErrCodeInvalidInputException "InvalidInputException" 7559// The requested operation failed because you provided invalid values for one 7560// or more of the request parameters. This exception includes a reason that 7561// contains additional information about the violated limit: 7562// 7563// Some of the reasons in the following list might not be applicable to this 7564// specific API or operation: 7565// 7566// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 7567// can't be modified. 7568// 7569// * INPUT_REQUIRED: You must include a value for all required parameters. 7570// 7571// * INVALID_ENUM: You specified an invalid value. 7572// 7573// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 7574// characters. 7575// 7576// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 7577// at least one invalid value. 7578// 7579// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 7580// from the response to a previous call of the operation. 7581// 7582// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 7583// organization, or email) as a party. 7584// 7585// * INVALID_PATTERN: You provided a value that doesn't match the required 7586// pattern. 7587// 7588// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 7589// match the required pattern. 7590// 7591// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 7592// name can't begin with the reserved prefix AWSServiceRoleFor. 7593// 7594// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 7595// Name (ARN) for the organization. 7596// 7597// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 7598// 7599// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 7600// tag. You can’t add, edit, or delete system tag keys because they're 7601// reserved for AWS use. System tags don’t count against your tags per 7602// resource limit. 7603// 7604// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 7605// for the operation. 7606// 7607// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 7608// than allowed. 7609// 7610// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 7611// value than allowed. 7612// 7613// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 7614// than allowed. 7615// 7616// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 7617// value than allowed. 7618// 7619// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 7620// between entities in the same root. 7621// 7622// * ErrCodeServiceException "ServiceException" 7623// AWS Organizations can't complete your request because of an internal service 7624// error. Try again later. 7625// 7626// * ErrCodeTooManyRequestsException "TooManyRequestsException" 7627// You have sent too many requests in too short a period of time. The limit 7628// helps protect against denial-of-service attacks. Try again later. 7629// 7630// For information on limits that affect AWS Organizations, see Limits of AWS 7631// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 7632// in the AWS Organizations User Guide. 7633// 7634// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForAccount 7635func (c *Organizations) ListHandshakesForAccount(input *ListHandshakesForAccountInput) (*ListHandshakesForAccountOutput, error) { 7636 req, out := c.ListHandshakesForAccountRequest(input) 7637 return out, req.Send() 7638} 7639 7640// ListHandshakesForAccountWithContext is the same as ListHandshakesForAccount with the addition of 7641// the ability to pass a context and additional request options. 7642// 7643// See ListHandshakesForAccount for details on how to use this API operation. 7644// 7645// The context must be non-nil and will be used for request cancellation. If 7646// the context is nil a panic will occur. In the future the SDK may create 7647// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 7648// for more information on using Contexts. 7649func (c *Organizations) ListHandshakesForAccountWithContext(ctx aws.Context, input *ListHandshakesForAccountInput, opts ...request.Option) (*ListHandshakesForAccountOutput, error) { 7650 req, out := c.ListHandshakesForAccountRequest(input) 7651 req.SetContext(ctx) 7652 req.ApplyOptions(opts...) 7653 return out, req.Send() 7654} 7655 7656// ListHandshakesForAccountPages iterates over the pages of a ListHandshakesForAccount operation, 7657// calling the "fn" function with the response data for each page. To stop 7658// iterating, return false from the fn function. 7659// 7660// See ListHandshakesForAccount method for more information on how to use this operation. 7661// 7662// Note: This operation can generate multiple requests to a service. 7663// 7664// // Example iterating over at most 3 pages of a ListHandshakesForAccount operation. 7665// pageNum := 0 7666// err := client.ListHandshakesForAccountPages(params, 7667// func(page *organizations.ListHandshakesForAccountOutput, lastPage bool) bool { 7668// pageNum++ 7669// fmt.Println(page) 7670// return pageNum <= 3 7671// }) 7672// 7673func (c *Organizations) ListHandshakesForAccountPages(input *ListHandshakesForAccountInput, fn func(*ListHandshakesForAccountOutput, bool) bool) error { 7674 return c.ListHandshakesForAccountPagesWithContext(aws.BackgroundContext(), input, fn) 7675} 7676 7677// ListHandshakesForAccountPagesWithContext same as ListHandshakesForAccountPages except 7678// it takes a Context and allows setting request options on the pages. 7679// 7680// The context must be non-nil and will be used for request cancellation. If 7681// the context is nil a panic will occur. In the future the SDK may create 7682// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 7683// for more information on using Contexts. 7684func (c *Organizations) ListHandshakesForAccountPagesWithContext(ctx aws.Context, input *ListHandshakesForAccountInput, fn func(*ListHandshakesForAccountOutput, bool) bool, opts ...request.Option) error { 7685 p := request.Pagination{ 7686 NewRequest: func() (*request.Request, error) { 7687 var inCpy *ListHandshakesForAccountInput 7688 if input != nil { 7689 tmp := *input 7690 inCpy = &tmp 7691 } 7692 req, _ := c.ListHandshakesForAccountRequest(inCpy) 7693 req.SetContext(ctx) 7694 req.ApplyOptions(opts...) 7695 return req, nil 7696 }, 7697 } 7698 7699 cont := true 7700 for p.Next() && cont { 7701 cont = fn(p.Page().(*ListHandshakesForAccountOutput), !p.HasNextPage()) 7702 } 7703 return p.Err() 7704} 7705 7706const opListHandshakesForOrganization = "ListHandshakesForOrganization" 7707 7708// ListHandshakesForOrganizationRequest generates a "aws/request.Request" representing the 7709// client's request for the ListHandshakesForOrganization operation. The "output" return 7710// value will be populated with the request's response once the request completes 7711// successfully. 7712// 7713// Use "Send" method on the returned Request to send the API call to the service. 7714// the "output" return value is not valid until after Send returns without error. 7715// 7716// See ListHandshakesForOrganization for more information on using the ListHandshakesForOrganization 7717// API call, and error handling. 7718// 7719// This method is useful when you want to inject custom logic or configuration 7720// into the SDK's request lifecycle. Such as custom headers, or retry logic. 7721// 7722// 7723// // Example sending a request using the ListHandshakesForOrganizationRequest method. 7724// req, resp := client.ListHandshakesForOrganizationRequest(params) 7725// 7726// err := req.Send() 7727// if err == nil { // resp is now filled 7728// fmt.Println(resp) 7729// } 7730// 7731// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForOrganization 7732func (c *Organizations) ListHandshakesForOrganizationRequest(input *ListHandshakesForOrganizationInput) (req *request.Request, output *ListHandshakesForOrganizationOutput) { 7733 op := &request.Operation{ 7734 Name: opListHandshakesForOrganization, 7735 HTTPMethod: "POST", 7736 HTTPPath: "/", 7737 Paginator: &request.Paginator{ 7738 InputTokens: []string{"NextToken"}, 7739 OutputTokens: []string{"NextToken"}, 7740 LimitToken: "MaxResults", 7741 TruncationToken: "", 7742 }, 7743 } 7744 7745 if input == nil { 7746 input = &ListHandshakesForOrganizationInput{} 7747 } 7748 7749 output = &ListHandshakesForOrganizationOutput{} 7750 req = c.newRequest(op, input, output) 7751 return 7752} 7753 7754// ListHandshakesForOrganization API operation for AWS Organizations. 7755// 7756// Lists the handshakes that are associated with the organization that the requesting 7757// user is part of. The ListHandshakesForOrganization operation returns a list 7758// of handshake structures. Each structure contains details and status about 7759// a handshake. 7760// 7761// Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the results 7762// of this API for only 30 days after changing to that state. After that, they're 7763// deleted and no longer accessible. 7764// 7765// Always check the NextToken response parameter for a null value when calling 7766// a List* operation. These operations can occasionally return an empty set 7767// of results even when there are more results available. The NextToken response 7768// parameter value is null only when there are no more results to display. 7769// 7770// This operation can be called only from the organization's master account. 7771// 7772// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 7773// with awserr.Error's Code and Message methods to get detailed information about 7774// the error. 7775// 7776// See the AWS API reference guide for AWS Organizations's 7777// API operation ListHandshakesForOrganization for usage and error information. 7778// 7779// Returned Error Codes: 7780// * ErrCodeAccessDeniedException "AccessDeniedException" 7781// You don't have permissions to perform the requested operation. The user or 7782// role that is making the request must have at least one IAM permissions policy 7783// attached that grants the required permissions. For more information, see 7784// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 7785// in the IAM User Guide. 7786// 7787// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 7788// Your account isn't a member of an organization. To make this request, you 7789// must use the credentials of an account that belongs to an organization. 7790// 7791// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 7792// The target of the operation is currently being modified by a different request. 7793// Try again later. 7794// 7795// * ErrCodeInvalidInputException "InvalidInputException" 7796// The requested operation failed because you provided invalid values for one 7797// or more of the request parameters. This exception includes a reason that 7798// contains additional information about the violated limit: 7799// 7800// Some of the reasons in the following list might not be applicable to this 7801// specific API or operation: 7802// 7803// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 7804// can't be modified. 7805// 7806// * INPUT_REQUIRED: You must include a value for all required parameters. 7807// 7808// * INVALID_ENUM: You specified an invalid value. 7809// 7810// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 7811// characters. 7812// 7813// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 7814// at least one invalid value. 7815// 7816// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 7817// from the response to a previous call of the operation. 7818// 7819// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 7820// organization, or email) as a party. 7821// 7822// * INVALID_PATTERN: You provided a value that doesn't match the required 7823// pattern. 7824// 7825// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 7826// match the required pattern. 7827// 7828// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 7829// name can't begin with the reserved prefix AWSServiceRoleFor. 7830// 7831// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 7832// Name (ARN) for the organization. 7833// 7834// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 7835// 7836// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 7837// tag. You can’t add, edit, or delete system tag keys because they're 7838// reserved for AWS use. System tags don’t count against your tags per 7839// resource limit. 7840// 7841// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 7842// for the operation. 7843// 7844// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 7845// than allowed. 7846// 7847// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 7848// value than allowed. 7849// 7850// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 7851// than allowed. 7852// 7853// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 7854// value than allowed. 7855// 7856// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 7857// between entities in the same root. 7858// 7859// * ErrCodeServiceException "ServiceException" 7860// AWS Organizations can't complete your request because of an internal service 7861// error. Try again later. 7862// 7863// * ErrCodeTooManyRequestsException "TooManyRequestsException" 7864// You have sent too many requests in too short a period of time. The limit 7865// helps protect against denial-of-service attacks. Try again later. 7866// 7867// For information on limits that affect AWS Organizations, see Limits of AWS 7868// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 7869// in the AWS Organizations User Guide. 7870// 7871// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForOrganization 7872func (c *Organizations) ListHandshakesForOrganization(input *ListHandshakesForOrganizationInput) (*ListHandshakesForOrganizationOutput, error) { 7873 req, out := c.ListHandshakesForOrganizationRequest(input) 7874 return out, req.Send() 7875} 7876 7877// ListHandshakesForOrganizationWithContext is the same as ListHandshakesForOrganization with the addition of 7878// the ability to pass a context and additional request options. 7879// 7880// See ListHandshakesForOrganization for details on how to use this API operation. 7881// 7882// The context must be non-nil and will be used for request cancellation. If 7883// the context is nil a panic will occur. In the future the SDK may create 7884// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 7885// for more information on using Contexts. 7886func (c *Organizations) ListHandshakesForOrganizationWithContext(ctx aws.Context, input *ListHandshakesForOrganizationInput, opts ...request.Option) (*ListHandshakesForOrganizationOutput, error) { 7887 req, out := c.ListHandshakesForOrganizationRequest(input) 7888 req.SetContext(ctx) 7889 req.ApplyOptions(opts...) 7890 return out, req.Send() 7891} 7892 7893// ListHandshakesForOrganizationPages iterates over the pages of a ListHandshakesForOrganization operation, 7894// calling the "fn" function with the response data for each page. To stop 7895// iterating, return false from the fn function. 7896// 7897// See ListHandshakesForOrganization method for more information on how to use this operation. 7898// 7899// Note: This operation can generate multiple requests to a service. 7900// 7901// // Example iterating over at most 3 pages of a ListHandshakesForOrganization operation. 7902// pageNum := 0 7903// err := client.ListHandshakesForOrganizationPages(params, 7904// func(page *organizations.ListHandshakesForOrganizationOutput, lastPage bool) bool { 7905// pageNum++ 7906// fmt.Println(page) 7907// return pageNum <= 3 7908// }) 7909// 7910func (c *Organizations) ListHandshakesForOrganizationPages(input *ListHandshakesForOrganizationInput, fn func(*ListHandshakesForOrganizationOutput, bool) bool) error { 7911 return c.ListHandshakesForOrganizationPagesWithContext(aws.BackgroundContext(), input, fn) 7912} 7913 7914// ListHandshakesForOrganizationPagesWithContext same as ListHandshakesForOrganizationPages except 7915// it takes a Context and allows setting request options on the pages. 7916// 7917// The context must be non-nil and will be used for request cancellation. If 7918// the context is nil a panic will occur. In the future the SDK may create 7919// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 7920// for more information on using Contexts. 7921func (c *Organizations) ListHandshakesForOrganizationPagesWithContext(ctx aws.Context, input *ListHandshakesForOrganizationInput, fn func(*ListHandshakesForOrganizationOutput, bool) bool, opts ...request.Option) error { 7922 p := request.Pagination{ 7923 NewRequest: func() (*request.Request, error) { 7924 var inCpy *ListHandshakesForOrganizationInput 7925 if input != nil { 7926 tmp := *input 7927 inCpy = &tmp 7928 } 7929 req, _ := c.ListHandshakesForOrganizationRequest(inCpy) 7930 req.SetContext(ctx) 7931 req.ApplyOptions(opts...) 7932 return req, nil 7933 }, 7934 } 7935 7936 cont := true 7937 for p.Next() && cont { 7938 cont = fn(p.Page().(*ListHandshakesForOrganizationOutput), !p.HasNextPage()) 7939 } 7940 return p.Err() 7941} 7942 7943const opListOrganizationalUnitsForParent = "ListOrganizationalUnitsForParent" 7944 7945// ListOrganizationalUnitsForParentRequest generates a "aws/request.Request" representing the 7946// client's request for the ListOrganizationalUnitsForParent operation. The "output" return 7947// value will be populated with the request's response once the request completes 7948// successfully. 7949// 7950// Use "Send" method on the returned Request to send the API call to the service. 7951// the "output" return value is not valid until after Send returns without error. 7952// 7953// See ListOrganizationalUnitsForParent for more information on using the ListOrganizationalUnitsForParent 7954// API call, and error handling. 7955// 7956// This method is useful when you want to inject custom logic or configuration 7957// into the SDK's request lifecycle. Such as custom headers, or retry logic. 7958// 7959// 7960// // Example sending a request using the ListOrganizationalUnitsForParentRequest method. 7961// req, resp := client.ListOrganizationalUnitsForParentRequest(params) 7962// 7963// err := req.Send() 7964// if err == nil { // resp is now filled 7965// fmt.Println(resp) 7966// } 7967// 7968// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListOrganizationalUnitsForParent 7969func (c *Organizations) ListOrganizationalUnitsForParentRequest(input *ListOrganizationalUnitsForParentInput) (req *request.Request, output *ListOrganizationalUnitsForParentOutput) { 7970 op := &request.Operation{ 7971 Name: opListOrganizationalUnitsForParent, 7972 HTTPMethod: "POST", 7973 HTTPPath: "/", 7974 Paginator: &request.Paginator{ 7975 InputTokens: []string{"NextToken"}, 7976 OutputTokens: []string{"NextToken"}, 7977 LimitToken: "MaxResults", 7978 TruncationToken: "", 7979 }, 7980 } 7981 7982 if input == nil { 7983 input = &ListOrganizationalUnitsForParentInput{} 7984 } 7985 7986 output = &ListOrganizationalUnitsForParentOutput{} 7987 req = c.newRequest(op, input, output) 7988 return 7989} 7990 7991// ListOrganizationalUnitsForParent API operation for AWS Organizations. 7992// 7993// Lists the organizational units (OUs) in a parent organizational unit or root. 7994// 7995// Always check the NextToken response parameter for a null value when calling 7996// a List* operation. These operations can occasionally return an empty set 7997// of results even when there are more results available. The NextToken response 7998// parameter value is null only when there are no more results to display. 7999// 8000// This operation can be called only from the organization's master account. 8001// 8002// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 8003// with awserr.Error's Code and Message methods to get detailed information about 8004// the error. 8005// 8006// See the AWS API reference guide for AWS Organizations's 8007// API operation ListOrganizationalUnitsForParent for usage and error information. 8008// 8009// Returned Error Codes: 8010// * ErrCodeAccessDeniedException "AccessDeniedException" 8011// You don't have permissions to perform the requested operation. The user or 8012// role that is making the request must have at least one IAM permissions policy 8013// attached that grants the required permissions. For more information, see 8014// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 8015// in the IAM User Guide. 8016// 8017// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 8018// Your account isn't a member of an organization. To make this request, you 8019// must use the credentials of an account that belongs to an organization. 8020// 8021// * ErrCodeInvalidInputException "InvalidInputException" 8022// The requested operation failed because you provided invalid values for one 8023// or more of the request parameters. This exception includes a reason that 8024// contains additional information about the violated limit: 8025// 8026// Some of the reasons in the following list might not be applicable to this 8027// specific API or operation: 8028// 8029// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 8030// can't be modified. 8031// 8032// * INPUT_REQUIRED: You must include a value for all required parameters. 8033// 8034// * INVALID_ENUM: You specified an invalid value. 8035// 8036// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 8037// characters. 8038// 8039// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 8040// at least one invalid value. 8041// 8042// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 8043// from the response to a previous call of the operation. 8044// 8045// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 8046// organization, or email) as a party. 8047// 8048// * INVALID_PATTERN: You provided a value that doesn't match the required 8049// pattern. 8050// 8051// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 8052// match the required pattern. 8053// 8054// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 8055// name can't begin with the reserved prefix AWSServiceRoleFor. 8056// 8057// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 8058// Name (ARN) for the organization. 8059// 8060// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 8061// 8062// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 8063// tag. You can’t add, edit, or delete system tag keys because they're 8064// reserved for AWS use. System tags don’t count against your tags per 8065// resource limit. 8066// 8067// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 8068// for the operation. 8069// 8070// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 8071// than allowed. 8072// 8073// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 8074// value than allowed. 8075// 8076// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 8077// than allowed. 8078// 8079// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 8080// value than allowed. 8081// 8082// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 8083// between entities in the same root. 8084// 8085// * ErrCodeParentNotFoundException "ParentNotFoundException" 8086// We can't find a root or OU with the ParentId that you specified. 8087// 8088// * ErrCodeServiceException "ServiceException" 8089// AWS Organizations can't complete your request because of an internal service 8090// error. Try again later. 8091// 8092// * ErrCodeTooManyRequestsException "TooManyRequestsException" 8093// You have sent too many requests in too short a period of time. The limit 8094// helps protect against denial-of-service attacks. Try again later. 8095// 8096// For information on limits that affect AWS Organizations, see Limits of AWS 8097// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 8098// in the AWS Organizations User Guide. 8099// 8100// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListOrganizationalUnitsForParent 8101func (c *Organizations) ListOrganizationalUnitsForParent(input *ListOrganizationalUnitsForParentInput) (*ListOrganizationalUnitsForParentOutput, error) { 8102 req, out := c.ListOrganizationalUnitsForParentRequest(input) 8103 return out, req.Send() 8104} 8105 8106// ListOrganizationalUnitsForParentWithContext is the same as ListOrganizationalUnitsForParent with the addition of 8107// the ability to pass a context and additional request options. 8108// 8109// See ListOrganizationalUnitsForParent for details on how to use this API operation. 8110// 8111// The context must be non-nil and will be used for request cancellation. If 8112// the context is nil a panic will occur. In the future the SDK may create 8113// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8114// for more information on using Contexts. 8115func (c *Organizations) ListOrganizationalUnitsForParentWithContext(ctx aws.Context, input *ListOrganizationalUnitsForParentInput, opts ...request.Option) (*ListOrganizationalUnitsForParentOutput, error) { 8116 req, out := c.ListOrganizationalUnitsForParentRequest(input) 8117 req.SetContext(ctx) 8118 req.ApplyOptions(opts...) 8119 return out, req.Send() 8120} 8121 8122// ListOrganizationalUnitsForParentPages iterates over the pages of a ListOrganizationalUnitsForParent operation, 8123// calling the "fn" function with the response data for each page. To stop 8124// iterating, return false from the fn function. 8125// 8126// See ListOrganizationalUnitsForParent method for more information on how to use this operation. 8127// 8128// Note: This operation can generate multiple requests to a service. 8129// 8130// // Example iterating over at most 3 pages of a ListOrganizationalUnitsForParent operation. 8131// pageNum := 0 8132// err := client.ListOrganizationalUnitsForParentPages(params, 8133// func(page *organizations.ListOrganizationalUnitsForParentOutput, lastPage bool) bool { 8134// pageNum++ 8135// fmt.Println(page) 8136// return pageNum <= 3 8137// }) 8138// 8139func (c *Organizations) ListOrganizationalUnitsForParentPages(input *ListOrganizationalUnitsForParentInput, fn func(*ListOrganizationalUnitsForParentOutput, bool) bool) error { 8140 return c.ListOrganizationalUnitsForParentPagesWithContext(aws.BackgroundContext(), input, fn) 8141} 8142 8143// ListOrganizationalUnitsForParentPagesWithContext same as ListOrganizationalUnitsForParentPages except 8144// it takes a Context and allows setting request options on the pages. 8145// 8146// The context must be non-nil and will be used for request cancellation. If 8147// the context is nil a panic will occur. In the future the SDK may create 8148// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8149// for more information on using Contexts. 8150func (c *Organizations) ListOrganizationalUnitsForParentPagesWithContext(ctx aws.Context, input *ListOrganizationalUnitsForParentInput, fn func(*ListOrganizationalUnitsForParentOutput, bool) bool, opts ...request.Option) error { 8151 p := request.Pagination{ 8152 NewRequest: func() (*request.Request, error) { 8153 var inCpy *ListOrganizationalUnitsForParentInput 8154 if input != nil { 8155 tmp := *input 8156 inCpy = &tmp 8157 } 8158 req, _ := c.ListOrganizationalUnitsForParentRequest(inCpy) 8159 req.SetContext(ctx) 8160 req.ApplyOptions(opts...) 8161 return req, nil 8162 }, 8163 } 8164 8165 cont := true 8166 for p.Next() && cont { 8167 cont = fn(p.Page().(*ListOrganizationalUnitsForParentOutput), !p.HasNextPage()) 8168 } 8169 return p.Err() 8170} 8171 8172const opListParents = "ListParents" 8173 8174// ListParentsRequest generates a "aws/request.Request" representing the 8175// client's request for the ListParents operation. The "output" return 8176// value will be populated with the request's response once the request completes 8177// successfully. 8178// 8179// Use "Send" method on the returned Request to send the API call to the service. 8180// the "output" return value is not valid until after Send returns without error. 8181// 8182// See ListParents for more information on using the ListParents 8183// API call, and error handling. 8184// 8185// This method is useful when you want to inject custom logic or configuration 8186// into the SDK's request lifecycle. Such as custom headers, or retry logic. 8187// 8188// 8189// // Example sending a request using the ListParentsRequest method. 8190// req, resp := client.ListParentsRequest(params) 8191// 8192// err := req.Send() 8193// if err == nil { // resp is now filled 8194// fmt.Println(resp) 8195// } 8196// 8197// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListParents 8198func (c *Organizations) ListParentsRequest(input *ListParentsInput) (req *request.Request, output *ListParentsOutput) { 8199 op := &request.Operation{ 8200 Name: opListParents, 8201 HTTPMethod: "POST", 8202 HTTPPath: "/", 8203 Paginator: &request.Paginator{ 8204 InputTokens: []string{"NextToken"}, 8205 OutputTokens: []string{"NextToken"}, 8206 LimitToken: "MaxResults", 8207 TruncationToken: "", 8208 }, 8209 } 8210 8211 if input == nil { 8212 input = &ListParentsInput{} 8213 } 8214 8215 output = &ListParentsOutput{} 8216 req = c.newRequest(op, input, output) 8217 return 8218} 8219 8220// ListParents API operation for AWS Organizations. 8221// 8222// Lists the root or organizational units (OUs) that serve as the immediate 8223// parent of the specified child OU or account. This operation, along with ListChildren 8224// enables you to traverse the tree structure that makes up this root. 8225// 8226// Always check the NextToken response parameter for a null value when calling 8227// a List* operation. These operations can occasionally return an empty set 8228// of results even when there are more results available. The NextToken response 8229// parameter value is null only when there are no more results to display. 8230// 8231// This operation can be called only from the organization's master account. 8232// 8233// In the current release, a child can have only a single parent. 8234// 8235// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 8236// with awserr.Error's Code and Message methods to get detailed information about 8237// the error. 8238// 8239// See the AWS API reference guide for AWS Organizations's 8240// API operation ListParents for usage and error information. 8241// 8242// Returned Error Codes: 8243// * ErrCodeAccessDeniedException "AccessDeniedException" 8244// You don't have permissions to perform the requested operation. The user or 8245// role that is making the request must have at least one IAM permissions policy 8246// attached that grants the required permissions. For more information, see 8247// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 8248// in the IAM User Guide. 8249// 8250// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 8251// Your account isn't a member of an organization. To make this request, you 8252// must use the credentials of an account that belongs to an organization. 8253// 8254// * ErrCodeChildNotFoundException "ChildNotFoundException" 8255// We can't find an organizational unit (OU) or AWS account with the ChildId 8256// that you specified. 8257// 8258// * ErrCodeInvalidInputException "InvalidInputException" 8259// The requested operation failed because you provided invalid values for one 8260// or more of the request parameters. This exception includes a reason that 8261// contains additional information about the violated limit: 8262// 8263// Some of the reasons in the following list might not be applicable to this 8264// specific API or operation: 8265// 8266// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 8267// can't be modified. 8268// 8269// * INPUT_REQUIRED: You must include a value for all required parameters. 8270// 8271// * INVALID_ENUM: You specified an invalid value. 8272// 8273// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 8274// characters. 8275// 8276// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 8277// at least one invalid value. 8278// 8279// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 8280// from the response to a previous call of the operation. 8281// 8282// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 8283// organization, or email) as a party. 8284// 8285// * INVALID_PATTERN: You provided a value that doesn't match the required 8286// pattern. 8287// 8288// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 8289// match the required pattern. 8290// 8291// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 8292// name can't begin with the reserved prefix AWSServiceRoleFor. 8293// 8294// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 8295// Name (ARN) for the organization. 8296// 8297// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 8298// 8299// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 8300// tag. You can’t add, edit, or delete system tag keys because they're 8301// reserved for AWS use. System tags don’t count against your tags per 8302// resource limit. 8303// 8304// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 8305// for the operation. 8306// 8307// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 8308// than allowed. 8309// 8310// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 8311// value than allowed. 8312// 8313// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 8314// than allowed. 8315// 8316// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 8317// value than allowed. 8318// 8319// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 8320// between entities in the same root. 8321// 8322// * ErrCodeServiceException "ServiceException" 8323// AWS Organizations can't complete your request because of an internal service 8324// error. Try again later. 8325// 8326// * ErrCodeTooManyRequestsException "TooManyRequestsException" 8327// You have sent too many requests in too short a period of time. The limit 8328// helps protect against denial-of-service attacks. Try again later. 8329// 8330// For information on limits that affect AWS Organizations, see Limits of AWS 8331// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 8332// in the AWS Organizations User Guide. 8333// 8334// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListParents 8335func (c *Organizations) ListParents(input *ListParentsInput) (*ListParentsOutput, error) { 8336 req, out := c.ListParentsRequest(input) 8337 return out, req.Send() 8338} 8339 8340// ListParentsWithContext is the same as ListParents with the addition of 8341// the ability to pass a context and additional request options. 8342// 8343// See ListParents for details on how to use this API operation. 8344// 8345// The context must be non-nil and will be used for request cancellation. If 8346// the context is nil a panic will occur. In the future the SDK may create 8347// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8348// for more information on using Contexts. 8349func (c *Organizations) ListParentsWithContext(ctx aws.Context, input *ListParentsInput, opts ...request.Option) (*ListParentsOutput, error) { 8350 req, out := c.ListParentsRequest(input) 8351 req.SetContext(ctx) 8352 req.ApplyOptions(opts...) 8353 return out, req.Send() 8354} 8355 8356// ListParentsPages iterates over the pages of a ListParents operation, 8357// calling the "fn" function with the response data for each page. To stop 8358// iterating, return false from the fn function. 8359// 8360// See ListParents method for more information on how to use this operation. 8361// 8362// Note: This operation can generate multiple requests to a service. 8363// 8364// // Example iterating over at most 3 pages of a ListParents operation. 8365// pageNum := 0 8366// err := client.ListParentsPages(params, 8367// func(page *organizations.ListParentsOutput, lastPage bool) bool { 8368// pageNum++ 8369// fmt.Println(page) 8370// return pageNum <= 3 8371// }) 8372// 8373func (c *Organizations) ListParentsPages(input *ListParentsInput, fn func(*ListParentsOutput, bool) bool) error { 8374 return c.ListParentsPagesWithContext(aws.BackgroundContext(), input, fn) 8375} 8376 8377// ListParentsPagesWithContext same as ListParentsPages except 8378// it takes a Context and allows setting request options on the pages. 8379// 8380// The context must be non-nil and will be used for request cancellation. If 8381// the context is nil a panic will occur. In the future the SDK may create 8382// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8383// for more information on using Contexts. 8384func (c *Organizations) ListParentsPagesWithContext(ctx aws.Context, input *ListParentsInput, fn func(*ListParentsOutput, bool) bool, opts ...request.Option) error { 8385 p := request.Pagination{ 8386 NewRequest: func() (*request.Request, error) { 8387 var inCpy *ListParentsInput 8388 if input != nil { 8389 tmp := *input 8390 inCpy = &tmp 8391 } 8392 req, _ := c.ListParentsRequest(inCpy) 8393 req.SetContext(ctx) 8394 req.ApplyOptions(opts...) 8395 return req, nil 8396 }, 8397 } 8398 8399 cont := true 8400 for p.Next() && cont { 8401 cont = fn(p.Page().(*ListParentsOutput), !p.HasNextPage()) 8402 } 8403 return p.Err() 8404} 8405 8406const opListPolicies = "ListPolicies" 8407 8408// ListPoliciesRequest generates a "aws/request.Request" representing the 8409// client's request for the ListPolicies operation. The "output" return 8410// value will be populated with the request's response once the request completes 8411// successfully. 8412// 8413// Use "Send" method on the returned Request to send the API call to the service. 8414// the "output" return value is not valid until after Send returns without error. 8415// 8416// See ListPolicies for more information on using the ListPolicies 8417// API call, and error handling. 8418// 8419// This method is useful when you want to inject custom logic or configuration 8420// into the SDK's request lifecycle. Such as custom headers, or retry logic. 8421// 8422// 8423// // Example sending a request using the ListPoliciesRequest method. 8424// req, resp := client.ListPoliciesRequest(params) 8425// 8426// err := req.Send() 8427// if err == nil { // resp is now filled 8428// fmt.Println(resp) 8429// } 8430// 8431// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPolicies 8432func (c *Organizations) ListPoliciesRequest(input *ListPoliciesInput) (req *request.Request, output *ListPoliciesOutput) { 8433 op := &request.Operation{ 8434 Name: opListPolicies, 8435 HTTPMethod: "POST", 8436 HTTPPath: "/", 8437 Paginator: &request.Paginator{ 8438 InputTokens: []string{"NextToken"}, 8439 OutputTokens: []string{"NextToken"}, 8440 LimitToken: "MaxResults", 8441 TruncationToken: "", 8442 }, 8443 } 8444 8445 if input == nil { 8446 input = &ListPoliciesInput{} 8447 } 8448 8449 output = &ListPoliciesOutput{} 8450 req = c.newRequest(op, input, output) 8451 return 8452} 8453 8454// ListPolicies API operation for AWS Organizations. 8455// 8456// Retrieves the list of all policies in an organization of a specified type. 8457// 8458// Always check the NextToken response parameter for a null value when calling 8459// a List* operation. These operations can occasionally return an empty set 8460// of results even when there are more results available. The NextToken response 8461// parameter value is null only when there are no more results to display. 8462// 8463// This operation can be called only from the organization's master account. 8464// 8465// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 8466// with awserr.Error's Code and Message methods to get detailed information about 8467// the error. 8468// 8469// See the AWS API reference guide for AWS Organizations's 8470// API operation ListPolicies for usage and error information. 8471// 8472// Returned Error Codes: 8473// * ErrCodeAccessDeniedException "AccessDeniedException" 8474// You don't have permissions to perform the requested operation. The user or 8475// role that is making the request must have at least one IAM permissions policy 8476// attached that grants the required permissions. For more information, see 8477// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 8478// in the IAM User Guide. 8479// 8480// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 8481// Your account isn't a member of an organization. To make this request, you 8482// must use the credentials of an account that belongs to an organization. 8483// 8484// * ErrCodeInvalidInputException "InvalidInputException" 8485// The requested operation failed because you provided invalid values for one 8486// or more of the request parameters. This exception includes a reason that 8487// contains additional information about the violated limit: 8488// 8489// Some of the reasons in the following list might not be applicable to this 8490// specific API or operation: 8491// 8492// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 8493// can't be modified. 8494// 8495// * INPUT_REQUIRED: You must include a value for all required parameters. 8496// 8497// * INVALID_ENUM: You specified an invalid value. 8498// 8499// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 8500// characters. 8501// 8502// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 8503// at least one invalid value. 8504// 8505// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 8506// from the response to a previous call of the operation. 8507// 8508// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 8509// organization, or email) as a party. 8510// 8511// * INVALID_PATTERN: You provided a value that doesn't match the required 8512// pattern. 8513// 8514// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 8515// match the required pattern. 8516// 8517// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 8518// name can't begin with the reserved prefix AWSServiceRoleFor. 8519// 8520// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 8521// Name (ARN) for the organization. 8522// 8523// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 8524// 8525// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 8526// tag. You can’t add, edit, or delete system tag keys because they're 8527// reserved for AWS use. System tags don’t count against your tags per 8528// resource limit. 8529// 8530// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 8531// for the operation. 8532// 8533// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 8534// than allowed. 8535// 8536// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 8537// value than allowed. 8538// 8539// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 8540// than allowed. 8541// 8542// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 8543// value than allowed. 8544// 8545// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 8546// between entities in the same root. 8547// 8548// * ErrCodeServiceException "ServiceException" 8549// AWS Organizations can't complete your request because of an internal service 8550// error. Try again later. 8551// 8552// * ErrCodeTooManyRequestsException "TooManyRequestsException" 8553// You have sent too many requests in too short a period of time. The limit 8554// helps protect against denial-of-service attacks. Try again later. 8555// 8556// For information on limits that affect AWS Organizations, see Limits of AWS 8557// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 8558// in the AWS Organizations User Guide. 8559// 8560// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPolicies 8561func (c *Organizations) ListPolicies(input *ListPoliciesInput) (*ListPoliciesOutput, error) { 8562 req, out := c.ListPoliciesRequest(input) 8563 return out, req.Send() 8564} 8565 8566// ListPoliciesWithContext is the same as ListPolicies with the addition of 8567// the ability to pass a context and additional request options. 8568// 8569// See ListPolicies for details on how to use this API operation. 8570// 8571// The context must be non-nil and will be used for request cancellation. If 8572// the context is nil a panic will occur. In the future the SDK may create 8573// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8574// for more information on using Contexts. 8575func (c *Organizations) ListPoliciesWithContext(ctx aws.Context, input *ListPoliciesInput, opts ...request.Option) (*ListPoliciesOutput, error) { 8576 req, out := c.ListPoliciesRequest(input) 8577 req.SetContext(ctx) 8578 req.ApplyOptions(opts...) 8579 return out, req.Send() 8580} 8581 8582// ListPoliciesPages iterates over the pages of a ListPolicies operation, 8583// calling the "fn" function with the response data for each page. To stop 8584// iterating, return false from the fn function. 8585// 8586// See ListPolicies method for more information on how to use this operation. 8587// 8588// Note: This operation can generate multiple requests to a service. 8589// 8590// // Example iterating over at most 3 pages of a ListPolicies operation. 8591// pageNum := 0 8592// err := client.ListPoliciesPages(params, 8593// func(page *organizations.ListPoliciesOutput, lastPage bool) bool { 8594// pageNum++ 8595// fmt.Println(page) 8596// return pageNum <= 3 8597// }) 8598// 8599func (c *Organizations) ListPoliciesPages(input *ListPoliciesInput, fn func(*ListPoliciesOutput, bool) bool) error { 8600 return c.ListPoliciesPagesWithContext(aws.BackgroundContext(), input, fn) 8601} 8602 8603// ListPoliciesPagesWithContext same as ListPoliciesPages except 8604// it takes a Context and allows setting request options on the pages. 8605// 8606// The context must be non-nil and will be used for request cancellation. If 8607// the context is nil a panic will occur. In the future the SDK may create 8608// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8609// for more information on using Contexts. 8610func (c *Organizations) ListPoliciesPagesWithContext(ctx aws.Context, input *ListPoliciesInput, fn func(*ListPoliciesOutput, bool) bool, opts ...request.Option) error { 8611 p := request.Pagination{ 8612 NewRequest: func() (*request.Request, error) { 8613 var inCpy *ListPoliciesInput 8614 if input != nil { 8615 tmp := *input 8616 inCpy = &tmp 8617 } 8618 req, _ := c.ListPoliciesRequest(inCpy) 8619 req.SetContext(ctx) 8620 req.ApplyOptions(opts...) 8621 return req, nil 8622 }, 8623 } 8624 8625 cont := true 8626 for p.Next() && cont { 8627 cont = fn(p.Page().(*ListPoliciesOutput), !p.HasNextPage()) 8628 } 8629 return p.Err() 8630} 8631 8632const opListPoliciesForTarget = "ListPoliciesForTarget" 8633 8634// ListPoliciesForTargetRequest generates a "aws/request.Request" representing the 8635// client's request for the ListPoliciesForTarget operation. The "output" return 8636// value will be populated with the request's response once the request completes 8637// successfully. 8638// 8639// Use "Send" method on the returned Request to send the API call to the service. 8640// the "output" return value is not valid until after Send returns without error. 8641// 8642// See ListPoliciesForTarget for more information on using the ListPoliciesForTarget 8643// API call, and error handling. 8644// 8645// This method is useful when you want to inject custom logic or configuration 8646// into the SDK's request lifecycle. Such as custom headers, or retry logic. 8647// 8648// 8649// // Example sending a request using the ListPoliciesForTargetRequest method. 8650// req, resp := client.ListPoliciesForTargetRequest(params) 8651// 8652// err := req.Send() 8653// if err == nil { // resp is now filled 8654// fmt.Println(resp) 8655// } 8656// 8657// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPoliciesForTarget 8658func (c *Organizations) ListPoliciesForTargetRequest(input *ListPoliciesForTargetInput) (req *request.Request, output *ListPoliciesForTargetOutput) { 8659 op := &request.Operation{ 8660 Name: opListPoliciesForTarget, 8661 HTTPMethod: "POST", 8662 HTTPPath: "/", 8663 Paginator: &request.Paginator{ 8664 InputTokens: []string{"NextToken"}, 8665 OutputTokens: []string{"NextToken"}, 8666 LimitToken: "MaxResults", 8667 TruncationToken: "", 8668 }, 8669 } 8670 8671 if input == nil { 8672 input = &ListPoliciesForTargetInput{} 8673 } 8674 8675 output = &ListPoliciesForTargetOutput{} 8676 req = c.newRequest(op, input, output) 8677 return 8678} 8679 8680// ListPoliciesForTarget API operation for AWS Organizations. 8681// 8682// Lists the policies that are directly attached to the specified target root, 8683// organizational unit (OU), or account. You must specify the policy type that 8684// you want included in the returned list. 8685// 8686// Always check the NextToken response parameter for a null value when calling 8687// a List* operation. These operations can occasionally return an empty set 8688// of results even when there are more results available. The NextToken response 8689// parameter value is null only when there are no more results to display. 8690// 8691// This operation can be called only from the organization's master account. 8692// 8693// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 8694// with awserr.Error's Code and Message methods to get detailed information about 8695// the error. 8696// 8697// See the AWS API reference guide for AWS Organizations's 8698// API operation ListPoliciesForTarget for usage and error information. 8699// 8700// Returned Error Codes: 8701// * ErrCodeAccessDeniedException "AccessDeniedException" 8702// You don't have permissions to perform the requested operation. The user or 8703// role that is making the request must have at least one IAM permissions policy 8704// attached that grants the required permissions. For more information, see 8705// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 8706// in the IAM User Guide. 8707// 8708// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 8709// Your account isn't a member of an organization. To make this request, you 8710// must use the credentials of an account that belongs to an organization. 8711// 8712// * ErrCodeInvalidInputException "InvalidInputException" 8713// The requested operation failed because you provided invalid values for one 8714// or more of the request parameters. This exception includes a reason that 8715// contains additional information about the violated limit: 8716// 8717// Some of the reasons in the following list might not be applicable to this 8718// specific API or operation: 8719// 8720// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 8721// can't be modified. 8722// 8723// * INPUT_REQUIRED: You must include a value for all required parameters. 8724// 8725// * INVALID_ENUM: You specified an invalid value. 8726// 8727// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 8728// characters. 8729// 8730// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 8731// at least one invalid value. 8732// 8733// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 8734// from the response to a previous call of the operation. 8735// 8736// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 8737// organization, or email) as a party. 8738// 8739// * INVALID_PATTERN: You provided a value that doesn't match the required 8740// pattern. 8741// 8742// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 8743// match the required pattern. 8744// 8745// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 8746// name can't begin with the reserved prefix AWSServiceRoleFor. 8747// 8748// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 8749// Name (ARN) for the organization. 8750// 8751// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 8752// 8753// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 8754// tag. You can’t add, edit, or delete system tag keys because they're 8755// reserved for AWS use. System tags don’t count against your tags per 8756// resource limit. 8757// 8758// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 8759// for the operation. 8760// 8761// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 8762// than allowed. 8763// 8764// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 8765// value than allowed. 8766// 8767// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 8768// than allowed. 8769// 8770// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 8771// value than allowed. 8772// 8773// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 8774// between entities in the same root. 8775// 8776// * ErrCodeServiceException "ServiceException" 8777// AWS Organizations can't complete your request because of an internal service 8778// error. Try again later. 8779// 8780// * ErrCodeTargetNotFoundException "TargetNotFoundException" 8781// We can't find a root, OU, or account with the TargetId that you specified. 8782// 8783// * ErrCodeTooManyRequestsException "TooManyRequestsException" 8784// You have sent too many requests in too short a period of time. The limit 8785// helps protect against denial-of-service attacks. Try again later. 8786// 8787// For information on limits that affect AWS Organizations, see Limits of AWS 8788// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 8789// in the AWS Organizations User Guide. 8790// 8791// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPoliciesForTarget 8792func (c *Organizations) ListPoliciesForTarget(input *ListPoliciesForTargetInput) (*ListPoliciesForTargetOutput, error) { 8793 req, out := c.ListPoliciesForTargetRequest(input) 8794 return out, req.Send() 8795} 8796 8797// ListPoliciesForTargetWithContext is the same as ListPoliciesForTarget with the addition of 8798// the ability to pass a context and additional request options. 8799// 8800// See ListPoliciesForTarget for details on how to use this API operation. 8801// 8802// The context must be non-nil and will be used for request cancellation. If 8803// the context is nil a panic will occur. In the future the SDK may create 8804// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8805// for more information on using Contexts. 8806func (c *Organizations) ListPoliciesForTargetWithContext(ctx aws.Context, input *ListPoliciesForTargetInput, opts ...request.Option) (*ListPoliciesForTargetOutput, error) { 8807 req, out := c.ListPoliciesForTargetRequest(input) 8808 req.SetContext(ctx) 8809 req.ApplyOptions(opts...) 8810 return out, req.Send() 8811} 8812 8813// ListPoliciesForTargetPages iterates over the pages of a ListPoliciesForTarget operation, 8814// calling the "fn" function with the response data for each page. To stop 8815// iterating, return false from the fn function. 8816// 8817// See ListPoliciesForTarget method for more information on how to use this operation. 8818// 8819// Note: This operation can generate multiple requests to a service. 8820// 8821// // Example iterating over at most 3 pages of a ListPoliciesForTarget operation. 8822// pageNum := 0 8823// err := client.ListPoliciesForTargetPages(params, 8824// func(page *organizations.ListPoliciesForTargetOutput, lastPage bool) bool { 8825// pageNum++ 8826// fmt.Println(page) 8827// return pageNum <= 3 8828// }) 8829// 8830func (c *Organizations) ListPoliciesForTargetPages(input *ListPoliciesForTargetInput, fn func(*ListPoliciesForTargetOutput, bool) bool) error { 8831 return c.ListPoliciesForTargetPagesWithContext(aws.BackgroundContext(), input, fn) 8832} 8833 8834// ListPoliciesForTargetPagesWithContext same as ListPoliciesForTargetPages except 8835// it takes a Context and allows setting request options on the pages. 8836// 8837// The context must be non-nil and will be used for request cancellation. If 8838// the context is nil a panic will occur. In the future the SDK may create 8839// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8840// for more information on using Contexts. 8841func (c *Organizations) ListPoliciesForTargetPagesWithContext(ctx aws.Context, input *ListPoliciesForTargetInput, fn func(*ListPoliciesForTargetOutput, bool) bool, opts ...request.Option) error { 8842 p := request.Pagination{ 8843 NewRequest: func() (*request.Request, error) { 8844 var inCpy *ListPoliciesForTargetInput 8845 if input != nil { 8846 tmp := *input 8847 inCpy = &tmp 8848 } 8849 req, _ := c.ListPoliciesForTargetRequest(inCpy) 8850 req.SetContext(ctx) 8851 req.ApplyOptions(opts...) 8852 return req, nil 8853 }, 8854 } 8855 8856 cont := true 8857 for p.Next() && cont { 8858 cont = fn(p.Page().(*ListPoliciesForTargetOutput), !p.HasNextPage()) 8859 } 8860 return p.Err() 8861} 8862 8863const opListRoots = "ListRoots" 8864 8865// ListRootsRequest generates a "aws/request.Request" representing the 8866// client's request for the ListRoots operation. The "output" return 8867// value will be populated with the request's response once the request completes 8868// successfully. 8869// 8870// Use "Send" method on the returned Request to send the API call to the service. 8871// the "output" return value is not valid until after Send returns without error. 8872// 8873// See ListRoots for more information on using the ListRoots 8874// API call, and error handling. 8875// 8876// This method is useful when you want to inject custom logic or configuration 8877// into the SDK's request lifecycle. Such as custom headers, or retry logic. 8878// 8879// 8880// // Example sending a request using the ListRootsRequest method. 8881// req, resp := client.ListRootsRequest(params) 8882// 8883// err := req.Send() 8884// if err == nil { // resp is now filled 8885// fmt.Println(resp) 8886// } 8887// 8888// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListRoots 8889func (c *Organizations) ListRootsRequest(input *ListRootsInput) (req *request.Request, output *ListRootsOutput) { 8890 op := &request.Operation{ 8891 Name: opListRoots, 8892 HTTPMethod: "POST", 8893 HTTPPath: "/", 8894 Paginator: &request.Paginator{ 8895 InputTokens: []string{"NextToken"}, 8896 OutputTokens: []string{"NextToken"}, 8897 LimitToken: "MaxResults", 8898 TruncationToken: "", 8899 }, 8900 } 8901 8902 if input == nil { 8903 input = &ListRootsInput{} 8904 } 8905 8906 output = &ListRootsOutput{} 8907 req = c.newRequest(op, input, output) 8908 return 8909} 8910 8911// ListRoots API operation for AWS Organizations. 8912// 8913// Lists the roots that are defined in the current organization. 8914// 8915// Always check the NextToken response parameter for a null value when calling 8916// a List* operation. These operations can occasionally return an empty set 8917// of results even when there are more results available. The NextToken response 8918// parameter value is null only when there are no more results to display. 8919// 8920// This operation can be called only from the organization's master account. 8921// 8922// Policy types can be enabled and disabled in roots. This is distinct from 8923// whether they're available in the organization. When you enable all features, 8924// you make policy types available for use in that organization. Individual 8925// policy types can then be enabled and disabled in a root. To see the availability 8926// of a policy type in an organization, use DescribeOrganization. 8927// 8928// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 8929// with awserr.Error's Code and Message methods to get detailed information about 8930// the error. 8931// 8932// See the AWS API reference guide for AWS Organizations's 8933// API operation ListRoots for usage and error information. 8934// 8935// Returned Error Codes: 8936// * ErrCodeAccessDeniedException "AccessDeniedException" 8937// You don't have permissions to perform the requested operation. The user or 8938// role that is making the request must have at least one IAM permissions policy 8939// attached that grants the required permissions. For more information, see 8940// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 8941// in the IAM User Guide. 8942// 8943// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 8944// Your account isn't a member of an organization. To make this request, you 8945// must use the credentials of an account that belongs to an organization. 8946// 8947// * ErrCodeInvalidInputException "InvalidInputException" 8948// The requested operation failed because you provided invalid values for one 8949// or more of the request parameters. This exception includes a reason that 8950// contains additional information about the violated limit: 8951// 8952// Some of the reasons in the following list might not be applicable to this 8953// specific API or operation: 8954// 8955// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 8956// can't be modified. 8957// 8958// * INPUT_REQUIRED: You must include a value for all required parameters. 8959// 8960// * INVALID_ENUM: You specified an invalid value. 8961// 8962// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 8963// characters. 8964// 8965// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 8966// at least one invalid value. 8967// 8968// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 8969// from the response to a previous call of the operation. 8970// 8971// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 8972// organization, or email) as a party. 8973// 8974// * INVALID_PATTERN: You provided a value that doesn't match the required 8975// pattern. 8976// 8977// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 8978// match the required pattern. 8979// 8980// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 8981// name can't begin with the reserved prefix AWSServiceRoleFor. 8982// 8983// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 8984// Name (ARN) for the organization. 8985// 8986// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 8987// 8988// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 8989// tag. You can’t add, edit, or delete system tag keys because they're 8990// reserved for AWS use. System tags don’t count against your tags per 8991// resource limit. 8992// 8993// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 8994// for the operation. 8995// 8996// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 8997// than allowed. 8998// 8999// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 9000// value than allowed. 9001// 9002// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 9003// than allowed. 9004// 9005// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 9006// value than allowed. 9007// 9008// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 9009// between entities in the same root. 9010// 9011// * ErrCodeServiceException "ServiceException" 9012// AWS Organizations can't complete your request because of an internal service 9013// error. Try again later. 9014// 9015// * ErrCodeTooManyRequestsException "TooManyRequestsException" 9016// You have sent too many requests in too short a period of time. The limit 9017// helps protect against denial-of-service attacks. Try again later. 9018// 9019// For information on limits that affect AWS Organizations, see Limits of AWS 9020// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 9021// in the AWS Organizations User Guide. 9022// 9023// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListRoots 9024func (c *Organizations) ListRoots(input *ListRootsInput) (*ListRootsOutput, error) { 9025 req, out := c.ListRootsRequest(input) 9026 return out, req.Send() 9027} 9028 9029// ListRootsWithContext is the same as ListRoots with the addition of 9030// the ability to pass a context and additional request options. 9031// 9032// See ListRoots for details on how to use this API operation. 9033// 9034// The context must be non-nil and will be used for request cancellation. If 9035// the context is nil a panic will occur. In the future the SDK may create 9036// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9037// for more information on using Contexts. 9038func (c *Organizations) ListRootsWithContext(ctx aws.Context, input *ListRootsInput, opts ...request.Option) (*ListRootsOutput, error) { 9039 req, out := c.ListRootsRequest(input) 9040 req.SetContext(ctx) 9041 req.ApplyOptions(opts...) 9042 return out, req.Send() 9043} 9044 9045// ListRootsPages iterates over the pages of a ListRoots operation, 9046// calling the "fn" function with the response data for each page. To stop 9047// iterating, return false from the fn function. 9048// 9049// See ListRoots method for more information on how to use this operation. 9050// 9051// Note: This operation can generate multiple requests to a service. 9052// 9053// // Example iterating over at most 3 pages of a ListRoots operation. 9054// pageNum := 0 9055// err := client.ListRootsPages(params, 9056// func(page *organizations.ListRootsOutput, lastPage bool) bool { 9057// pageNum++ 9058// fmt.Println(page) 9059// return pageNum <= 3 9060// }) 9061// 9062func (c *Organizations) ListRootsPages(input *ListRootsInput, fn func(*ListRootsOutput, bool) bool) error { 9063 return c.ListRootsPagesWithContext(aws.BackgroundContext(), input, fn) 9064} 9065 9066// ListRootsPagesWithContext same as ListRootsPages except 9067// it takes a Context and allows setting request options on the pages. 9068// 9069// The context must be non-nil and will be used for request cancellation. If 9070// the context is nil a panic will occur. In the future the SDK may create 9071// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9072// for more information on using Contexts. 9073func (c *Organizations) ListRootsPagesWithContext(ctx aws.Context, input *ListRootsInput, fn func(*ListRootsOutput, bool) bool, opts ...request.Option) error { 9074 p := request.Pagination{ 9075 NewRequest: func() (*request.Request, error) { 9076 var inCpy *ListRootsInput 9077 if input != nil { 9078 tmp := *input 9079 inCpy = &tmp 9080 } 9081 req, _ := c.ListRootsRequest(inCpy) 9082 req.SetContext(ctx) 9083 req.ApplyOptions(opts...) 9084 return req, nil 9085 }, 9086 } 9087 9088 cont := true 9089 for p.Next() && cont { 9090 cont = fn(p.Page().(*ListRootsOutput), !p.HasNextPage()) 9091 } 9092 return p.Err() 9093} 9094 9095const opListTagsForResource = "ListTagsForResource" 9096 9097// ListTagsForResourceRequest generates a "aws/request.Request" representing the 9098// client's request for the ListTagsForResource operation. The "output" return 9099// value will be populated with the request's response once the request completes 9100// successfully. 9101// 9102// Use "Send" method on the returned Request to send the API call to the service. 9103// the "output" return value is not valid until after Send returns without error. 9104// 9105// See ListTagsForResource for more information on using the ListTagsForResource 9106// API call, and error handling. 9107// 9108// This method is useful when you want to inject custom logic or configuration 9109// into the SDK's request lifecycle. Such as custom headers, or retry logic. 9110// 9111// 9112// // Example sending a request using the ListTagsForResourceRequest method. 9113// req, resp := client.ListTagsForResourceRequest(params) 9114// 9115// err := req.Send() 9116// if err == nil { // resp is now filled 9117// fmt.Println(resp) 9118// } 9119// 9120// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTagsForResource 9121func (c *Organizations) ListTagsForResourceRequest(input *ListTagsForResourceInput) (req *request.Request, output *ListTagsForResourceOutput) { 9122 op := &request.Operation{ 9123 Name: opListTagsForResource, 9124 HTTPMethod: "POST", 9125 HTTPPath: "/", 9126 Paginator: &request.Paginator{ 9127 InputTokens: []string{"NextToken"}, 9128 OutputTokens: []string{"NextToken"}, 9129 LimitToken: "", 9130 TruncationToken: "", 9131 }, 9132 } 9133 9134 if input == nil { 9135 input = &ListTagsForResourceInput{} 9136 } 9137 9138 output = &ListTagsForResourceOutput{} 9139 req = c.newRequest(op, input, output) 9140 return 9141} 9142 9143// ListTagsForResource API operation for AWS Organizations. 9144// 9145// Lists tags for the specified resource. 9146// 9147// Currently, you can list tags on an account in AWS Organizations. 9148// 9149// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 9150// with awserr.Error's Code and Message methods to get detailed information about 9151// the error. 9152// 9153// See the AWS API reference guide for AWS Organizations's 9154// API operation ListTagsForResource for usage and error information. 9155// 9156// Returned Error Codes: 9157// * ErrCodeAccessDeniedException "AccessDeniedException" 9158// You don't have permissions to perform the requested operation. The user or 9159// role that is making the request must have at least one IAM permissions policy 9160// attached that grants the required permissions. For more information, see 9161// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 9162// in the IAM User Guide. 9163// 9164// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 9165// Your account isn't a member of an organization. To make this request, you 9166// must use the credentials of an account that belongs to an organization. 9167// 9168// * ErrCodeTargetNotFoundException "TargetNotFoundException" 9169// We can't find a root, OU, or account with the TargetId that you specified. 9170// 9171// * ErrCodeInvalidInputException "InvalidInputException" 9172// The requested operation failed because you provided invalid values for one 9173// or more of the request parameters. This exception includes a reason that 9174// contains additional information about the violated limit: 9175// 9176// Some of the reasons in the following list might not be applicable to this 9177// specific API or operation: 9178// 9179// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 9180// can't be modified. 9181// 9182// * INPUT_REQUIRED: You must include a value for all required parameters. 9183// 9184// * INVALID_ENUM: You specified an invalid value. 9185// 9186// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 9187// characters. 9188// 9189// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 9190// at least one invalid value. 9191// 9192// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 9193// from the response to a previous call of the operation. 9194// 9195// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 9196// organization, or email) as a party. 9197// 9198// * INVALID_PATTERN: You provided a value that doesn't match the required 9199// pattern. 9200// 9201// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 9202// match the required pattern. 9203// 9204// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 9205// name can't begin with the reserved prefix AWSServiceRoleFor. 9206// 9207// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 9208// Name (ARN) for the organization. 9209// 9210// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 9211// 9212// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 9213// tag. You can’t add, edit, or delete system tag keys because they're 9214// reserved for AWS use. System tags don’t count against your tags per 9215// resource limit. 9216// 9217// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 9218// for the operation. 9219// 9220// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 9221// than allowed. 9222// 9223// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 9224// value than allowed. 9225// 9226// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 9227// than allowed. 9228// 9229// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 9230// value than allowed. 9231// 9232// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 9233// between entities in the same root. 9234// 9235// * ErrCodeServiceException "ServiceException" 9236// AWS Organizations can't complete your request because of an internal service 9237// error. Try again later. 9238// 9239// * ErrCodeTooManyRequestsException "TooManyRequestsException" 9240// You have sent too many requests in too short a period of time. The limit 9241// helps protect against denial-of-service attacks. Try again later. 9242// 9243// For information on limits that affect AWS Organizations, see Limits of AWS 9244// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 9245// in the AWS Organizations User Guide. 9246// 9247// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTagsForResource 9248func (c *Organizations) ListTagsForResource(input *ListTagsForResourceInput) (*ListTagsForResourceOutput, error) { 9249 req, out := c.ListTagsForResourceRequest(input) 9250 return out, req.Send() 9251} 9252 9253// ListTagsForResourceWithContext is the same as ListTagsForResource with the addition of 9254// the ability to pass a context and additional request options. 9255// 9256// See ListTagsForResource for details on how to use this API operation. 9257// 9258// The context must be non-nil and will be used for request cancellation. If 9259// the context is nil a panic will occur. In the future the SDK may create 9260// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9261// for more information on using Contexts. 9262func (c *Organizations) ListTagsForResourceWithContext(ctx aws.Context, input *ListTagsForResourceInput, opts ...request.Option) (*ListTagsForResourceOutput, error) { 9263 req, out := c.ListTagsForResourceRequest(input) 9264 req.SetContext(ctx) 9265 req.ApplyOptions(opts...) 9266 return out, req.Send() 9267} 9268 9269// ListTagsForResourcePages iterates over the pages of a ListTagsForResource operation, 9270// calling the "fn" function with the response data for each page. To stop 9271// iterating, return false from the fn function. 9272// 9273// See ListTagsForResource method for more information on how to use this operation. 9274// 9275// Note: This operation can generate multiple requests to a service. 9276// 9277// // Example iterating over at most 3 pages of a ListTagsForResource operation. 9278// pageNum := 0 9279// err := client.ListTagsForResourcePages(params, 9280// func(page *organizations.ListTagsForResourceOutput, lastPage bool) bool { 9281// pageNum++ 9282// fmt.Println(page) 9283// return pageNum <= 3 9284// }) 9285// 9286func (c *Organizations) ListTagsForResourcePages(input *ListTagsForResourceInput, fn func(*ListTagsForResourceOutput, bool) bool) error { 9287 return c.ListTagsForResourcePagesWithContext(aws.BackgroundContext(), input, fn) 9288} 9289 9290// ListTagsForResourcePagesWithContext same as ListTagsForResourcePages except 9291// it takes a Context and allows setting request options on the pages. 9292// 9293// The context must be non-nil and will be used for request cancellation. If 9294// the context is nil a panic will occur. In the future the SDK may create 9295// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9296// for more information on using Contexts. 9297func (c *Organizations) ListTagsForResourcePagesWithContext(ctx aws.Context, input *ListTagsForResourceInput, fn func(*ListTagsForResourceOutput, bool) bool, opts ...request.Option) error { 9298 p := request.Pagination{ 9299 NewRequest: func() (*request.Request, error) { 9300 var inCpy *ListTagsForResourceInput 9301 if input != nil { 9302 tmp := *input 9303 inCpy = &tmp 9304 } 9305 req, _ := c.ListTagsForResourceRequest(inCpy) 9306 req.SetContext(ctx) 9307 req.ApplyOptions(opts...) 9308 return req, nil 9309 }, 9310 } 9311 9312 cont := true 9313 for p.Next() && cont { 9314 cont = fn(p.Page().(*ListTagsForResourceOutput), !p.HasNextPage()) 9315 } 9316 return p.Err() 9317} 9318 9319const opListTargetsForPolicy = "ListTargetsForPolicy" 9320 9321// ListTargetsForPolicyRequest generates a "aws/request.Request" representing the 9322// client's request for the ListTargetsForPolicy operation. The "output" return 9323// value will be populated with the request's response once the request completes 9324// successfully. 9325// 9326// Use "Send" method on the returned Request to send the API call to the service. 9327// the "output" return value is not valid until after Send returns without error. 9328// 9329// See ListTargetsForPolicy for more information on using the ListTargetsForPolicy 9330// API call, and error handling. 9331// 9332// This method is useful when you want to inject custom logic or configuration 9333// into the SDK's request lifecycle. Such as custom headers, or retry logic. 9334// 9335// 9336// // Example sending a request using the ListTargetsForPolicyRequest method. 9337// req, resp := client.ListTargetsForPolicyRequest(params) 9338// 9339// err := req.Send() 9340// if err == nil { // resp is now filled 9341// fmt.Println(resp) 9342// } 9343// 9344// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTargetsForPolicy 9345func (c *Organizations) ListTargetsForPolicyRequest(input *ListTargetsForPolicyInput) (req *request.Request, output *ListTargetsForPolicyOutput) { 9346 op := &request.Operation{ 9347 Name: opListTargetsForPolicy, 9348 HTTPMethod: "POST", 9349 HTTPPath: "/", 9350 Paginator: &request.Paginator{ 9351 InputTokens: []string{"NextToken"}, 9352 OutputTokens: []string{"NextToken"}, 9353 LimitToken: "MaxResults", 9354 TruncationToken: "", 9355 }, 9356 } 9357 9358 if input == nil { 9359 input = &ListTargetsForPolicyInput{} 9360 } 9361 9362 output = &ListTargetsForPolicyOutput{} 9363 req = c.newRequest(op, input, output) 9364 return 9365} 9366 9367// ListTargetsForPolicy API operation for AWS Organizations. 9368// 9369// Lists all the roots, organizational units (OUs), and accounts that the specified 9370// policy is attached to. 9371// 9372// Always check the NextToken response parameter for a null value when calling 9373// a List* operation. These operations can occasionally return an empty set 9374// of results even when there are more results available. The NextToken response 9375// parameter value is null only when there are no more results to display. 9376// 9377// This operation can be called only from the organization's master account. 9378// 9379// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 9380// with awserr.Error's Code and Message methods to get detailed information about 9381// the error. 9382// 9383// See the AWS API reference guide for AWS Organizations's 9384// API operation ListTargetsForPolicy for usage and error information. 9385// 9386// Returned Error Codes: 9387// * ErrCodeAccessDeniedException "AccessDeniedException" 9388// You don't have permissions to perform the requested operation. The user or 9389// role that is making the request must have at least one IAM permissions policy 9390// attached that grants the required permissions. For more information, see 9391// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 9392// in the IAM User Guide. 9393// 9394// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 9395// Your account isn't a member of an organization. To make this request, you 9396// must use the credentials of an account that belongs to an organization. 9397// 9398// * ErrCodeInvalidInputException "InvalidInputException" 9399// The requested operation failed because you provided invalid values for one 9400// or more of the request parameters. This exception includes a reason that 9401// contains additional information about the violated limit: 9402// 9403// Some of the reasons in the following list might not be applicable to this 9404// specific API or operation: 9405// 9406// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 9407// can't be modified. 9408// 9409// * INPUT_REQUIRED: You must include a value for all required parameters. 9410// 9411// * INVALID_ENUM: You specified an invalid value. 9412// 9413// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 9414// characters. 9415// 9416// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 9417// at least one invalid value. 9418// 9419// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 9420// from the response to a previous call of the operation. 9421// 9422// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 9423// organization, or email) as a party. 9424// 9425// * INVALID_PATTERN: You provided a value that doesn't match the required 9426// pattern. 9427// 9428// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 9429// match the required pattern. 9430// 9431// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 9432// name can't begin with the reserved prefix AWSServiceRoleFor. 9433// 9434// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 9435// Name (ARN) for the organization. 9436// 9437// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 9438// 9439// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 9440// tag. You can’t add, edit, or delete system tag keys because they're 9441// reserved for AWS use. System tags don’t count against your tags per 9442// resource limit. 9443// 9444// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 9445// for the operation. 9446// 9447// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 9448// than allowed. 9449// 9450// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 9451// value than allowed. 9452// 9453// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 9454// than allowed. 9455// 9456// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 9457// value than allowed. 9458// 9459// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 9460// between entities in the same root. 9461// 9462// * ErrCodePolicyNotFoundException "PolicyNotFoundException" 9463// We can't find a policy with the PolicyId that you specified. 9464// 9465// * ErrCodeServiceException "ServiceException" 9466// AWS Organizations can't complete your request because of an internal service 9467// error. Try again later. 9468// 9469// * ErrCodeTooManyRequestsException "TooManyRequestsException" 9470// You have sent too many requests in too short a period of time. The limit 9471// helps protect against denial-of-service attacks. Try again later. 9472// 9473// For information on limits that affect AWS Organizations, see Limits of AWS 9474// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 9475// in the AWS Organizations User Guide. 9476// 9477// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTargetsForPolicy 9478func (c *Organizations) ListTargetsForPolicy(input *ListTargetsForPolicyInput) (*ListTargetsForPolicyOutput, error) { 9479 req, out := c.ListTargetsForPolicyRequest(input) 9480 return out, req.Send() 9481} 9482 9483// ListTargetsForPolicyWithContext is the same as ListTargetsForPolicy with the addition of 9484// the ability to pass a context and additional request options. 9485// 9486// See ListTargetsForPolicy for details on how to use this API operation. 9487// 9488// The context must be non-nil and will be used for request cancellation. If 9489// the context is nil a panic will occur. In the future the SDK may create 9490// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9491// for more information on using Contexts. 9492func (c *Organizations) ListTargetsForPolicyWithContext(ctx aws.Context, input *ListTargetsForPolicyInput, opts ...request.Option) (*ListTargetsForPolicyOutput, error) { 9493 req, out := c.ListTargetsForPolicyRequest(input) 9494 req.SetContext(ctx) 9495 req.ApplyOptions(opts...) 9496 return out, req.Send() 9497} 9498 9499// ListTargetsForPolicyPages iterates over the pages of a ListTargetsForPolicy operation, 9500// calling the "fn" function with the response data for each page. To stop 9501// iterating, return false from the fn function. 9502// 9503// See ListTargetsForPolicy method for more information on how to use this operation. 9504// 9505// Note: This operation can generate multiple requests to a service. 9506// 9507// // Example iterating over at most 3 pages of a ListTargetsForPolicy operation. 9508// pageNum := 0 9509// err := client.ListTargetsForPolicyPages(params, 9510// func(page *organizations.ListTargetsForPolicyOutput, lastPage bool) bool { 9511// pageNum++ 9512// fmt.Println(page) 9513// return pageNum <= 3 9514// }) 9515// 9516func (c *Organizations) ListTargetsForPolicyPages(input *ListTargetsForPolicyInput, fn func(*ListTargetsForPolicyOutput, bool) bool) error { 9517 return c.ListTargetsForPolicyPagesWithContext(aws.BackgroundContext(), input, fn) 9518} 9519 9520// ListTargetsForPolicyPagesWithContext same as ListTargetsForPolicyPages except 9521// it takes a Context and allows setting request options on the pages. 9522// 9523// The context must be non-nil and will be used for request cancellation. If 9524// the context is nil a panic will occur. In the future the SDK may create 9525// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9526// for more information on using Contexts. 9527func (c *Organizations) ListTargetsForPolicyPagesWithContext(ctx aws.Context, input *ListTargetsForPolicyInput, fn func(*ListTargetsForPolicyOutput, bool) bool, opts ...request.Option) error { 9528 p := request.Pagination{ 9529 NewRequest: func() (*request.Request, error) { 9530 var inCpy *ListTargetsForPolicyInput 9531 if input != nil { 9532 tmp := *input 9533 inCpy = &tmp 9534 } 9535 req, _ := c.ListTargetsForPolicyRequest(inCpy) 9536 req.SetContext(ctx) 9537 req.ApplyOptions(opts...) 9538 return req, nil 9539 }, 9540 } 9541 9542 cont := true 9543 for p.Next() && cont { 9544 cont = fn(p.Page().(*ListTargetsForPolicyOutput), !p.HasNextPage()) 9545 } 9546 return p.Err() 9547} 9548 9549const opMoveAccount = "MoveAccount" 9550 9551// MoveAccountRequest generates a "aws/request.Request" representing the 9552// client's request for the MoveAccount operation. The "output" return 9553// value will be populated with the request's response once the request completes 9554// successfully. 9555// 9556// Use "Send" method on the returned Request to send the API call to the service. 9557// the "output" return value is not valid until after Send returns without error. 9558// 9559// See MoveAccount for more information on using the MoveAccount 9560// API call, and error handling. 9561// 9562// This method is useful when you want to inject custom logic or configuration 9563// into the SDK's request lifecycle. Such as custom headers, or retry logic. 9564// 9565// 9566// // Example sending a request using the MoveAccountRequest method. 9567// req, resp := client.MoveAccountRequest(params) 9568// 9569// err := req.Send() 9570// if err == nil { // resp is now filled 9571// fmt.Println(resp) 9572// } 9573// 9574// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/MoveAccount 9575func (c *Organizations) MoveAccountRequest(input *MoveAccountInput) (req *request.Request, output *MoveAccountOutput) { 9576 op := &request.Operation{ 9577 Name: opMoveAccount, 9578 HTTPMethod: "POST", 9579 HTTPPath: "/", 9580 } 9581 9582 if input == nil { 9583 input = &MoveAccountInput{} 9584 } 9585 9586 output = &MoveAccountOutput{} 9587 req = c.newRequest(op, input, output) 9588 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 9589 return 9590} 9591 9592// MoveAccount API operation for AWS Organizations. 9593// 9594// Moves an account from its current source parent root or organizational unit 9595// (OU) to the specified destination parent root or OU. 9596// 9597// This operation can be called only from the organization's master account. 9598// 9599// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 9600// with awserr.Error's Code and Message methods to get detailed information about 9601// the error. 9602// 9603// See the AWS API reference guide for AWS Organizations's 9604// API operation MoveAccount for usage and error information. 9605// 9606// Returned Error Codes: 9607// * ErrCodeAccessDeniedException "AccessDeniedException" 9608// You don't have permissions to perform the requested operation. The user or 9609// role that is making the request must have at least one IAM permissions policy 9610// attached that grants the required permissions. For more information, see 9611// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 9612// in the IAM User Guide. 9613// 9614// * ErrCodeInvalidInputException "InvalidInputException" 9615// The requested operation failed because you provided invalid values for one 9616// or more of the request parameters. This exception includes a reason that 9617// contains additional information about the violated limit: 9618// 9619// Some of the reasons in the following list might not be applicable to this 9620// specific API or operation: 9621// 9622// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 9623// can't be modified. 9624// 9625// * INPUT_REQUIRED: You must include a value for all required parameters. 9626// 9627// * INVALID_ENUM: You specified an invalid value. 9628// 9629// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 9630// characters. 9631// 9632// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 9633// at least one invalid value. 9634// 9635// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 9636// from the response to a previous call of the operation. 9637// 9638// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 9639// organization, or email) as a party. 9640// 9641// * INVALID_PATTERN: You provided a value that doesn't match the required 9642// pattern. 9643// 9644// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 9645// match the required pattern. 9646// 9647// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 9648// name can't begin with the reserved prefix AWSServiceRoleFor. 9649// 9650// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 9651// Name (ARN) for the organization. 9652// 9653// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 9654// 9655// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 9656// tag. You can’t add, edit, or delete system tag keys because they're 9657// reserved for AWS use. System tags don’t count against your tags per 9658// resource limit. 9659// 9660// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 9661// for the operation. 9662// 9663// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 9664// than allowed. 9665// 9666// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 9667// value than allowed. 9668// 9669// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 9670// than allowed. 9671// 9672// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 9673// value than allowed. 9674// 9675// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 9676// between entities in the same root. 9677// 9678// * ErrCodeSourceParentNotFoundException "SourceParentNotFoundException" 9679// We can't find a source root or OU with the ParentId that you specified. 9680// 9681// * ErrCodeDestinationParentNotFoundException "DestinationParentNotFoundException" 9682// We can't find the destination container (a root or OU) with the ParentId 9683// that you specified. 9684// 9685// * ErrCodeDuplicateAccountException "DuplicateAccountException" 9686// That account is already present in the specified destination. 9687// 9688// * ErrCodeAccountNotFoundException "AccountNotFoundException" 9689// We can't find an AWS account with the AccountId that you specified, or the 9690// account whose credentials you used to make this request isn't a member of 9691// an organization. 9692// 9693// * ErrCodeTooManyRequestsException "TooManyRequestsException" 9694// You have sent too many requests in too short a period of time. The limit 9695// helps protect against denial-of-service attacks. Try again later. 9696// 9697// For information on limits that affect AWS Organizations, see Limits of AWS 9698// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 9699// in the AWS Organizations User Guide. 9700// 9701// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 9702// The target of the operation is currently being modified by a different request. 9703// Try again later. 9704// 9705// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 9706// Your account isn't a member of an organization. To make this request, you 9707// must use the credentials of an account that belongs to an organization. 9708// 9709// * ErrCodeServiceException "ServiceException" 9710// AWS Organizations can't complete your request because of an internal service 9711// error. Try again later. 9712// 9713// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/MoveAccount 9714func (c *Organizations) MoveAccount(input *MoveAccountInput) (*MoveAccountOutput, error) { 9715 req, out := c.MoveAccountRequest(input) 9716 return out, req.Send() 9717} 9718 9719// MoveAccountWithContext is the same as MoveAccount with the addition of 9720// the ability to pass a context and additional request options. 9721// 9722// See MoveAccount for details on how to use this API operation. 9723// 9724// The context must be non-nil and will be used for request cancellation. If 9725// the context is nil a panic will occur. In the future the SDK may create 9726// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9727// for more information on using Contexts. 9728func (c *Organizations) MoveAccountWithContext(ctx aws.Context, input *MoveAccountInput, opts ...request.Option) (*MoveAccountOutput, error) { 9729 req, out := c.MoveAccountRequest(input) 9730 req.SetContext(ctx) 9731 req.ApplyOptions(opts...) 9732 return out, req.Send() 9733} 9734 9735const opRemoveAccountFromOrganization = "RemoveAccountFromOrganization" 9736 9737// RemoveAccountFromOrganizationRequest generates a "aws/request.Request" representing the 9738// client's request for the RemoveAccountFromOrganization operation. The "output" return 9739// value will be populated with the request's response once the request completes 9740// successfully. 9741// 9742// Use "Send" method on the returned Request to send the API call to the service. 9743// the "output" return value is not valid until after Send returns without error. 9744// 9745// See RemoveAccountFromOrganization for more information on using the RemoveAccountFromOrganization 9746// API call, and error handling. 9747// 9748// This method is useful when you want to inject custom logic or configuration 9749// into the SDK's request lifecycle. Such as custom headers, or retry logic. 9750// 9751// 9752// // Example sending a request using the RemoveAccountFromOrganizationRequest method. 9753// req, resp := client.RemoveAccountFromOrganizationRequest(params) 9754// 9755// err := req.Send() 9756// if err == nil { // resp is now filled 9757// fmt.Println(resp) 9758// } 9759// 9760// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RemoveAccountFromOrganization 9761func (c *Organizations) RemoveAccountFromOrganizationRequest(input *RemoveAccountFromOrganizationInput) (req *request.Request, output *RemoveAccountFromOrganizationOutput) { 9762 op := &request.Operation{ 9763 Name: opRemoveAccountFromOrganization, 9764 HTTPMethod: "POST", 9765 HTTPPath: "/", 9766 } 9767 9768 if input == nil { 9769 input = &RemoveAccountFromOrganizationInput{} 9770 } 9771 9772 output = &RemoveAccountFromOrganizationOutput{} 9773 req = c.newRequest(op, input, output) 9774 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 9775 return 9776} 9777 9778// RemoveAccountFromOrganization API operation for AWS Organizations. 9779// 9780// Removes the specified account from the organization. 9781// 9782// The removed account becomes a standalone account that isn't a member of any 9783// organization. It's no longer subject to any policies and is responsible for 9784// its own bill payments. The organization's master account is no longer charged 9785// for any expenses accrued by the member account after it's removed from the 9786// organization. 9787// 9788// This operation can be called only from the organization's master account. 9789// Member accounts can remove themselves with LeaveOrganization instead. 9790// 9791// You can remove an account from your organization only if the account is configured 9792// with the information required to operate as a standalone account. When you 9793// create an account in an organization using the AWS Organizations console, 9794// API, or CLI commands, the information required of standalone accounts is 9795// not automatically collected. For an account that you want to make standalone, 9796// you must accept the end user license agreement (EULA), choose a support plan, 9797// provide and verify the required contact information, and provide a current 9798// payment method. AWS uses the payment method to charge for any billable (not 9799// free tier) AWS activity that occurs while the account isn't attached to an 9800// organization. To remove an account that doesn't yet have this information, 9801// you must sign in as the member account and follow the steps at To leave an 9802// organization when all required account information has not yet been provided 9803// (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 9804// in the AWS Organizations User Guide. 9805// 9806// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 9807// with awserr.Error's Code and Message methods to get detailed information about 9808// the error. 9809// 9810// See the AWS API reference guide for AWS Organizations's 9811// API operation RemoveAccountFromOrganization for usage and error information. 9812// 9813// Returned Error Codes: 9814// * ErrCodeAccessDeniedException "AccessDeniedException" 9815// You don't have permissions to perform the requested operation. The user or 9816// role that is making the request must have at least one IAM permissions policy 9817// attached that grants the required permissions. For more information, see 9818// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 9819// in the IAM User Guide. 9820// 9821// * ErrCodeAccountNotFoundException "AccountNotFoundException" 9822// We can't find an AWS account with the AccountId that you specified, or the 9823// account whose credentials you used to make this request isn't a member of 9824// an organization. 9825// 9826// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 9827// Your account isn't a member of an organization. To make this request, you 9828// must use the credentials of an account that belongs to an organization. 9829// 9830// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 9831// The target of the operation is currently being modified by a different request. 9832// Try again later. 9833// 9834// * ErrCodeConstraintViolationException "ConstraintViolationException" 9835// Performing this operation violates a minimum or maximum value limit. For 9836// example, attempting to remove the last service control policy (SCP) from 9837// an OU or root, inviting or creating too many accounts to the organization, 9838// or attaching too many policies to an account, OU, or root. This exception 9839// includes a reason that contains additional information about the violated 9840// limit. 9841// 9842// Some of the reasons in the following list might not be applicable to this 9843// specific API or operation: 9844// 9845// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 9846// from the organization that doesn't yet have enough information to exist 9847// as a standalone account. This account requires you to first agree to the 9848// AWS Customer Agreement. Follow the steps at To leave an organization when 9849// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 9850// in the AWS Organizations User Guide. 9851// 9852// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 9853// an account from the organization that doesn't yet have enough information 9854// to exist as a standalone account. This account requires you to first complete 9855// phone verification. Follow the steps at To leave an organization when 9856// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 9857// in the AWS Organizations User Guide. 9858// 9859// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 9860// of accounts that you can create in one day. 9861// 9862// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 9863// the number of accounts in an organization. If you need more accounts, 9864// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 9865// request an increase in your limit. Or the number of invitations that you 9866// tried to send would cause you to exceed the limit of accounts in your 9867// organization. Send fewer invitations or contact AWS Support to request 9868// an increase in the number of accounts. Deleted and closed accounts still 9869// count toward your limit. If you get receive this exception when running 9870// a command immediately after creating the organization, wait one hour and 9871// try again. If after an hour it continues to fail with this error, contact 9872// AWS Support (https://console.aws.amazon.com/support/home#/). 9873// 9874// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 9875// handshakes that you can send in one day. 9876// 9877// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 9878// in this organization, you first must migrate the organization's master 9879// account to the marketplace that corresponds to the master account's address. 9880// For example, accounts with India addresses must be associated with the 9881// AISPL marketplace. All accounts in an organization must be associated 9882// with the same marketplace. 9883// 9884// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 9885// must first provide contact a valid address and phone number for the master 9886// account. Then try the operation again. 9887// 9888// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 9889// master account must have an associated account in the AWS GovCloud (US-West) 9890// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 9891// in the AWS GovCloud User Guide. 9892// 9893// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 9894// with this master account, you first must associate a valid payment instrument, 9895// such as a credit card, with the account. Follow the steps at To leave 9896// an organization when all required account information has not yet been 9897// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 9898// in the AWS Organizations User Guide. 9899// 9900// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 9901// number of policies of a certain type that can be attached to an entity 9902// at one time. 9903// 9904// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 9905// on this resource. 9906// 9907// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 9908// with this member account, you first must associate a valid payment instrument, 9909// such as a credit card, with the account. Follow the steps at To leave 9910// an organization when all required account information has not yet been 9911// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 9912// in the AWS Organizations User Guide. 9913// 9914// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 9915// policy from an entity that would cause the entity to have fewer than the 9916// minimum number of policies of a certain type required. 9917// 9918// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 9919// too many levels deep. 9920// 9921// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 9922// that requires the organization to be configured to support all features. 9923// An organization that supports only consolidated billing features can't 9924// perform this operation. 9925// 9926// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 9927// that you can have in an organization. 9928// 9929// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 9930// policies that you can have in an organization. 9931// 9932// * ErrCodeInvalidInputException "InvalidInputException" 9933// The requested operation failed because you provided invalid values for one 9934// or more of the request parameters. This exception includes a reason that 9935// contains additional information about the violated limit: 9936// 9937// Some of the reasons in the following list might not be applicable to this 9938// specific API or operation: 9939// 9940// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 9941// can't be modified. 9942// 9943// * INPUT_REQUIRED: You must include a value for all required parameters. 9944// 9945// * INVALID_ENUM: You specified an invalid value. 9946// 9947// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 9948// characters. 9949// 9950// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 9951// at least one invalid value. 9952// 9953// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 9954// from the response to a previous call of the operation. 9955// 9956// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 9957// organization, or email) as a party. 9958// 9959// * INVALID_PATTERN: You provided a value that doesn't match the required 9960// pattern. 9961// 9962// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 9963// match the required pattern. 9964// 9965// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 9966// name can't begin with the reserved prefix AWSServiceRoleFor. 9967// 9968// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 9969// Name (ARN) for the organization. 9970// 9971// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 9972// 9973// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 9974// tag. You can’t add, edit, or delete system tag keys because they're 9975// reserved for AWS use. System tags don’t count against your tags per 9976// resource limit. 9977// 9978// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 9979// for the operation. 9980// 9981// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 9982// than allowed. 9983// 9984// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 9985// value than allowed. 9986// 9987// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 9988// than allowed. 9989// 9990// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 9991// value than allowed. 9992// 9993// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 9994// between entities in the same root. 9995// 9996// * ErrCodeMasterCannotLeaveOrganizationException "MasterCannotLeaveOrganizationException" 9997// You can't remove a master account from an organization. If you want the master 9998// account to become a member account in another organization, you must first 9999// delete the current organization of the master account. 10000// 10001// * ErrCodeServiceException "ServiceException" 10002// AWS Organizations can't complete your request because of an internal service 10003// error. Try again later. 10004// 10005// * ErrCodeTooManyRequestsException "TooManyRequestsException" 10006// You have sent too many requests in too short a period of time. The limit 10007// helps protect against denial-of-service attacks. Try again later. 10008// 10009// For information on limits that affect AWS Organizations, see Limits of AWS 10010// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 10011// in the AWS Organizations User Guide. 10012// 10013// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RemoveAccountFromOrganization 10014func (c *Organizations) RemoveAccountFromOrganization(input *RemoveAccountFromOrganizationInput) (*RemoveAccountFromOrganizationOutput, error) { 10015 req, out := c.RemoveAccountFromOrganizationRequest(input) 10016 return out, req.Send() 10017} 10018 10019// RemoveAccountFromOrganizationWithContext is the same as RemoveAccountFromOrganization with the addition of 10020// the ability to pass a context and additional request options. 10021// 10022// See RemoveAccountFromOrganization for details on how to use this API operation. 10023// 10024// The context must be non-nil and will be used for request cancellation. If 10025// the context is nil a panic will occur. In the future the SDK may create 10026// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 10027// for more information on using Contexts. 10028func (c *Organizations) RemoveAccountFromOrganizationWithContext(ctx aws.Context, input *RemoveAccountFromOrganizationInput, opts ...request.Option) (*RemoveAccountFromOrganizationOutput, error) { 10029 req, out := c.RemoveAccountFromOrganizationRequest(input) 10030 req.SetContext(ctx) 10031 req.ApplyOptions(opts...) 10032 return out, req.Send() 10033} 10034 10035const opTagResource = "TagResource" 10036 10037// TagResourceRequest generates a "aws/request.Request" representing the 10038// client's request for the TagResource operation. The "output" return 10039// value will be populated with the request's response once the request completes 10040// successfully. 10041// 10042// Use "Send" method on the returned Request to send the API call to the service. 10043// the "output" return value is not valid until after Send returns without error. 10044// 10045// See TagResource for more information on using the TagResource 10046// API call, and error handling. 10047// 10048// This method is useful when you want to inject custom logic or configuration 10049// into the SDK's request lifecycle. Such as custom headers, or retry logic. 10050// 10051// 10052// // Example sending a request using the TagResourceRequest method. 10053// req, resp := client.TagResourceRequest(params) 10054// 10055// err := req.Send() 10056// if err == nil { // resp is now filled 10057// fmt.Println(resp) 10058// } 10059// 10060// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/TagResource 10061func (c *Organizations) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) { 10062 op := &request.Operation{ 10063 Name: opTagResource, 10064 HTTPMethod: "POST", 10065 HTTPPath: "/", 10066 } 10067 10068 if input == nil { 10069 input = &TagResourceInput{} 10070 } 10071 10072 output = &TagResourceOutput{} 10073 req = c.newRequest(op, input, output) 10074 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 10075 return 10076} 10077 10078// TagResource API operation for AWS Organizations. 10079// 10080// Adds one or more tags to the specified resource. 10081// 10082// Currently, you can tag and untag accounts in AWS Organizations. 10083// 10084// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 10085// with awserr.Error's Code and Message methods to get detailed information about 10086// the error. 10087// 10088// See the AWS API reference guide for AWS Organizations's 10089// API operation TagResource for usage and error information. 10090// 10091// Returned Error Codes: 10092// * ErrCodeAccessDeniedException "AccessDeniedException" 10093// You don't have permissions to perform the requested operation. The user or 10094// role that is making the request must have at least one IAM permissions policy 10095// attached that grants the required permissions. For more information, see 10096// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 10097// in the IAM User Guide. 10098// 10099// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 10100// The target of the operation is currently being modified by a different request. 10101// Try again later. 10102// 10103// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 10104// Your account isn't a member of an organization. To make this request, you 10105// must use the credentials of an account that belongs to an organization. 10106// 10107// * ErrCodeTargetNotFoundException "TargetNotFoundException" 10108// We can't find a root, OU, or account with the TargetId that you specified. 10109// 10110// * ErrCodeConstraintViolationException "ConstraintViolationException" 10111// Performing this operation violates a minimum or maximum value limit. For 10112// example, attempting to remove the last service control policy (SCP) from 10113// an OU or root, inviting or creating too many accounts to the organization, 10114// or attaching too many policies to an account, OU, or root. This exception 10115// includes a reason that contains additional information about the violated 10116// limit. 10117// 10118// Some of the reasons in the following list might not be applicable to this 10119// specific API or operation: 10120// 10121// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 10122// from the organization that doesn't yet have enough information to exist 10123// as a standalone account. This account requires you to first agree to the 10124// AWS Customer Agreement. Follow the steps at To leave an organization when 10125// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 10126// in the AWS Organizations User Guide. 10127// 10128// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 10129// an account from the organization that doesn't yet have enough information 10130// to exist as a standalone account. This account requires you to first complete 10131// phone verification. Follow the steps at To leave an organization when 10132// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 10133// in the AWS Organizations User Guide. 10134// 10135// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 10136// of accounts that you can create in one day. 10137// 10138// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 10139// the number of accounts in an organization. If you need more accounts, 10140// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 10141// request an increase in your limit. Or the number of invitations that you 10142// tried to send would cause you to exceed the limit of accounts in your 10143// organization. Send fewer invitations or contact AWS Support to request 10144// an increase in the number of accounts. Deleted and closed accounts still 10145// count toward your limit. If you get receive this exception when running 10146// a command immediately after creating the organization, wait one hour and 10147// try again. If after an hour it continues to fail with this error, contact 10148// AWS Support (https://console.aws.amazon.com/support/home#/). 10149// 10150// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 10151// handshakes that you can send in one day. 10152// 10153// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 10154// in this organization, you first must migrate the organization's master 10155// account to the marketplace that corresponds to the master account's address. 10156// For example, accounts with India addresses must be associated with the 10157// AISPL marketplace. All accounts in an organization must be associated 10158// with the same marketplace. 10159// 10160// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 10161// must first provide contact a valid address and phone number for the master 10162// account. Then try the operation again. 10163// 10164// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 10165// master account must have an associated account in the AWS GovCloud (US-West) 10166// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 10167// in the AWS GovCloud User Guide. 10168// 10169// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 10170// with this master account, you first must associate a valid payment instrument, 10171// such as a credit card, with the account. Follow the steps at To leave 10172// an organization when all required account information has not yet been 10173// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 10174// in the AWS Organizations User Guide. 10175// 10176// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 10177// number of policies of a certain type that can be attached to an entity 10178// at one time. 10179// 10180// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 10181// on this resource. 10182// 10183// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 10184// with this member account, you first must associate a valid payment instrument, 10185// such as a credit card, with the account. Follow the steps at To leave 10186// an organization when all required account information has not yet been 10187// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 10188// in the AWS Organizations User Guide. 10189// 10190// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 10191// policy from an entity that would cause the entity to have fewer than the 10192// minimum number of policies of a certain type required. 10193// 10194// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 10195// too many levels deep. 10196// 10197// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 10198// that requires the organization to be configured to support all features. 10199// An organization that supports only consolidated billing features can't 10200// perform this operation. 10201// 10202// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 10203// that you can have in an organization. 10204// 10205// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 10206// policies that you can have in an organization. 10207// 10208// * ErrCodeInvalidInputException "InvalidInputException" 10209// The requested operation failed because you provided invalid values for one 10210// or more of the request parameters. This exception includes a reason that 10211// contains additional information about the violated limit: 10212// 10213// Some of the reasons in the following list might not be applicable to this 10214// specific API or operation: 10215// 10216// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 10217// can't be modified. 10218// 10219// * INPUT_REQUIRED: You must include a value for all required parameters. 10220// 10221// * INVALID_ENUM: You specified an invalid value. 10222// 10223// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 10224// characters. 10225// 10226// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 10227// at least one invalid value. 10228// 10229// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 10230// from the response to a previous call of the operation. 10231// 10232// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 10233// organization, or email) as a party. 10234// 10235// * INVALID_PATTERN: You provided a value that doesn't match the required 10236// pattern. 10237// 10238// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 10239// match the required pattern. 10240// 10241// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 10242// name can't begin with the reserved prefix AWSServiceRoleFor. 10243// 10244// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 10245// Name (ARN) for the organization. 10246// 10247// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 10248// 10249// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 10250// tag. You can’t add, edit, or delete system tag keys because they're 10251// reserved for AWS use. System tags don’t count against your tags per 10252// resource limit. 10253// 10254// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 10255// for the operation. 10256// 10257// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 10258// than allowed. 10259// 10260// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 10261// value than allowed. 10262// 10263// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 10264// than allowed. 10265// 10266// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 10267// value than allowed. 10268// 10269// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 10270// between entities in the same root. 10271// 10272// * ErrCodeServiceException "ServiceException" 10273// AWS Organizations can't complete your request because of an internal service 10274// error. Try again later. 10275// 10276// * ErrCodeTooManyRequestsException "TooManyRequestsException" 10277// You have sent too many requests in too short a period of time. The limit 10278// helps protect against denial-of-service attacks. Try again later. 10279// 10280// For information on limits that affect AWS Organizations, see Limits of AWS 10281// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 10282// in the AWS Organizations User Guide. 10283// 10284// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/TagResource 10285func (c *Organizations) TagResource(input *TagResourceInput) (*TagResourceOutput, error) { 10286 req, out := c.TagResourceRequest(input) 10287 return out, req.Send() 10288} 10289 10290// TagResourceWithContext is the same as TagResource with the addition of 10291// the ability to pass a context and additional request options. 10292// 10293// See TagResource for details on how to use this API operation. 10294// 10295// The context must be non-nil and will be used for request cancellation. If 10296// the context is nil a panic will occur. In the future the SDK may create 10297// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 10298// for more information on using Contexts. 10299func (c *Organizations) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) { 10300 req, out := c.TagResourceRequest(input) 10301 req.SetContext(ctx) 10302 req.ApplyOptions(opts...) 10303 return out, req.Send() 10304} 10305 10306const opUntagResource = "UntagResource" 10307 10308// UntagResourceRequest generates a "aws/request.Request" representing the 10309// client's request for the UntagResource operation. The "output" return 10310// value will be populated with the request's response once the request completes 10311// successfully. 10312// 10313// Use "Send" method on the returned Request to send the API call to the service. 10314// the "output" return value is not valid until after Send returns without error. 10315// 10316// See UntagResource for more information on using the UntagResource 10317// API call, and error handling. 10318// 10319// This method is useful when you want to inject custom logic or configuration 10320// into the SDK's request lifecycle. Such as custom headers, or retry logic. 10321// 10322// 10323// // Example sending a request using the UntagResourceRequest method. 10324// req, resp := client.UntagResourceRequest(params) 10325// 10326// err := req.Send() 10327// if err == nil { // resp is now filled 10328// fmt.Println(resp) 10329// } 10330// 10331// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UntagResource 10332func (c *Organizations) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) { 10333 op := &request.Operation{ 10334 Name: opUntagResource, 10335 HTTPMethod: "POST", 10336 HTTPPath: "/", 10337 } 10338 10339 if input == nil { 10340 input = &UntagResourceInput{} 10341 } 10342 10343 output = &UntagResourceOutput{} 10344 req = c.newRequest(op, input, output) 10345 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 10346 return 10347} 10348 10349// UntagResource API operation for AWS Organizations. 10350// 10351// Removes a tag from the specified resource. 10352// 10353// Currently, you can tag and untag accounts in AWS Organizations. 10354// 10355// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 10356// with awserr.Error's Code and Message methods to get detailed information about 10357// the error. 10358// 10359// See the AWS API reference guide for AWS Organizations's 10360// API operation UntagResource for usage and error information. 10361// 10362// Returned Error Codes: 10363// * ErrCodeAccessDeniedException "AccessDeniedException" 10364// You don't have permissions to perform the requested operation. The user or 10365// role that is making the request must have at least one IAM permissions policy 10366// attached that grants the required permissions. For more information, see 10367// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 10368// in the IAM User Guide. 10369// 10370// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 10371// The target of the operation is currently being modified by a different request. 10372// Try again later. 10373// 10374// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 10375// Your account isn't a member of an organization. To make this request, you 10376// must use the credentials of an account that belongs to an organization. 10377// 10378// * ErrCodeTargetNotFoundException "TargetNotFoundException" 10379// We can't find a root, OU, or account with the TargetId that you specified. 10380// 10381// * ErrCodeConstraintViolationException "ConstraintViolationException" 10382// Performing this operation violates a minimum or maximum value limit. For 10383// example, attempting to remove the last service control policy (SCP) from 10384// an OU or root, inviting or creating too many accounts to the organization, 10385// or attaching too many policies to an account, OU, or root. This exception 10386// includes a reason that contains additional information about the violated 10387// limit. 10388// 10389// Some of the reasons in the following list might not be applicable to this 10390// specific API or operation: 10391// 10392// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 10393// from the organization that doesn't yet have enough information to exist 10394// as a standalone account. This account requires you to first agree to the 10395// AWS Customer Agreement. Follow the steps at To leave an organization when 10396// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 10397// in the AWS Organizations User Guide. 10398// 10399// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 10400// an account from the organization that doesn't yet have enough information 10401// to exist as a standalone account. This account requires you to first complete 10402// phone verification. Follow the steps at To leave an organization when 10403// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 10404// in the AWS Organizations User Guide. 10405// 10406// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 10407// of accounts that you can create in one day. 10408// 10409// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 10410// the number of accounts in an organization. If you need more accounts, 10411// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 10412// request an increase in your limit. Or the number of invitations that you 10413// tried to send would cause you to exceed the limit of accounts in your 10414// organization. Send fewer invitations or contact AWS Support to request 10415// an increase in the number of accounts. Deleted and closed accounts still 10416// count toward your limit. If you get receive this exception when running 10417// a command immediately after creating the organization, wait one hour and 10418// try again. If after an hour it continues to fail with this error, contact 10419// AWS Support (https://console.aws.amazon.com/support/home#/). 10420// 10421// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 10422// handshakes that you can send in one day. 10423// 10424// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 10425// in this organization, you first must migrate the organization's master 10426// account to the marketplace that corresponds to the master account's address. 10427// For example, accounts with India addresses must be associated with the 10428// AISPL marketplace. All accounts in an organization must be associated 10429// with the same marketplace. 10430// 10431// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 10432// must first provide contact a valid address and phone number for the master 10433// account. Then try the operation again. 10434// 10435// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 10436// master account must have an associated account in the AWS GovCloud (US-West) 10437// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 10438// in the AWS GovCloud User Guide. 10439// 10440// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 10441// with this master account, you first must associate a valid payment instrument, 10442// such as a credit card, with the account. Follow the steps at To leave 10443// an organization when all required account information has not yet been 10444// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 10445// in the AWS Organizations User Guide. 10446// 10447// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 10448// number of policies of a certain type that can be attached to an entity 10449// at one time. 10450// 10451// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 10452// on this resource. 10453// 10454// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 10455// with this member account, you first must associate a valid payment instrument, 10456// such as a credit card, with the account. Follow the steps at To leave 10457// an organization when all required account information has not yet been 10458// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 10459// in the AWS Organizations User Guide. 10460// 10461// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 10462// policy from an entity that would cause the entity to have fewer than the 10463// minimum number of policies of a certain type required. 10464// 10465// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 10466// too many levels deep. 10467// 10468// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 10469// that requires the organization to be configured to support all features. 10470// An organization that supports only consolidated billing features can't 10471// perform this operation. 10472// 10473// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 10474// that you can have in an organization. 10475// 10476// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 10477// policies that you can have in an organization. 10478// 10479// * ErrCodeInvalidInputException "InvalidInputException" 10480// The requested operation failed because you provided invalid values for one 10481// or more of the request parameters. This exception includes a reason that 10482// contains additional information about the violated limit: 10483// 10484// Some of the reasons in the following list might not be applicable to this 10485// specific API or operation: 10486// 10487// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 10488// can't be modified. 10489// 10490// * INPUT_REQUIRED: You must include a value for all required parameters. 10491// 10492// * INVALID_ENUM: You specified an invalid value. 10493// 10494// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 10495// characters. 10496// 10497// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 10498// at least one invalid value. 10499// 10500// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 10501// from the response to a previous call of the operation. 10502// 10503// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 10504// organization, or email) as a party. 10505// 10506// * INVALID_PATTERN: You provided a value that doesn't match the required 10507// pattern. 10508// 10509// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 10510// match the required pattern. 10511// 10512// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 10513// name can't begin with the reserved prefix AWSServiceRoleFor. 10514// 10515// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 10516// Name (ARN) for the organization. 10517// 10518// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 10519// 10520// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 10521// tag. You can’t add, edit, or delete system tag keys because they're 10522// reserved for AWS use. System tags don’t count against your tags per 10523// resource limit. 10524// 10525// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 10526// for the operation. 10527// 10528// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 10529// than allowed. 10530// 10531// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 10532// value than allowed. 10533// 10534// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 10535// than allowed. 10536// 10537// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 10538// value than allowed. 10539// 10540// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 10541// between entities in the same root. 10542// 10543// * ErrCodeServiceException "ServiceException" 10544// AWS Organizations can't complete your request because of an internal service 10545// error. Try again later. 10546// 10547// * ErrCodeTooManyRequestsException "TooManyRequestsException" 10548// You have sent too many requests in too short a period of time. The limit 10549// helps protect against denial-of-service attacks. Try again later. 10550// 10551// For information on limits that affect AWS Organizations, see Limits of AWS 10552// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 10553// in the AWS Organizations User Guide. 10554// 10555// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UntagResource 10556func (c *Organizations) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) { 10557 req, out := c.UntagResourceRequest(input) 10558 return out, req.Send() 10559} 10560 10561// UntagResourceWithContext is the same as UntagResource with the addition of 10562// the ability to pass a context and additional request options. 10563// 10564// See UntagResource for details on how to use this API operation. 10565// 10566// The context must be non-nil and will be used for request cancellation. If 10567// the context is nil a panic will occur. In the future the SDK may create 10568// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 10569// for more information on using Contexts. 10570func (c *Organizations) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) { 10571 req, out := c.UntagResourceRequest(input) 10572 req.SetContext(ctx) 10573 req.ApplyOptions(opts...) 10574 return out, req.Send() 10575} 10576 10577const opUpdateOrganizationalUnit = "UpdateOrganizationalUnit" 10578 10579// UpdateOrganizationalUnitRequest generates a "aws/request.Request" representing the 10580// client's request for the UpdateOrganizationalUnit operation. The "output" return 10581// value will be populated with the request's response once the request completes 10582// successfully. 10583// 10584// Use "Send" method on the returned Request to send the API call to the service. 10585// the "output" return value is not valid until after Send returns without error. 10586// 10587// See UpdateOrganizationalUnit for more information on using the UpdateOrganizationalUnit 10588// API call, and error handling. 10589// 10590// This method is useful when you want to inject custom logic or configuration 10591// into the SDK's request lifecycle. Such as custom headers, or retry logic. 10592// 10593// 10594// // Example sending a request using the UpdateOrganizationalUnitRequest method. 10595// req, resp := client.UpdateOrganizationalUnitRequest(params) 10596// 10597// err := req.Send() 10598// if err == nil { // resp is now filled 10599// fmt.Println(resp) 10600// } 10601// 10602// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdateOrganizationalUnit 10603func (c *Organizations) UpdateOrganizationalUnitRequest(input *UpdateOrganizationalUnitInput) (req *request.Request, output *UpdateOrganizationalUnitOutput) { 10604 op := &request.Operation{ 10605 Name: opUpdateOrganizationalUnit, 10606 HTTPMethod: "POST", 10607 HTTPPath: "/", 10608 } 10609 10610 if input == nil { 10611 input = &UpdateOrganizationalUnitInput{} 10612 } 10613 10614 output = &UpdateOrganizationalUnitOutput{} 10615 req = c.newRequest(op, input, output) 10616 return 10617} 10618 10619// UpdateOrganizationalUnit API operation for AWS Organizations. 10620// 10621// Renames the specified organizational unit (OU). The ID and ARN don't change. 10622// The child OUs and accounts remain in place, and any attached policies of 10623// the OU remain attached. 10624// 10625// This operation can be called only from the organization's master account. 10626// 10627// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 10628// with awserr.Error's Code and Message methods to get detailed information about 10629// the error. 10630// 10631// See the AWS API reference guide for AWS Organizations's 10632// API operation UpdateOrganizationalUnit for usage and error information. 10633// 10634// Returned Error Codes: 10635// * ErrCodeAccessDeniedException "AccessDeniedException" 10636// You don't have permissions to perform the requested operation. The user or 10637// role that is making the request must have at least one IAM permissions policy 10638// attached that grants the required permissions. For more information, see 10639// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 10640// in the IAM User Guide. 10641// 10642// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 10643// Your account isn't a member of an organization. To make this request, you 10644// must use the credentials of an account that belongs to an organization. 10645// 10646// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 10647// The target of the operation is currently being modified by a different request. 10648// Try again later. 10649// 10650// * ErrCodeDuplicateOrganizationalUnitException "DuplicateOrganizationalUnitException" 10651// An OU with the same name already exists. 10652// 10653// * ErrCodeInvalidInputException "InvalidInputException" 10654// The requested operation failed because you provided invalid values for one 10655// or more of the request parameters. This exception includes a reason that 10656// contains additional information about the violated limit: 10657// 10658// Some of the reasons in the following list might not be applicable to this 10659// specific API or operation: 10660// 10661// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 10662// can't be modified. 10663// 10664// * INPUT_REQUIRED: You must include a value for all required parameters. 10665// 10666// * INVALID_ENUM: You specified an invalid value. 10667// 10668// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 10669// characters. 10670// 10671// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 10672// at least one invalid value. 10673// 10674// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 10675// from the response to a previous call of the operation. 10676// 10677// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 10678// organization, or email) as a party. 10679// 10680// * INVALID_PATTERN: You provided a value that doesn't match the required 10681// pattern. 10682// 10683// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 10684// match the required pattern. 10685// 10686// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 10687// name can't begin with the reserved prefix AWSServiceRoleFor. 10688// 10689// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 10690// Name (ARN) for the organization. 10691// 10692// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 10693// 10694// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 10695// tag. You can’t add, edit, or delete system tag keys because they're 10696// reserved for AWS use. System tags don’t count against your tags per 10697// resource limit. 10698// 10699// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 10700// for the operation. 10701// 10702// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 10703// than allowed. 10704// 10705// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 10706// value than allowed. 10707// 10708// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 10709// than allowed. 10710// 10711// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 10712// value than allowed. 10713// 10714// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 10715// between entities in the same root. 10716// 10717// * ErrCodeOrganizationalUnitNotFoundException "OrganizationalUnitNotFoundException" 10718// We can't find an OU with the OrganizationalUnitId that you specified. 10719// 10720// * ErrCodeServiceException "ServiceException" 10721// AWS Organizations can't complete your request because of an internal service 10722// error. Try again later. 10723// 10724// * ErrCodeTooManyRequestsException "TooManyRequestsException" 10725// You have sent too many requests in too short a period of time. The limit 10726// helps protect against denial-of-service attacks. Try again later. 10727// 10728// For information on limits that affect AWS Organizations, see Limits of AWS 10729// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 10730// in the AWS Organizations User Guide. 10731// 10732// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdateOrganizationalUnit 10733func (c *Organizations) UpdateOrganizationalUnit(input *UpdateOrganizationalUnitInput) (*UpdateOrganizationalUnitOutput, error) { 10734 req, out := c.UpdateOrganizationalUnitRequest(input) 10735 return out, req.Send() 10736} 10737 10738// UpdateOrganizationalUnitWithContext is the same as UpdateOrganizationalUnit with the addition of 10739// the ability to pass a context and additional request options. 10740// 10741// See UpdateOrganizationalUnit for details on how to use this API operation. 10742// 10743// The context must be non-nil and will be used for request cancellation. If 10744// the context is nil a panic will occur. In the future the SDK may create 10745// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 10746// for more information on using Contexts. 10747func (c *Organizations) UpdateOrganizationalUnitWithContext(ctx aws.Context, input *UpdateOrganizationalUnitInput, opts ...request.Option) (*UpdateOrganizationalUnitOutput, error) { 10748 req, out := c.UpdateOrganizationalUnitRequest(input) 10749 req.SetContext(ctx) 10750 req.ApplyOptions(opts...) 10751 return out, req.Send() 10752} 10753 10754const opUpdatePolicy = "UpdatePolicy" 10755 10756// UpdatePolicyRequest generates a "aws/request.Request" representing the 10757// client's request for the UpdatePolicy operation. The "output" return 10758// value will be populated with the request's response once the request completes 10759// successfully. 10760// 10761// Use "Send" method on the returned Request to send the API call to the service. 10762// the "output" return value is not valid until after Send returns without error. 10763// 10764// See UpdatePolicy for more information on using the UpdatePolicy 10765// API call, and error handling. 10766// 10767// This method is useful when you want to inject custom logic or configuration 10768// into the SDK's request lifecycle. Such as custom headers, or retry logic. 10769// 10770// 10771// // Example sending a request using the UpdatePolicyRequest method. 10772// req, resp := client.UpdatePolicyRequest(params) 10773// 10774// err := req.Send() 10775// if err == nil { // resp is now filled 10776// fmt.Println(resp) 10777// } 10778// 10779// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdatePolicy 10780func (c *Organizations) UpdatePolicyRequest(input *UpdatePolicyInput) (req *request.Request, output *UpdatePolicyOutput) { 10781 op := &request.Operation{ 10782 Name: opUpdatePolicy, 10783 HTTPMethod: "POST", 10784 HTTPPath: "/", 10785 } 10786 10787 if input == nil { 10788 input = &UpdatePolicyInput{} 10789 } 10790 10791 output = &UpdatePolicyOutput{} 10792 req = c.newRequest(op, input, output) 10793 return 10794} 10795 10796// UpdatePolicy API operation for AWS Organizations. 10797// 10798// Updates an existing policy with a new name, description, or content. If you 10799// don't supply any parameter, that value remains unchanged. You can't change 10800// a policy's type. 10801// 10802// This operation can be called only from the organization's master account. 10803// 10804// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 10805// with awserr.Error's Code and Message methods to get detailed information about 10806// the error. 10807// 10808// See the AWS API reference guide for AWS Organizations's 10809// API operation UpdatePolicy for usage and error information. 10810// 10811// Returned Error Codes: 10812// * ErrCodeAccessDeniedException "AccessDeniedException" 10813// You don't have permissions to perform the requested operation. The user or 10814// role that is making the request must have at least one IAM permissions policy 10815// attached that grants the required permissions. For more information, see 10816// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 10817// in the IAM User Guide. 10818// 10819// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 10820// Your account isn't a member of an organization. To make this request, you 10821// must use the credentials of an account that belongs to an organization. 10822// 10823// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 10824// The target of the operation is currently being modified by a different request. 10825// Try again later. 10826// 10827// * ErrCodeConstraintViolationException "ConstraintViolationException" 10828// Performing this operation violates a minimum or maximum value limit. For 10829// example, attempting to remove the last service control policy (SCP) from 10830// an OU or root, inviting or creating too many accounts to the organization, 10831// or attaching too many policies to an account, OU, or root. This exception 10832// includes a reason that contains additional information about the violated 10833// limit. 10834// 10835// Some of the reasons in the following list might not be applicable to this 10836// specific API or operation: 10837// 10838// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 10839// from the organization that doesn't yet have enough information to exist 10840// as a standalone account. This account requires you to first agree to the 10841// AWS Customer Agreement. Follow the steps at To leave an organization when 10842// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 10843// in the AWS Organizations User Guide. 10844// 10845// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 10846// an account from the organization that doesn't yet have enough information 10847// to exist as a standalone account. This account requires you to first complete 10848// phone verification. Follow the steps at To leave an organization when 10849// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 10850// in the AWS Organizations User Guide. 10851// 10852// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 10853// of accounts that you can create in one day. 10854// 10855// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 10856// the number of accounts in an organization. If you need more accounts, 10857// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 10858// request an increase in your limit. Or the number of invitations that you 10859// tried to send would cause you to exceed the limit of accounts in your 10860// organization. Send fewer invitations or contact AWS Support to request 10861// an increase in the number of accounts. Deleted and closed accounts still 10862// count toward your limit. If you get receive this exception when running 10863// a command immediately after creating the organization, wait one hour and 10864// try again. If after an hour it continues to fail with this error, contact 10865// AWS Support (https://console.aws.amazon.com/support/home#/). 10866// 10867// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 10868// handshakes that you can send in one day. 10869// 10870// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 10871// in this organization, you first must migrate the organization's master 10872// account to the marketplace that corresponds to the master account's address. 10873// For example, accounts with India addresses must be associated with the 10874// AISPL marketplace. All accounts in an organization must be associated 10875// with the same marketplace. 10876// 10877// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 10878// must first provide contact a valid address and phone number for the master 10879// account. Then try the operation again. 10880// 10881// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 10882// master account must have an associated account in the AWS GovCloud (US-West) 10883// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 10884// in the AWS GovCloud User Guide. 10885// 10886// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 10887// with this master account, you first must associate a valid payment instrument, 10888// such as a credit card, with the account. Follow the steps at To leave 10889// an organization when all required account information has not yet been 10890// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 10891// in the AWS Organizations User Guide. 10892// 10893// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 10894// number of policies of a certain type that can be attached to an entity 10895// at one time. 10896// 10897// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 10898// on this resource. 10899// 10900// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 10901// with this member account, you first must associate a valid payment instrument, 10902// such as a credit card, with the account. Follow the steps at To leave 10903// an organization when all required account information has not yet been 10904// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 10905// in the AWS Organizations User Guide. 10906// 10907// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 10908// policy from an entity that would cause the entity to have fewer than the 10909// minimum number of policies of a certain type required. 10910// 10911// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 10912// too many levels deep. 10913// 10914// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 10915// that requires the organization to be configured to support all features. 10916// An organization that supports only consolidated billing features can't 10917// perform this operation. 10918// 10919// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 10920// that you can have in an organization. 10921// 10922// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 10923// policies that you can have in an organization. 10924// 10925// * ErrCodeDuplicatePolicyException "DuplicatePolicyException" 10926// A policy with the same name already exists. 10927// 10928// * ErrCodeInvalidInputException "InvalidInputException" 10929// The requested operation failed because you provided invalid values for one 10930// or more of the request parameters. This exception includes a reason that 10931// contains additional information about the violated limit: 10932// 10933// Some of the reasons in the following list might not be applicable to this 10934// specific API or operation: 10935// 10936// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 10937// can't be modified. 10938// 10939// * INPUT_REQUIRED: You must include a value for all required parameters. 10940// 10941// * INVALID_ENUM: You specified an invalid value. 10942// 10943// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 10944// characters. 10945// 10946// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 10947// at least one invalid value. 10948// 10949// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 10950// from the response to a previous call of the operation. 10951// 10952// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 10953// organization, or email) as a party. 10954// 10955// * INVALID_PATTERN: You provided a value that doesn't match the required 10956// pattern. 10957// 10958// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 10959// match the required pattern. 10960// 10961// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 10962// name can't begin with the reserved prefix AWSServiceRoleFor. 10963// 10964// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 10965// Name (ARN) for the organization. 10966// 10967// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 10968// 10969// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 10970// tag. You can’t add, edit, or delete system tag keys because they're 10971// reserved for AWS use. System tags don’t count against your tags per 10972// resource limit. 10973// 10974// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 10975// for the operation. 10976// 10977// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 10978// than allowed. 10979// 10980// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 10981// value than allowed. 10982// 10983// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 10984// than allowed. 10985// 10986// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 10987// value than allowed. 10988// 10989// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 10990// between entities in the same root. 10991// 10992// * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocumentException" 10993// The provided policy document doesn't meet the requirements of the specified 10994// policy type. For example, the syntax might be incorrect. For details about 10995// service control policy syntax, see Service Control Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html) 10996// in the AWS Organizations User Guide. 10997// 10998// * ErrCodePolicyNotFoundException "PolicyNotFoundException" 10999// We can't find a policy with the PolicyId that you specified. 11000// 11001// * ErrCodeServiceException "ServiceException" 11002// AWS Organizations can't complete your request because of an internal service 11003// error. Try again later. 11004// 11005// * ErrCodeTooManyRequestsException "TooManyRequestsException" 11006// You have sent too many requests in too short a period of time. The limit 11007// helps protect against denial-of-service attacks. Try again later. 11008// 11009// For information on limits that affect AWS Organizations, see Limits of AWS 11010// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 11011// in the AWS Organizations User Guide. 11012// 11013// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdatePolicy 11014func (c *Organizations) UpdatePolicy(input *UpdatePolicyInput) (*UpdatePolicyOutput, error) { 11015 req, out := c.UpdatePolicyRequest(input) 11016 return out, req.Send() 11017} 11018 11019// UpdatePolicyWithContext is the same as UpdatePolicy with the addition of 11020// the ability to pass a context and additional request options. 11021// 11022// See UpdatePolicy for details on how to use this API operation. 11023// 11024// The context must be non-nil and will be used for request cancellation. If 11025// the context is nil a panic will occur. In the future the SDK may create 11026// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 11027// for more information on using Contexts. 11028func (c *Organizations) UpdatePolicyWithContext(ctx aws.Context, input *UpdatePolicyInput, opts ...request.Option) (*UpdatePolicyOutput, error) { 11029 req, out := c.UpdatePolicyRequest(input) 11030 req.SetContext(ctx) 11031 req.ApplyOptions(opts...) 11032 return out, req.Send() 11033} 11034 11035type AcceptHandshakeInput struct { 11036 _ struct{} `type:"structure"` 11037 11038 // The unique identifier (ID) of the handshake that you want to accept. 11039 // 11040 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 11041 // requires "h-" followed by from 8 to 32 lower-case letters or digits. 11042 // 11043 // HandshakeId is a required field 11044 HandshakeId *string `type:"string" required:"true"` 11045} 11046 11047// String returns the string representation 11048func (s AcceptHandshakeInput) String() string { 11049 return awsutil.Prettify(s) 11050} 11051 11052// GoString returns the string representation 11053func (s AcceptHandshakeInput) GoString() string { 11054 return s.String() 11055} 11056 11057// Validate inspects the fields of the type to determine if they are valid. 11058func (s *AcceptHandshakeInput) Validate() error { 11059 invalidParams := request.ErrInvalidParams{Context: "AcceptHandshakeInput"} 11060 if s.HandshakeId == nil { 11061 invalidParams.Add(request.NewErrParamRequired("HandshakeId")) 11062 } 11063 11064 if invalidParams.Len() > 0 { 11065 return invalidParams 11066 } 11067 return nil 11068} 11069 11070// SetHandshakeId sets the HandshakeId field's value. 11071func (s *AcceptHandshakeInput) SetHandshakeId(v string) *AcceptHandshakeInput { 11072 s.HandshakeId = &v 11073 return s 11074} 11075 11076type AcceptHandshakeOutput struct { 11077 _ struct{} `type:"structure"` 11078 11079 // A structure that contains details about the accepted handshake. 11080 Handshake *Handshake `type:"structure"` 11081} 11082 11083// String returns the string representation 11084func (s AcceptHandshakeOutput) String() string { 11085 return awsutil.Prettify(s) 11086} 11087 11088// GoString returns the string representation 11089func (s AcceptHandshakeOutput) GoString() string { 11090 return s.String() 11091} 11092 11093// SetHandshake sets the Handshake field's value. 11094func (s *AcceptHandshakeOutput) SetHandshake(v *Handshake) *AcceptHandshakeOutput { 11095 s.Handshake = v 11096 return s 11097} 11098 11099// Contains information about an AWS account that is a member of an organization. 11100type Account struct { 11101 _ struct{} `type:"structure"` 11102 11103 // The Amazon Resource Name (ARN) of the account. 11104 // 11105 // For more information about ARNs in Organizations, see ARN Formats Supported 11106 // by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) 11107 // in the AWS Organizations User Guide. 11108 Arn *string `type:"string"` 11109 11110 // The email address associated with the AWS account. 11111 // 11112 // The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is 11113 // a string of characters that represents a standard Internet email address. 11114 Email *string `min:"6" type:"string" sensitive:"true"` 11115 11116 // The unique identifier (ID) of the account. 11117 // 11118 // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string 11119 // requires exactly 12 digits. 11120 Id *string `type:"string"` 11121 11122 // The method by which the account joined the organization. 11123 JoinedMethod *string `type:"string" enum:"AccountJoinedMethod"` 11124 11125 // The date the account became a part of the organization. 11126 JoinedTimestamp *time.Time `type:"timestamp"` 11127 11128 // The friendly name of the account. 11129 // 11130 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 11131 // this parameter is a string of any of the characters in the ASCII character 11132 // range. 11133 Name *string `min:"1" type:"string" sensitive:"true"` 11134 11135 // The status of the account in the organization. 11136 Status *string `type:"string" enum:"AccountStatus"` 11137} 11138 11139// String returns the string representation 11140func (s Account) String() string { 11141 return awsutil.Prettify(s) 11142} 11143 11144// GoString returns the string representation 11145func (s Account) GoString() string { 11146 return s.String() 11147} 11148 11149// SetArn sets the Arn field's value. 11150func (s *Account) SetArn(v string) *Account { 11151 s.Arn = &v 11152 return s 11153} 11154 11155// SetEmail sets the Email field's value. 11156func (s *Account) SetEmail(v string) *Account { 11157 s.Email = &v 11158 return s 11159} 11160 11161// SetId sets the Id field's value. 11162func (s *Account) SetId(v string) *Account { 11163 s.Id = &v 11164 return s 11165} 11166 11167// SetJoinedMethod sets the JoinedMethod field's value. 11168func (s *Account) SetJoinedMethod(v string) *Account { 11169 s.JoinedMethod = &v 11170 return s 11171} 11172 11173// SetJoinedTimestamp sets the JoinedTimestamp field's value. 11174func (s *Account) SetJoinedTimestamp(v time.Time) *Account { 11175 s.JoinedTimestamp = &v 11176 return s 11177} 11178 11179// SetName sets the Name field's value. 11180func (s *Account) SetName(v string) *Account { 11181 s.Name = &v 11182 return s 11183} 11184 11185// SetStatus sets the Status field's value. 11186func (s *Account) SetStatus(v string) *Account { 11187 s.Status = &v 11188 return s 11189} 11190 11191type AttachPolicyInput struct { 11192 _ struct{} `type:"structure"` 11193 11194 // The unique identifier (ID) of the policy that you want to attach to the target. 11195 // You can get the ID for the policy by calling the ListPolicies operation. 11196 // 11197 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 11198 // requires "p-" followed by from 8 to 128 lower-case letters or digits. 11199 // 11200 // PolicyId is a required field 11201 PolicyId *string `type:"string" required:"true"` 11202 11203 // The unique identifier (ID) of the root, OU, or account that you want to attach 11204 // the policy to. You can get the ID by calling the ListRoots, ListOrganizationalUnitsForParent, 11205 // or ListAccounts operations. 11206 // 11207 // The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string 11208 // requires one of the following: 11209 // 11210 // * Root - A string that begins with "r-" followed by from 4 to 32 lower-case 11211 // letters or digits. 11212 // 11213 // * Account - A string that consists of exactly 12 digits. 11214 // 11215 // * Organizational unit (OU) - A string that begins with "ou-" followed 11216 // by from 4 to 32 lower-case letters or digits (the ID of the root that 11217 // the OU is in) followed by a second "-" dash and from 8 to 32 additional 11218 // lower-case letters or digits. 11219 // 11220 // TargetId is a required field 11221 TargetId *string `type:"string" required:"true"` 11222} 11223 11224// String returns the string representation 11225func (s AttachPolicyInput) String() string { 11226 return awsutil.Prettify(s) 11227} 11228 11229// GoString returns the string representation 11230func (s AttachPolicyInput) GoString() string { 11231 return s.String() 11232} 11233 11234// Validate inspects the fields of the type to determine if they are valid. 11235func (s *AttachPolicyInput) Validate() error { 11236 invalidParams := request.ErrInvalidParams{Context: "AttachPolicyInput"} 11237 if s.PolicyId == nil { 11238 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 11239 } 11240 if s.TargetId == nil { 11241 invalidParams.Add(request.NewErrParamRequired("TargetId")) 11242 } 11243 11244 if invalidParams.Len() > 0 { 11245 return invalidParams 11246 } 11247 return nil 11248} 11249 11250// SetPolicyId sets the PolicyId field's value. 11251func (s *AttachPolicyInput) SetPolicyId(v string) *AttachPolicyInput { 11252 s.PolicyId = &v 11253 return s 11254} 11255 11256// SetTargetId sets the TargetId field's value. 11257func (s *AttachPolicyInput) SetTargetId(v string) *AttachPolicyInput { 11258 s.TargetId = &v 11259 return s 11260} 11261 11262type AttachPolicyOutput struct { 11263 _ struct{} `type:"structure"` 11264} 11265 11266// String returns the string representation 11267func (s AttachPolicyOutput) String() string { 11268 return awsutil.Prettify(s) 11269} 11270 11271// GoString returns the string representation 11272func (s AttachPolicyOutput) GoString() string { 11273 return s.String() 11274} 11275 11276type CancelHandshakeInput struct { 11277 _ struct{} `type:"structure"` 11278 11279 // The unique identifier (ID) of the handshake that you want to cancel. You 11280 // can get the ID from the ListHandshakesForOrganization operation. 11281 // 11282 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 11283 // requires "h-" followed by from 8 to 32 lower-case letters or digits. 11284 // 11285 // HandshakeId is a required field 11286 HandshakeId *string `type:"string" required:"true"` 11287} 11288 11289// String returns the string representation 11290func (s CancelHandshakeInput) String() string { 11291 return awsutil.Prettify(s) 11292} 11293 11294// GoString returns the string representation 11295func (s CancelHandshakeInput) GoString() string { 11296 return s.String() 11297} 11298 11299// Validate inspects the fields of the type to determine if they are valid. 11300func (s *CancelHandshakeInput) Validate() error { 11301 invalidParams := request.ErrInvalidParams{Context: "CancelHandshakeInput"} 11302 if s.HandshakeId == nil { 11303 invalidParams.Add(request.NewErrParamRequired("HandshakeId")) 11304 } 11305 11306 if invalidParams.Len() > 0 { 11307 return invalidParams 11308 } 11309 return nil 11310} 11311 11312// SetHandshakeId sets the HandshakeId field's value. 11313func (s *CancelHandshakeInput) SetHandshakeId(v string) *CancelHandshakeInput { 11314 s.HandshakeId = &v 11315 return s 11316} 11317 11318type CancelHandshakeOutput struct { 11319 _ struct{} `type:"structure"` 11320 11321 // A structure that contains details about the handshake that you canceled. 11322 Handshake *Handshake `type:"structure"` 11323} 11324 11325// String returns the string representation 11326func (s CancelHandshakeOutput) String() string { 11327 return awsutil.Prettify(s) 11328} 11329 11330// GoString returns the string representation 11331func (s CancelHandshakeOutput) GoString() string { 11332 return s.String() 11333} 11334 11335// SetHandshake sets the Handshake field's value. 11336func (s *CancelHandshakeOutput) SetHandshake(v *Handshake) *CancelHandshakeOutput { 11337 s.Handshake = v 11338 return s 11339} 11340 11341// Contains a list of child entities, either OUs or accounts. 11342type Child struct { 11343 _ struct{} `type:"structure"` 11344 11345 // The unique identifier (ID) of this child entity. 11346 // 11347 // The regex pattern (http://wikipedia.org/wiki/regex) for a child ID string 11348 // requires one of the following: 11349 // 11350 // * Account: a string that consists of exactly 12 digits. 11351 // 11352 // * Organizational unit (OU): a string that begins with "ou-" followed by 11353 // from 4 to 32 lower-case letters or digits (the ID of the root that contains 11354 // the OU) followed by a second "-" dash and from 8 to 32 additional lower-case 11355 // letters or digits. 11356 Id *string `type:"string"` 11357 11358 // The type of this child entity. 11359 Type *string `type:"string" enum:"ChildType"` 11360} 11361 11362// String returns the string representation 11363func (s Child) String() string { 11364 return awsutil.Prettify(s) 11365} 11366 11367// GoString returns the string representation 11368func (s Child) GoString() string { 11369 return s.String() 11370} 11371 11372// SetId sets the Id field's value. 11373func (s *Child) SetId(v string) *Child { 11374 s.Id = &v 11375 return s 11376} 11377 11378// SetType sets the Type field's value. 11379func (s *Child) SetType(v string) *Child { 11380 s.Type = &v 11381 return s 11382} 11383 11384type CreateAccountInput struct { 11385 _ struct{} `type:"structure"` 11386 11387 // The friendly name of the member account. 11388 // 11389 // AccountName is a required field 11390 AccountName *string `min:"1" type:"string" required:"true" sensitive:"true"` 11391 11392 // The email address of the owner to assign to the new member account. This 11393 // email address must not already be associated with another AWS account. You 11394 // must use a valid email address to complete account creation. You can't access 11395 // the root user of the account or remove an account that was created with an 11396 // invalid email address. 11397 // 11398 // Email is a required field 11399 Email *string `min:"6" type:"string" required:"true" sensitive:"true"` 11400 11401 // If set to ALLOW, the new account enables IAM users to access account billing 11402 // information if they have the required permissions. If set to DENY, only the 11403 // root user of the new account can access account billing information. For 11404 // more information, see Activating Access to the Billing and Cost Management 11405 // Console (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate) 11406 // in the AWS Billing and Cost Management User Guide. 11407 // 11408 // If you don't specify this parameter, the value defaults to ALLOW, and IAM 11409 // users and roles with the required permissions can access billing information 11410 // for the new account. 11411 IamUserAccessToBilling *string `type:"string" enum:"IAMUserAccessToBilling"` 11412 11413 // (Optional) 11414 // 11415 // The name of an IAM role that AWS Organizations automatically preconfigures 11416 // in the new member account. This role trusts the master account, allowing 11417 // users in the master account to assume the role, as permitted by the master 11418 // account administrator. The role has administrator permissions in the new 11419 // member account. 11420 // 11421 // If you don't specify this parameter, the role name defaults to OrganizationAccountAccessRole. 11422 // 11423 // For more information about how to use this role to access the member account, 11424 // see Accessing and Administering the Member Accounts in Your Organization 11425 // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role) 11426 // in the AWS Organizations User Guide, and steps 2 and 3 in Tutorial: Delegate 11427 // Access Across AWS Accounts Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html) 11428 // in the IAM User Guide. 11429 // 11430 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 11431 // this parameter is a string of characters that can consist of uppercase letters, 11432 // lowercase letters, digits with no spaces, and any of the following characters: 11433 // =,.@- 11434 RoleName *string `type:"string"` 11435} 11436 11437// String returns the string representation 11438func (s CreateAccountInput) String() string { 11439 return awsutil.Prettify(s) 11440} 11441 11442// GoString returns the string representation 11443func (s CreateAccountInput) GoString() string { 11444 return s.String() 11445} 11446 11447// Validate inspects the fields of the type to determine if they are valid. 11448func (s *CreateAccountInput) Validate() error { 11449 invalidParams := request.ErrInvalidParams{Context: "CreateAccountInput"} 11450 if s.AccountName == nil { 11451 invalidParams.Add(request.NewErrParamRequired("AccountName")) 11452 } 11453 if s.AccountName != nil && len(*s.AccountName) < 1 { 11454 invalidParams.Add(request.NewErrParamMinLen("AccountName", 1)) 11455 } 11456 if s.Email == nil { 11457 invalidParams.Add(request.NewErrParamRequired("Email")) 11458 } 11459 if s.Email != nil && len(*s.Email) < 6 { 11460 invalidParams.Add(request.NewErrParamMinLen("Email", 6)) 11461 } 11462 11463 if invalidParams.Len() > 0 { 11464 return invalidParams 11465 } 11466 return nil 11467} 11468 11469// SetAccountName sets the AccountName field's value. 11470func (s *CreateAccountInput) SetAccountName(v string) *CreateAccountInput { 11471 s.AccountName = &v 11472 return s 11473} 11474 11475// SetEmail sets the Email field's value. 11476func (s *CreateAccountInput) SetEmail(v string) *CreateAccountInput { 11477 s.Email = &v 11478 return s 11479} 11480 11481// SetIamUserAccessToBilling sets the IamUserAccessToBilling field's value. 11482func (s *CreateAccountInput) SetIamUserAccessToBilling(v string) *CreateAccountInput { 11483 s.IamUserAccessToBilling = &v 11484 return s 11485} 11486 11487// SetRoleName sets the RoleName field's value. 11488func (s *CreateAccountInput) SetRoleName(v string) *CreateAccountInput { 11489 s.RoleName = &v 11490 return s 11491} 11492 11493type CreateAccountOutput struct { 11494 _ struct{} `type:"structure"` 11495 11496 // A structure that contains details about the request to create an account. 11497 // This response structure might not be fully populated when you first receive 11498 // it because account creation is an asynchronous process. You can pass the 11499 // returned CreateAccountStatus ID as a parameter to DescribeCreateAccountStatus 11500 // to get status about the progress of the request at later times. You can also 11501 // check the AWS CloudTrail log for the CreateAccountResult event. For more 11502 // information, see Monitoring the Activity in Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_monitoring.html) 11503 // in the AWS Organizations User Guide. 11504 CreateAccountStatus *CreateAccountStatus `type:"structure"` 11505} 11506 11507// String returns the string representation 11508func (s CreateAccountOutput) String() string { 11509 return awsutil.Prettify(s) 11510} 11511 11512// GoString returns the string representation 11513func (s CreateAccountOutput) GoString() string { 11514 return s.String() 11515} 11516 11517// SetCreateAccountStatus sets the CreateAccountStatus field's value. 11518func (s *CreateAccountOutput) SetCreateAccountStatus(v *CreateAccountStatus) *CreateAccountOutput { 11519 s.CreateAccountStatus = v 11520 return s 11521} 11522 11523// Contains the status about a CreateAccount or CreateGovCloudAccount request 11524// to create an AWS account or an AWS GovCloud (US) account in an organization. 11525type CreateAccountStatus struct { 11526 _ struct{} `type:"structure"` 11527 11528 // If the account was created successfully, the unique identifier (ID) of the 11529 // new account. 11530 // 11531 // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string 11532 // requires exactly 12 digits. 11533 AccountId *string `type:"string"` 11534 11535 // The account name given to the account when it was created. 11536 AccountName *string `min:"1" type:"string" sensitive:"true"` 11537 11538 // The date and time that the account was created and the request completed. 11539 CompletedTimestamp *time.Time `type:"timestamp"` 11540 11541 // If the request failed, a description of the reason for the failure. 11542 // 11543 // * ACCOUNT_LIMIT_EXCEEDED: The account could not be created because you 11544 // have reached the limit on the number of accounts in your organization. 11545 // 11546 // * EMAIL_ALREADY_EXISTS: The account could not be created because another 11547 // AWS account with that email address already exists. 11548 // 11549 // * INVALID_ADDRESS: The account could not be created because the address 11550 // you provided is not valid. 11551 // 11552 // * INVALID_EMAIL: The account could not be created because the email address 11553 // you provided is not valid. 11554 // 11555 // * INTERNAL_FAILURE: The account could not be created because of an internal 11556 // failure. Try again later. If the problem persists, contact Customer Support. 11557 FailureReason *string `type:"string" enum:"CreateAccountFailureReason"` 11558 11559 // If the account was created successfully, the unique identifier (ID) of the 11560 // new account in the AWS GovCloud (US) Region. 11561 GovCloudAccountId *string `type:"string"` 11562 11563 // The unique identifier (ID) that references this request. You get this value 11564 // from the response of the initial CreateAccount request to create the account. 11565 // 11566 // The regex pattern (http://wikipedia.org/wiki/regex) for an create account 11567 // request ID string requires "car-" followed by from 8 to 32 lower-case letters 11568 // or digits. 11569 Id *string `type:"string"` 11570 11571 // The date and time that the request was made for the account creation. 11572 RequestedTimestamp *time.Time `type:"timestamp"` 11573 11574 // The status of the request. 11575 State *string `type:"string" enum:"CreateAccountState"` 11576} 11577 11578// String returns the string representation 11579func (s CreateAccountStatus) String() string { 11580 return awsutil.Prettify(s) 11581} 11582 11583// GoString returns the string representation 11584func (s CreateAccountStatus) GoString() string { 11585 return s.String() 11586} 11587 11588// SetAccountId sets the AccountId field's value. 11589func (s *CreateAccountStatus) SetAccountId(v string) *CreateAccountStatus { 11590 s.AccountId = &v 11591 return s 11592} 11593 11594// SetAccountName sets the AccountName field's value. 11595func (s *CreateAccountStatus) SetAccountName(v string) *CreateAccountStatus { 11596 s.AccountName = &v 11597 return s 11598} 11599 11600// SetCompletedTimestamp sets the CompletedTimestamp field's value. 11601func (s *CreateAccountStatus) SetCompletedTimestamp(v time.Time) *CreateAccountStatus { 11602 s.CompletedTimestamp = &v 11603 return s 11604} 11605 11606// SetFailureReason sets the FailureReason field's value. 11607func (s *CreateAccountStatus) SetFailureReason(v string) *CreateAccountStatus { 11608 s.FailureReason = &v 11609 return s 11610} 11611 11612// SetGovCloudAccountId sets the GovCloudAccountId field's value. 11613func (s *CreateAccountStatus) SetGovCloudAccountId(v string) *CreateAccountStatus { 11614 s.GovCloudAccountId = &v 11615 return s 11616} 11617 11618// SetId sets the Id field's value. 11619func (s *CreateAccountStatus) SetId(v string) *CreateAccountStatus { 11620 s.Id = &v 11621 return s 11622} 11623 11624// SetRequestedTimestamp sets the RequestedTimestamp field's value. 11625func (s *CreateAccountStatus) SetRequestedTimestamp(v time.Time) *CreateAccountStatus { 11626 s.RequestedTimestamp = &v 11627 return s 11628} 11629 11630// SetState sets the State field's value. 11631func (s *CreateAccountStatus) SetState(v string) *CreateAccountStatus { 11632 s.State = &v 11633 return s 11634} 11635 11636type CreateGovCloudAccountInput struct { 11637 _ struct{} `type:"structure"` 11638 11639 // The friendly name of the member account. 11640 // 11641 // AccountName is a required field 11642 AccountName *string `min:"1" type:"string" required:"true" sensitive:"true"` 11643 11644 // The email address of the owner to assign to the new member account in the 11645 // commercial Region. This email address must not already be associated with 11646 // another AWS account. You must use a valid email address to complete account 11647 // creation. You can't access the root user of the account or remove an account 11648 // that was created with an invalid email address. Like all request parameters 11649 // for CreateGovCloudAccount, the request for the email address for the AWS 11650 // GovCloud (US) account originates from the commercial Region, not from the 11651 // AWS GovCloud (US) Region. 11652 // 11653 // Email is a required field 11654 Email *string `min:"6" type:"string" required:"true" sensitive:"true"` 11655 11656 // If set to ALLOW, the new linked account in the commercial Region enables 11657 // IAM users to access account billing information if they have the required 11658 // permissions. If set to DENY, only the root user of the new account can access 11659 // account billing information. For more information, see Activating Access 11660 // to the Billing and Cost Management Console (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate) 11661 // in the AWS Billing and Cost Management User Guide. 11662 // 11663 // If you don't specify this parameter, the value defaults to ALLOW, and IAM 11664 // users and roles with the required permissions can access billing information 11665 // for the new account. 11666 IamUserAccessToBilling *string `type:"string" enum:"IAMUserAccessToBilling"` 11667 11668 // (Optional) 11669 // 11670 // The name of an IAM role that AWS Organizations automatically preconfigures 11671 // in the new member accounts in both the AWS GovCloud (US) Region and in the 11672 // commercial Region. This role trusts the master account, allowing users in 11673 // the master account to assume the role, as permitted by the master account 11674 // administrator. The role has administrator permissions in the new member account. 11675 // 11676 // If you don't specify this parameter, the role name defaults to OrganizationAccountAccessRole. 11677 // 11678 // For more information about how to use this role to access the member account, 11679 // see Accessing and Administering the Member Accounts in Your Organization 11680 // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role) 11681 // in the AWS Organizations User Guide and steps 2 and 3 in Tutorial: Delegate 11682 // Access Across AWS Accounts Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html) 11683 // in the IAM User Guide. 11684 // 11685 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 11686 // this parameter is a string of characters that can consist of uppercase letters, 11687 // lowercase letters, digits with no spaces, and any of the following characters: 11688 // =,.@- 11689 RoleName *string `type:"string"` 11690} 11691 11692// String returns the string representation 11693func (s CreateGovCloudAccountInput) String() string { 11694 return awsutil.Prettify(s) 11695} 11696 11697// GoString returns the string representation 11698func (s CreateGovCloudAccountInput) GoString() string { 11699 return s.String() 11700} 11701 11702// Validate inspects the fields of the type to determine if they are valid. 11703func (s *CreateGovCloudAccountInput) Validate() error { 11704 invalidParams := request.ErrInvalidParams{Context: "CreateGovCloudAccountInput"} 11705 if s.AccountName == nil { 11706 invalidParams.Add(request.NewErrParamRequired("AccountName")) 11707 } 11708 if s.AccountName != nil && len(*s.AccountName) < 1 { 11709 invalidParams.Add(request.NewErrParamMinLen("AccountName", 1)) 11710 } 11711 if s.Email == nil { 11712 invalidParams.Add(request.NewErrParamRequired("Email")) 11713 } 11714 if s.Email != nil && len(*s.Email) < 6 { 11715 invalidParams.Add(request.NewErrParamMinLen("Email", 6)) 11716 } 11717 11718 if invalidParams.Len() > 0 { 11719 return invalidParams 11720 } 11721 return nil 11722} 11723 11724// SetAccountName sets the AccountName field's value. 11725func (s *CreateGovCloudAccountInput) SetAccountName(v string) *CreateGovCloudAccountInput { 11726 s.AccountName = &v 11727 return s 11728} 11729 11730// SetEmail sets the Email field's value. 11731func (s *CreateGovCloudAccountInput) SetEmail(v string) *CreateGovCloudAccountInput { 11732 s.Email = &v 11733 return s 11734} 11735 11736// SetIamUserAccessToBilling sets the IamUserAccessToBilling field's value. 11737func (s *CreateGovCloudAccountInput) SetIamUserAccessToBilling(v string) *CreateGovCloudAccountInput { 11738 s.IamUserAccessToBilling = &v 11739 return s 11740} 11741 11742// SetRoleName sets the RoleName field's value. 11743func (s *CreateGovCloudAccountInput) SetRoleName(v string) *CreateGovCloudAccountInput { 11744 s.RoleName = &v 11745 return s 11746} 11747 11748type CreateGovCloudAccountOutput struct { 11749 _ struct{} `type:"structure"` 11750 11751 // Contains the status about a CreateAccount or CreateGovCloudAccount request 11752 // to create an AWS account or an AWS GovCloud (US) account in an organization. 11753 CreateAccountStatus *CreateAccountStatus `type:"structure"` 11754} 11755 11756// String returns the string representation 11757func (s CreateGovCloudAccountOutput) String() string { 11758 return awsutil.Prettify(s) 11759} 11760 11761// GoString returns the string representation 11762func (s CreateGovCloudAccountOutput) GoString() string { 11763 return s.String() 11764} 11765 11766// SetCreateAccountStatus sets the CreateAccountStatus field's value. 11767func (s *CreateGovCloudAccountOutput) SetCreateAccountStatus(v *CreateAccountStatus) *CreateGovCloudAccountOutput { 11768 s.CreateAccountStatus = v 11769 return s 11770} 11771 11772type CreateOrganizationInput struct { 11773 _ struct{} `type:"structure"` 11774 11775 // Specifies the feature set supported by the new organization. Each feature 11776 // set supports different levels of functionality. 11777 // 11778 // * CONSOLIDATED_BILLING: All member accounts have their bills consolidated 11779 // to and paid by the master account. For more information, see Consolidated 11780 // billing (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-cb-only) 11781 // in the AWS Organizations User Guide. The consolidated billing feature 11782 // subset isn't available for organizations in the AWS GovCloud (US) Region. 11783 // 11784 // * ALL: In addition to all the features supported by the consolidated billing 11785 // feature set, the master account can also apply any policy type to any 11786 // member account in the organization. For more information, see All features 11787 // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-all) 11788 // in the AWS Organizations User Guide. 11789 FeatureSet *string `type:"string" enum:"OrganizationFeatureSet"` 11790} 11791 11792// String returns the string representation 11793func (s CreateOrganizationInput) String() string { 11794 return awsutil.Prettify(s) 11795} 11796 11797// GoString returns the string representation 11798func (s CreateOrganizationInput) GoString() string { 11799 return s.String() 11800} 11801 11802// SetFeatureSet sets the FeatureSet field's value. 11803func (s *CreateOrganizationInput) SetFeatureSet(v string) *CreateOrganizationInput { 11804 s.FeatureSet = &v 11805 return s 11806} 11807 11808type CreateOrganizationOutput struct { 11809 _ struct{} `type:"structure"` 11810 11811 // A structure that contains details about the newly created organization. 11812 Organization *Organization `type:"structure"` 11813} 11814 11815// String returns the string representation 11816func (s CreateOrganizationOutput) String() string { 11817 return awsutil.Prettify(s) 11818} 11819 11820// GoString returns the string representation 11821func (s CreateOrganizationOutput) GoString() string { 11822 return s.String() 11823} 11824 11825// SetOrganization sets the Organization field's value. 11826func (s *CreateOrganizationOutput) SetOrganization(v *Organization) *CreateOrganizationOutput { 11827 s.Organization = v 11828 return s 11829} 11830 11831type CreateOrganizationalUnitInput struct { 11832 _ struct{} `type:"structure"` 11833 11834 // The friendly name to assign to the new OU. 11835 // 11836 // Name is a required field 11837 Name *string `min:"1" type:"string" required:"true"` 11838 11839 // The unique identifier (ID) of the parent root or OU that you want to create 11840 // the new OU in. 11841 // 11842 // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string 11843 // requires one of the following: 11844 // 11845 // * Root - A string that begins with "r-" followed by from 4 to 32 lower-case 11846 // letters or digits. 11847 // 11848 // * Organizational unit (OU) - A string that begins with "ou-" followed 11849 // by from 4 to 32 lower-case letters or digits (the ID of the root that 11850 // the OU is in) followed by a second "-" dash and from 8 to 32 additional 11851 // lower-case letters or digits. 11852 // 11853 // ParentId is a required field 11854 ParentId *string `type:"string" required:"true"` 11855} 11856 11857// String returns the string representation 11858func (s CreateOrganizationalUnitInput) String() string { 11859 return awsutil.Prettify(s) 11860} 11861 11862// GoString returns the string representation 11863func (s CreateOrganizationalUnitInput) GoString() string { 11864 return s.String() 11865} 11866 11867// Validate inspects the fields of the type to determine if they are valid. 11868func (s *CreateOrganizationalUnitInput) Validate() error { 11869 invalidParams := request.ErrInvalidParams{Context: "CreateOrganizationalUnitInput"} 11870 if s.Name == nil { 11871 invalidParams.Add(request.NewErrParamRequired("Name")) 11872 } 11873 if s.Name != nil && len(*s.Name) < 1 { 11874 invalidParams.Add(request.NewErrParamMinLen("Name", 1)) 11875 } 11876 if s.ParentId == nil { 11877 invalidParams.Add(request.NewErrParamRequired("ParentId")) 11878 } 11879 11880 if invalidParams.Len() > 0 { 11881 return invalidParams 11882 } 11883 return nil 11884} 11885 11886// SetName sets the Name field's value. 11887func (s *CreateOrganizationalUnitInput) SetName(v string) *CreateOrganizationalUnitInput { 11888 s.Name = &v 11889 return s 11890} 11891 11892// SetParentId sets the ParentId field's value. 11893func (s *CreateOrganizationalUnitInput) SetParentId(v string) *CreateOrganizationalUnitInput { 11894 s.ParentId = &v 11895 return s 11896} 11897 11898type CreateOrganizationalUnitOutput struct { 11899 _ struct{} `type:"structure"` 11900 11901 // A structure that contains details about the newly created OU. 11902 OrganizationalUnit *OrganizationalUnit `type:"structure"` 11903} 11904 11905// String returns the string representation 11906func (s CreateOrganizationalUnitOutput) String() string { 11907 return awsutil.Prettify(s) 11908} 11909 11910// GoString returns the string representation 11911func (s CreateOrganizationalUnitOutput) GoString() string { 11912 return s.String() 11913} 11914 11915// SetOrganizationalUnit sets the OrganizationalUnit field's value. 11916func (s *CreateOrganizationalUnitOutput) SetOrganizationalUnit(v *OrganizationalUnit) *CreateOrganizationalUnitOutput { 11917 s.OrganizationalUnit = v 11918 return s 11919} 11920 11921type CreatePolicyInput struct { 11922 _ struct{} `type:"structure"` 11923 11924 // The policy content to add to the new policy. For example, if you create a 11925 // service control policy (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html) 11926 // (SCP), this string must be JSON text that specifies the permissions that 11927 // admins in attached accounts can delegate to their users, groups, and roles. 11928 // For more information about the SCP syntax, see Service Control Policy Syntax 11929 // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html) 11930 // in the AWS Organizations User Guide. 11931 // 11932 // Content is a required field 11933 Content *string `min:"1" type:"string" required:"true"` 11934 11935 // An optional description to assign to the policy. 11936 // 11937 // Description is a required field 11938 Description *string `type:"string" required:"true"` 11939 11940 // The friendly name to assign to the policy. 11941 // 11942 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 11943 // this parameter is a string of any of the characters in the ASCII character 11944 // range. 11945 // 11946 // Name is a required field 11947 Name *string `min:"1" type:"string" required:"true"` 11948 11949 // The type of policy to create. 11950 // 11951 // In the current release, the only type of policy that you can create is a 11952 // service control policy (SCP). 11953 // 11954 // Type is a required field 11955 Type *string `type:"string" required:"true" enum:"PolicyType"` 11956} 11957 11958// String returns the string representation 11959func (s CreatePolicyInput) String() string { 11960 return awsutil.Prettify(s) 11961} 11962 11963// GoString returns the string representation 11964func (s CreatePolicyInput) GoString() string { 11965 return s.String() 11966} 11967 11968// Validate inspects the fields of the type to determine if they are valid. 11969func (s *CreatePolicyInput) Validate() error { 11970 invalidParams := request.ErrInvalidParams{Context: "CreatePolicyInput"} 11971 if s.Content == nil { 11972 invalidParams.Add(request.NewErrParamRequired("Content")) 11973 } 11974 if s.Content != nil && len(*s.Content) < 1 { 11975 invalidParams.Add(request.NewErrParamMinLen("Content", 1)) 11976 } 11977 if s.Description == nil { 11978 invalidParams.Add(request.NewErrParamRequired("Description")) 11979 } 11980 if s.Name == nil { 11981 invalidParams.Add(request.NewErrParamRequired("Name")) 11982 } 11983 if s.Name != nil && len(*s.Name) < 1 { 11984 invalidParams.Add(request.NewErrParamMinLen("Name", 1)) 11985 } 11986 if s.Type == nil { 11987 invalidParams.Add(request.NewErrParamRequired("Type")) 11988 } 11989 11990 if invalidParams.Len() > 0 { 11991 return invalidParams 11992 } 11993 return nil 11994} 11995 11996// SetContent sets the Content field's value. 11997func (s *CreatePolicyInput) SetContent(v string) *CreatePolicyInput { 11998 s.Content = &v 11999 return s 12000} 12001 12002// SetDescription sets the Description field's value. 12003func (s *CreatePolicyInput) SetDescription(v string) *CreatePolicyInput { 12004 s.Description = &v 12005 return s 12006} 12007 12008// SetName sets the Name field's value. 12009func (s *CreatePolicyInput) SetName(v string) *CreatePolicyInput { 12010 s.Name = &v 12011 return s 12012} 12013 12014// SetType sets the Type field's value. 12015func (s *CreatePolicyInput) SetType(v string) *CreatePolicyInput { 12016 s.Type = &v 12017 return s 12018} 12019 12020type CreatePolicyOutput struct { 12021 _ struct{} `type:"structure"` 12022 12023 // A structure that contains details about the newly created policy. 12024 Policy *Policy `type:"structure"` 12025} 12026 12027// String returns the string representation 12028func (s CreatePolicyOutput) String() string { 12029 return awsutil.Prettify(s) 12030} 12031 12032// GoString returns the string representation 12033func (s CreatePolicyOutput) GoString() string { 12034 return s.String() 12035} 12036 12037// SetPolicy sets the Policy field's value. 12038func (s *CreatePolicyOutput) SetPolicy(v *Policy) *CreatePolicyOutput { 12039 s.Policy = v 12040 return s 12041} 12042 12043type DeclineHandshakeInput struct { 12044 _ struct{} `type:"structure"` 12045 12046 // The unique identifier (ID) of the handshake that you want to decline. You 12047 // can get the ID from the ListHandshakesForAccount operation. 12048 // 12049 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 12050 // requires "h-" followed by from 8 to 32 lower-case letters or digits. 12051 // 12052 // HandshakeId is a required field 12053 HandshakeId *string `type:"string" required:"true"` 12054} 12055 12056// String returns the string representation 12057func (s DeclineHandshakeInput) String() string { 12058 return awsutil.Prettify(s) 12059} 12060 12061// GoString returns the string representation 12062func (s DeclineHandshakeInput) GoString() string { 12063 return s.String() 12064} 12065 12066// Validate inspects the fields of the type to determine if they are valid. 12067func (s *DeclineHandshakeInput) Validate() error { 12068 invalidParams := request.ErrInvalidParams{Context: "DeclineHandshakeInput"} 12069 if s.HandshakeId == nil { 12070 invalidParams.Add(request.NewErrParamRequired("HandshakeId")) 12071 } 12072 12073 if invalidParams.Len() > 0 { 12074 return invalidParams 12075 } 12076 return nil 12077} 12078 12079// SetHandshakeId sets the HandshakeId field's value. 12080func (s *DeclineHandshakeInput) SetHandshakeId(v string) *DeclineHandshakeInput { 12081 s.HandshakeId = &v 12082 return s 12083} 12084 12085type DeclineHandshakeOutput struct { 12086 _ struct{} `type:"structure"` 12087 12088 // A structure that contains details about the declined handshake. The state 12089 // is updated to show the value DECLINED. 12090 Handshake *Handshake `type:"structure"` 12091} 12092 12093// String returns the string representation 12094func (s DeclineHandshakeOutput) String() string { 12095 return awsutil.Prettify(s) 12096} 12097 12098// GoString returns the string representation 12099func (s DeclineHandshakeOutput) GoString() string { 12100 return s.String() 12101} 12102 12103// SetHandshake sets the Handshake field's value. 12104func (s *DeclineHandshakeOutput) SetHandshake(v *Handshake) *DeclineHandshakeOutput { 12105 s.Handshake = v 12106 return s 12107} 12108 12109type DeleteOrganizationInput struct { 12110 _ struct{} `type:"structure"` 12111} 12112 12113// String returns the string representation 12114func (s DeleteOrganizationInput) String() string { 12115 return awsutil.Prettify(s) 12116} 12117 12118// GoString returns the string representation 12119func (s DeleteOrganizationInput) GoString() string { 12120 return s.String() 12121} 12122 12123type DeleteOrganizationOutput struct { 12124 _ struct{} `type:"structure"` 12125} 12126 12127// String returns the string representation 12128func (s DeleteOrganizationOutput) String() string { 12129 return awsutil.Prettify(s) 12130} 12131 12132// GoString returns the string representation 12133func (s DeleteOrganizationOutput) GoString() string { 12134 return s.String() 12135} 12136 12137type DeleteOrganizationalUnitInput struct { 12138 _ struct{} `type:"structure"` 12139 12140 // The unique identifier (ID) of the organizational unit that you want to delete. 12141 // You can get the ID from the ListOrganizationalUnitsForParent operation. 12142 // 12143 // The regex pattern (http://wikipedia.org/wiki/regex) for an organizational 12144 // unit ID string requires "ou-" followed by from 4 to 32 lower-case letters 12145 // or digits (the ID of the root that contains the OU) followed by a second 12146 // "-" dash and from 8 to 32 additional lower-case letters or digits. 12147 // 12148 // OrganizationalUnitId is a required field 12149 OrganizationalUnitId *string `type:"string" required:"true"` 12150} 12151 12152// String returns the string representation 12153func (s DeleteOrganizationalUnitInput) String() string { 12154 return awsutil.Prettify(s) 12155} 12156 12157// GoString returns the string representation 12158func (s DeleteOrganizationalUnitInput) GoString() string { 12159 return s.String() 12160} 12161 12162// Validate inspects the fields of the type to determine if they are valid. 12163func (s *DeleteOrganizationalUnitInput) Validate() error { 12164 invalidParams := request.ErrInvalidParams{Context: "DeleteOrganizationalUnitInput"} 12165 if s.OrganizationalUnitId == nil { 12166 invalidParams.Add(request.NewErrParamRequired("OrganizationalUnitId")) 12167 } 12168 12169 if invalidParams.Len() > 0 { 12170 return invalidParams 12171 } 12172 return nil 12173} 12174 12175// SetOrganizationalUnitId sets the OrganizationalUnitId field's value. 12176func (s *DeleteOrganizationalUnitInput) SetOrganizationalUnitId(v string) *DeleteOrganizationalUnitInput { 12177 s.OrganizationalUnitId = &v 12178 return s 12179} 12180 12181type DeleteOrganizationalUnitOutput struct { 12182 _ struct{} `type:"structure"` 12183} 12184 12185// String returns the string representation 12186func (s DeleteOrganizationalUnitOutput) String() string { 12187 return awsutil.Prettify(s) 12188} 12189 12190// GoString returns the string representation 12191func (s DeleteOrganizationalUnitOutput) GoString() string { 12192 return s.String() 12193} 12194 12195type DeletePolicyInput struct { 12196 _ struct{} `type:"structure"` 12197 12198 // The unique identifier (ID) of the policy that you want to delete. You can 12199 // get the ID from the ListPolicies or ListPoliciesForTarget operations. 12200 // 12201 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 12202 // requires "p-" followed by from 8 to 128 lower-case letters or digits. 12203 // 12204 // PolicyId is a required field 12205 PolicyId *string `type:"string" required:"true"` 12206} 12207 12208// String returns the string representation 12209func (s DeletePolicyInput) String() string { 12210 return awsutil.Prettify(s) 12211} 12212 12213// GoString returns the string representation 12214func (s DeletePolicyInput) GoString() string { 12215 return s.String() 12216} 12217 12218// Validate inspects the fields of the type to determine if they are valid. 12219func (s *DeletePolicyInput) Validate() error { 12220 invalidParams := request.ErrInvalidParams{Context: "DeletePolicyInput"} 12221 if s.PolicyId == nil { 12222 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 12223 } 12224 12225 if invalidParams.Len() > 0 { 12226 return invalidParams 12227 } 12228 return nil 12229} 12230 12231// SetPolicyId sets the PolicyId field's value. 12232func (s *DeletePolicyInput) SetPolicyId(v string) *DeletePolicyInput { 12233 s.PolicyId = &v 12234 return s 12235} 12236 12237type DeletePolicyOutput struct { 12238 _ struct{} `type:"structure"` 12239} 12240 12241// String returns the string representation 12242func (s DeletePolicyOutput) String() string { 12243 return awsutil.Prettify(s) 12244} 12245 12246// GoString returns the string representation 12247func (s DeletePolicyOutput) GoString() string { 12248 return s.String() 12249} 12250 12251type DescribeAccountInput struct { 12252 _ struct{} `type:"structure"` 12253 12254 // The unique identifier (ID) of the AWS account that you want information about. 12255 // You can get the ID from the ListAccounts or ListAccountsForParent operations. 12256 // 12257 // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string 12258 // requires exactly 12 digits. 12259 // 12260 // AccountId is a required field 12261 AccountId *string `type:"string" required:"true"` 12262} 12263 12264// String returns the string representation 12265func (s DescribeAccountInput) String() string { 12266 return awsutil.Prettify(s) 12267} 12268 12269// GoString returns the string representation 12270func (s DescribeAccountInput) GoString() string { 12271 return s.String() 12272} 12273 12274// Validate inspects the fields of the type to determine if they are valid. 12275func (s *DescribeAccountInput) Validate() error { 12276 invalidParams := request.ErrInvalidParams{Context: "DescribeAccountInput"} 12277 if s.AccountId == nil { 12278 invalidParams.Add(request.NewErrParamRequired("AccountId")) 12279 } 12280 12281 if invalidParams.Len() > 0 { 12282 return invalidParams 12283 } 12284 return nil 12285} 12286 12287// SetAccountId sets the AccountId field's value. 12288func (s *DescribeAccountInput) SetAccountId(v string) *DescribeAccountInput { 12289 s.AccountId = &v 12290 return s 12291} 12292 12293type DescribeAccountOutput struct { 12294 _ struct{} `type:"structure"` 12295 12296 // A structure that contains information about the requested account. 12297 Account *Account `type:"structure"` 12298} 12299 12300// String returns the string representation 12301func (s DescribeAccountOutput) String() string { 12302 return awsutil.Prettify(s) 12303} 12304 12305// GoString returns the string representation 12306func (s DescribeAccountOutput) GoString() string { 12307 return s.String() 12308} 12309 12310// SetAccount sets the Account field's value. 12311func (s *DescribeAccountOutput) SetAccount(v *Account) *DescribeAccountOutput { 12312 s.Account = v 12313 return s 12314} 12315 12316type DescribeCreateAccountStatusInput struct { 12317 _ struct{} `type:"structure"` 12318 12319 // Specifies the operationId that uniquely identifies the request. You can get 12320 // the ID from the response to an earlier CreateAccount request, or from the 12321 // ListCreateAccountStatus operation. 12322 // 12323 // The regex pattern (http://wikipedia.org/wiki/regex) for a create account 12324 // request ID string requires "car-" followed by from 8 to 32 lower-case letters 12325 // or digits. 12326 // 12327 // CreateAccountRequestId is a required field 12328 CreateAccountRequestId *string `type:"string" required:"true"` 12329} 12330 12331// String returns the string representation 12332func (s DescribeCreateAccountStatusInput) String() string { 12333 return awsutil.Prettify(s) 12334} 12335 12336// GoString returns the string representation 12337func (s DescribeCreateAccountStatusInput) GoString() string { 12338 return s.String() 12339} 12340 12341// Validate inspects the fields of the type to determine if they are valid. 12342func (s *DescribeCreateAccountStatusInput) Validate() error { 12343 invalidParams := request.ErrInvalidParams{Context: "DescribeCreateAccountStatusInput"} 12344 if s.CreateAccountRequestId == nil { 12345 invalidParams.Add(request.NewErrParamRequired("CreateAccountRequestId")) 12346 } 12347 12348 if invalidParams.Len() > 0 { 12349 return invalidParams 12350 } 12351 return nil 12352} 12353 12354// SetCreateAccountRequestId sets the CreateAccountRequestId field's value. 12355func (s *DescribeCreateAccountStatusInput) SetCreateAccountRequestId(v string) *DescribeCreateAccountStatusInput { 12356 s.CreateAccountRequestId = &v 12357 return s 12358} 12359 12360type DescribeCreateAccountStatusOutput struct { 12361 _ struct{} `type:"structure"` 12362 12363 // A structure that contains the current status of an account creation request. 12364 CreateAccountStatus *CreateAccountStatus `type:"structure"` 12365} 12366 12367// String returns the string representation 12368func (s DescribeCreateAccountStatusOutput) String() string { 12369 return awsutil.Prettify(s) 12370} 12371 12372// GoString returns the string representation 12373func (s DescribeCreateAccountStatusOutput) GoString() string { 12374 return s.String() 12375} 12376 12377// SetCreateAccountStatus sets the CreateAccountStatus field's value. 12378func (s *DescribeCreateAccountStatusOutput) SetCreateAccountStatus(v *CreateAccountStatus) *DescribeCreateAccountStatusOutput { 12379 s.CreateAccountStatus = v 12380 return s 12381} 12382 12383type DescribeHandshakeInput struct { 12384 _ struct{} `type:"structure"` 12385 12386 // The unique identifier (ID) of the handshake that you want information about. 12387 // You can get the ID from the original call to InviteAccountToOrganization, 12388 // or from a call to ListHandshakesForAccount or ListHandshakesForOrganization. 12389 // 12390 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 12391 // requires "h-" followed by from 8 to 32 lower-case letters or digits. 12392 // 12393 // HandshakeId is a required field 12394 HandshakeId *string `type:"string" required:"true"` 12395} 12396 12397// String returns the string representation 12398func (s DescribeHandshakeInput) String() string { 12399 return awsutil.Prettify(s) 12400} 12401 12402// GoString returns the string representation 12403func (s DescribeHandshakeInput) GoString() string { 12404 return s.String() 12405} 12406 12407// Validate inspects the fields of the type to determine if they are valid. 12408func (s *DescribeHandshakeInput) Validate() error { 12409 invalidParams := request.ErrInvalidParams{Context: "DescribeHandshakeInput"} 12410 if s.HandshakeId == nil { 12411 invalidParams.Add(request.NewErrParamRequired("HandshakeId")) 12412 } 12413 12414 if invalidParams.Len() > 0 { 12415 return invalidParams 12416 } 12417 return nil 12418} 12419 12420// SetHandshakeId sets the HandshakeId field's value. 12421func (s *DescribeHandshakeInput) SetHandshakeId(v string) *DescribeHandshakeInput { 12422 s.HandshakeId = &v 12423 return s 12424} 12425 12426type DescribeHandshakeOutput struct { 12427 _ struct{} `type:"structure"` 12428 12429 // A structure that contains information about the specified handshake. 12430 Handshake *Handshake `type:"structure"` 12431} 12432 12433// String returns the string representation 12434func (s DescribeHandshakeOutput) String() string { 12435 return awsutil.Prettify(s) 12436} 12437 12438// GoString returns the string representation 12439func (s DescribeHandshakeOutput) GoString() string { 12440 return s.String() 12441} 12442 12443// SetHandshake sets the Handshake field's value. 12444func (s *DescribeHandshakeOutput) SetHandshake(v *Handshake) *DescribeHandshakeOutput { 12445 s.Handshake = v 12446 return s 12447} 12448 12449type DescribeOrganizationInput struct { 12450 _ struct{} `type:"structure"` 12451} 12452 12453// String returns the string representation 12454func (s DescribeOrganizationInput) String() string { 12455 return awsutil.Prettify(s) 12456} 12457 12458// GoString returns the string representation 12459func (s DescribeOrganizationInput) GoString() string { 12460 return s.String() 12461} 12462 12463type DescribeOrganizationOutput struct { 12464 _ struct{} `type:"structure"` 12465 12466 // A structure that contains information about the organization. 12467 Organization *Organization `type:"structure"` 12468} 12469 12470// String returns the string representation 12471func (s DescribeOrganizationOutput) String() string { 12472 return awsutil.Prettify(s) 12473} 12474 12475// GoString returns the string representation 12476func (s DescribeOrganizationOutput) GoString() string { 12477 return s.String() 12478} 12479 12480// SetOrganization sets the Organization field's value. 12481func (s *DescribeOrganizationOutput) SetOrganization(v *Organization) *DescribeOrganizationOutput { 12482 s.Organization = v 12483 return s 12484} 12485 12486type DescribeOrganizationalUnitInput struct { 12487 _ struct{} `type:"structure"` 12488 12489 // The unique identifier (ID) of the organizational unit that you want details 12490 // about. You can get the ID from the ListOrganizationalUnitsForParent operation. 12491 // 12492 // The regex pattern (http://wikipedia.org/wiki/regex) for an organizational 12493 // unit ID string requires "ou-" followed by from 4 to 32 lower-case letters 12494 // or digits (the ID of the root that contains the OU) followed by a second 12495 // "-" dash and from 8 to 32 additional lower-case letters or digits. 12496 // 12497 // OrganizationalUnitId is a required field 12498 OrganizationalUnitId *string `type:"string" required:"true"` 12499} 12500 12501// String returns the string representation 12502func (s DescribeOrganizationalUnitInput) String() string { 12503 return awsutil.Prettify(s) 12504} 12505 12506// GoString returns the string representation 12507func (s DescribeOrganizationalUnitInput) GoString() string { 12508 return s.String() 12509} 12510 12511// Validate inspects the fields of the type to determine if they are valid. 12512func (s *DescribeOrganizationalUnitInput) Validate() error { 12513 invalidParams := request.ErrInvalidParams{Context: "DescribeOrganizationalUnitInput"} 12514 if s.OrganizationalUnitId == nil { 12515 invalidParams.Add(request.NewErrParamRequired("OrganizationalUnitId")) 12516 } 12517 12518 if invalidParams.Len() > 0 { 12519 return invalidParams 12520 } 12521 return nil 12522} 12523 12524// SetOrganizationalUnitId sets the OrganizationalUnitId field's value. 12525func (s *DescribeOrganizationalUnitInput) SetOrganizationalUnitId(v string) *DescribeOrganizationalUnitInput { 12526 s.OrganizationalUnitId = &v 12527 return s 12528} 12529 12530type DescribeOrganizationalUnitOutput struct { 12531 _ struct{} `type:"structure"` 12532 12533 // A structure that contains details about the specified OU. 12534 OrganizationalUnit *OrganizationalUnit `type:"structure"` 12535} 12536 12537// String returns the string representation 12538func (s DescribeOrganizationalUnitOutput) String() string { 12539 return awsutil.Prettify(s) 12540} 12541 12542// GoString returns the string representation 12543func (s DescribeOrganizationalUnitOutput) GoString() string { 12544 return s.String() 12545} 12546 12547// SetOrganizationalUnit sets the OrganizationalUnit field's value. 12548func (s *DescribeOrganizationalUnitOutput) SetOrganizationalUnit(v *OrganizationalUnit) *DescribeOrganizationalUnitOutput { 12549 s.OrganizationalUnit = v 12550 return s 12551} 12552 12553type DescribePolicyInput struct { 12554 _ struct{} `type:"structure"` 12555 12556 // The unique identifier (ID) of the policy that you want details about. You 12557 // can get the ID from the ListPolicies or ListPoliciesForTarget operations. 12558 // 12559 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 12560 // requires "p-" followed by from 8 to 128 lower-case letters or digits. 12561 // 12562 // PolicyId is a required field 12563 PolicyId *string `type:"string" required:"true"` 12564} 12565 12566// String returns the string representation 12567func (s DescribePolicyInput) String() string { 12568 return awsutil.Prettify(s) 12569} 12570 12571// GoString returns the string representation 12572func (s DescribePolicyInput) GoString() string { 12573 return s.String() 12574} 12575 12576// Validate inspects the fields of the type to determine if they are valid. 12577func (s *DescribePolicyInput) Validate() error { 12578 invalidParams := request.ErrInvalidParams{Context: "DescribePolicyInput"} 12579 if s.PolicyId == nil { 12580 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 12581 } 12582 12583 if invalidParams.Len() > 0 { 12584 return invalidParams 12585 } 12586 return nil 12587} 12588 12589// SetPolicyId sets the PolicyId field's value. 12590func (s *DescribePolicyInput) SetPolicyId(v string) *DescribePolicyInput { 12591 s.PolicyId = &v 12592 return s 12593} 12594 12595type DescribePolicyOutput struct { 12596 _ struct{} `type:"structure"` 12597 12598 // A structure that contains details about the specified policy. 12599 Policy *Policy `type:"structure"` 12600} 12601 12602// String returns the string representation 12603func (s DescribePolicyOutput) String() string { 12604 return awsutil.Prettify(s) 12605} 12606 12607// GoString returns the string representation 12608func (s DescribePolicyOutput) GoString() string { 12609 return s.String() 12610} 12611 12612// SetPolicy sets the Policy field's value. 12613func (s *DescribePolicyOutput) SetPolicy(v *Policy) *DescribePolicyOutput { 12614 s.Policy = v 12615 return s 12616} 12617 12618type DetachPolicyInput struct { 12619 _ struct{} `type:"structure"` 12620 12621 // The unique identifier (ID) of the policy you want to detach. You can get 12622 // the ID from the ListPolicies or ListPoliciesForTarget operations. 12623 // 12624 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 12625 // requires "p-" followed by from 8 to 128 lower-case letters or digits. 12626 // 12627 // PolicyId is a required field 12628 PolicyId *string `type:"string" required:"true"` 12629 12630 // The unique identifier (ID) of the root, OU, or account that you want to detach 12631 // the policy from. You can get the ID from the ListRoots, ListOrganizationalUnitsForParent, 12632 // or ListAccounts operations. 12633 // 12634 // The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string 12635 // requires one of the following: 12636 // 12637 // * Root - A string that begins with "r-" followed by from 4 to 32 lower-case 12638 // letters or digits. 12639 // 12640 // * Account - A string that consists of exactly 12 digits. 12641 // 12642 // * Organizational unit (OU) - A string that begins with "ou-" followed 12643 // by from 4 to 32 lower-case letters or digits (the ID of the root that 12644 // the OU is in) followed by a second "-" dash and from 8 to 32 additional 12645 // lower-case letters or digits. 12646 // 12647 // TargetId is a required field 12648 TargetId *string `type:"string" required:"true"` 12649} 12650 12651// String returns the string representation 12652func (s DetachPolicyInput) String() string { 12653 return awsutil.Prettify(s) 12654} 12655 12656// GoString returns the string representation 12657func (s DetachPolicyInput) GoString() string { 12658 return s.String() 12659} 12660 12661// Validate inspects the fields of the type to determine if they are valid. 12662func (s *DetachPolicyInput) Validate() error { 12663 invalidParams := request.ErrInvalidParams{Context: "DetachPolicyInput"} 12664 if s.PolicyId == nil { 12665 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 12666 } 12667 if s.TargetId == nil { 12668 invalidParams.Add(request.NewErrParamRequired("TargetId")) 12669 } 12670 12671 if invalidParams.Len() > 0 { 12672 return invalidParams 12673 } 12674 return nil 12675} 12676 12677// SetPolicyId sets the PolicyId field's value. 12678func (s *DetachPolicyInput) SetPolicyId(v string) *DetachPolicyInput { 12679 s.PolicyId = &v 12680 return s 12681} 12682 12683// SetTargetId sets the TargetId field's value. 12684func (s *DetachPolicyInput) SetTargetId(v string) *DetachPolicyInput { 12685 s.TargetId = &v 12686 return s 12687} 12688 12689type DetachPolicyOutput struct { 12690 _ struct{} `type:"structure"` 12691} 12692 12693// String returns the string representation 12694func (s DetachPolicyOutput) String() string { 12695 return awsutil.Prettify(s) 12696} 12697 12698// GoString returns the string representation 12699func (s DetachPolicyOutput) GoString() string { 12700 return s.String() 12701} 12702 12703type DisableAWSServiceAccessInput struct { 12704 _ struct{} `type:"structure"` 12705 12706 // The service principal name of the AWS service for which you want to disable 12707 // integration with your organization. This is typically in the form of a URL, 12708 // such as service-abbreviation.amazonaws.com. 12709 // 12710 // ServicePrincipal is a required field 12711 ServicePrincipal *string `min:"1" type:"string" required:"true"` 12712} 12713 12714// String returns the string representation 12715func (s DisableAWSServiceAccessInput) String() string { 12716 return awsutil.Prettify(s) 12717} 12718 12719// GoString returns the string representation 12720func (s DisableAWSServiceAccessInput) GoString() string { 12721 return s.String() 12722} 12723 12724// Validate inspects the fields of the type to determine if they are valid. 12725func (s *DisableAWSServiceAccessInput) Validate() error { 12726 invalidParams := request.ErrInvalidParams{Context: "DisableAWSServiceAccessInput"} 12727 if s.ServicePrincipal == nil { 12728 invalidParams.Add(request.NewErrParamRequired("ServicePrincipal")) 12729 } 12730 if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 { 12731 invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1)) 12732 } 12733 12734 if invalidParams.Len() > 0 { 12735 return invalidParams 12736 } 12737 return nil 12738} 12739 12740// SetServicePrincipal sets the ServicePrincipal field's value. 12741func (s *DisableAWSServiceAccessInput) SetServicePrincipal(v string) *DisableAWSServiceAccessInput { 12742 s.ServicePrincipal = &v 12743 return s 12744} 12745 12746type DisableAWSServiceAccessOutput struct { 12747 _ struct{} `type:"structure"` 12748} 12749 12750// String returns the string representation 12751func (s DisableAWSServiceAccessOutput) String() string { 12752 return awsutil.Prettify(s) 12753} 12754 12755// GoString returns the string representation 12756func (s DisableAWSServiceAccessOutput) GoString() string { 12757 return s.String() 12758} 12759 12760type DisablePolicyTypeInput struct { 12761 _ struct{} `type:"structure"` 12762 12763 // The policy type that you want to disable in this root. 12764 // 12765 // PolicyType is a required field 12766 PolicyType *string `type:"string" required:"true" enum:"PolicyType"` 12767 12768 // The unique identifier (ID) of the root in which you want to disable a policy 12769 // type. You can get the ID from the ListRoots operation. 12770 // 12771 // The regex pattern (http://wikipedia.org/wiki/regex) for a root ID string 12772 // requires "r-" followed by from 4 to 32 lower-case letters or digits. 12773 // 12774 // RootId is a required field 12775 RootId *string `type:"string" required:"true"` 12776} 12777 12778// String returns the string representation 12779func (s DisablePolicyTypeInput) String() string { 12780 return awsutil.Prettify(s) 12781} 12782 12783// GoString returns the string representation 12784func (s DisablePolicyTypeInput) GoString() string { 12785 return s.String() 12786} 12787 12788// Validate inspects the fields of the type to determine if they are valid. 12789func (s *DisablePolicyTypeInput) Validate() error { 12790 invalidParams := request.ErrInvalidParams{Context: "DisablePolicyTypeInput"} 12791 if s.PolicyType == nil { 12792 invalidParams.Add(request.NewErrParamRequired("PolicyType")) 12793 } 12794 if s.RootId == nil { 12795 invalidParams.Add(request.NewErrParamRequired("RootId")) 12796 } 12797 12798 if invalidParams.Len() > 0 { 12799 return invalidParams 12800 } 12801 return nil 12802} 12803 12804// SetPolicyType sets the PolicyType field's value. 12805func (s *DisablePolicyTypeInput) SetPolicyType(v string) *DisablePolicyTypeInput { 12806 s.PolicyType = &v 12807 return s 12808} 12809 12810// SetRootId sets the RootId field's value. 12811func (s *DisablePolicyTypeInput) SetRootId(v string) *DisablePolicyTypeInput { 12812 s.RootId = &v 12813 return s 12814} 12815 12816type DisablePolicyTypeOutput struct { 12817 _ struct{} `type:"structure"` 12818 12819 // A structure that shows the root with the updated list of enabled policy types. 12820 Root *Root `type:"structure"` 12821} 12822 12823// String returns the string representation 12824func (s DisablePolicyTypeOutput) String() string { 12825 return awsutil.Prettify(s) 12826} 12827 12828// GoString returns the string representation 12829func (s DisablePolicyTypeOutput) GoString() string { 12830 return s.String() 12831} 12832 12833// SetRoot sets the Root field's value. 12834func (s *DisablePolicyTypeOutput) SetRoot(v *Root) *DisablePolicyTypeOutput { 12835 s.Root = v 12836 return s 12837} 12838 12839type EnableAWSServiceAccessInput struct { 12840 _ struct{} `type:"structure"` 12841 12842 // The service principal name of the AWS service for which you want to enable 12843 // integration with your organization. This is typically in the form of a URL, 12844 // such as service-abbreviation.amazonaws.com. 12845 // 12846 // ServicePrincipal is a required field 12847 ServicePrincipal *string `min:"1" type:"string" required:"true"` 12848} 12849 12850// String returns the string representation 12851func (s EnableAWSServiceAccessInput) String() string { 12852 return awsutil.Prettify(s) 12853} 12854 12855// GoString returns the string representation 12856func (s EnableAWSServiceAccessInput) GoString() string { 12857 return s.String() 12858} 12859 12860// Validate inspects the fields of the type to determine if they are valid. 12861func (s *EnableAWSServiceAccessInput) Validate() error { 12862 invalidParams := request.ErrInvalidParams{Context: "EnableAWSServiceAccessInput"} 12863 if s.ServicePrincipal == nil { 12864 invalidParams.Add(request.NewErrParamRequired("ServicePrincipal")) 12865 } 12866 if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 { 12867 invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1)) 12868 } 12869 12870 if invalidParams.Len() > 0 { 12871 return invalidParams 12872 } 12873 return nil 12874} 12875 12876// SetServicePrincipal sets the ServicePrincipal field's value. 12877func (s *EnableAWSServiceAccessInput) SetServicePrincipal(v string) *EnableAWSServiceAccessInput { 12878 s.ServicePrincipal = &v 12879 return s 12880} 12881 12882type EnableAWSServiceAccessOutput struct { 12883 _ struct{} `type:"structure"` 12884} 12885 12886// String returns the string representation 12887func (s EnableAWSServiceAccessOutput) String() string { 12888 return awsutil.Prettify(s) 12889} 12890 12891// GoString returns the string representation 12892func (s EnableAWSServiceAccessOutput) GoString() string { 12893 return s.String() 12894} 12895 12896type EnableAllFeaturesInput struct { 12897 _ struct{} `type:"structure"` 12898} 12899 12900// String returns the string representation 12901func (s EnableAllFeaturesInput) String() string { 12902 return awsutil.Prettify(s) 12903} 12904 12905// GoString returns the string representation 12906func (s EnableAllFeaturesInput) GoString() string { 12907 return s.String() 12908} 12909 12910type EnableAllFeaturesOutput struct { 12911 _ struct{} `type:"structure"` 12912 12913 // A structure that contains details about the handshake created to support 12914 // this request to enable all features in the organization. 12915 Handshake *Handshake `type:"structure"` 12916} 12917 12918// String returns the string representation 12919func (s EnableAllFeaturesOutput) String() string { 12920 return awsutil.Prettify(s) 12921} 12922 12923// GoString returns the string representation 12924func (s EnableAllFeaturesOutput) GoString() string { 12925 return s.String() 12926} 12927 12928// SetHandshake sets the Handshake field's value. 12929func (s *EnableAllFeaturesOutput) SetHandshake(v *Handshake) *EnableAllFeaturesOutput { 12930 s.Handshake = v 12931 return s 12932} 12933 12934type EnablePolicyTypeInput struct { 12935 _ struct{} `type:"structure"` 12936 12937 // The policy type that you want to enable. 12938 // 12939 // PolicyType is a required field 12940 PolicyType *string `type:"string" required:"true" enum:"PolicyType"` 12941 12942 // The unique identifier (ID) of the root in which you want to enable a policy 12943 // type. You can get the ID from the ListRoots operation. 12944 // 12945 // The regex pattern (http://wikipedia.org/wiki/regex) for a root ID string 12946 // requires "r-" followed by from 4 to 32 lower-case letters or digits. 12947 // 12948 // RootId is a required field 12949 RootId *string `type:"string" required:"true"` 12950} 12951 12952// String returns the string representation 12953func (s EnablePolicyTypeInput) String() string { 12954 return awsutil.Prettify(s) 12955} 12956 12957// GoString returns the string representation 12958func (s EnablePolicyTypeInput) GoString() string { 12959 return s.String() 12960} 12961 12962// Validate inspects the fields of the type to determine if they are valid. 12963func (s *EnablePolicyTypeInput) Validate() error { 12964 invalidParams := request.ErrInvalidParams{Context: "EnablePolicyTypeInput"} 12965 if s.PolicyType == nil { 12966 invalidParams.Add(request.NewErrParamRequired("PolicyType")) 12967 } 12968 if s.RootId == nil { 12969 invalidParams.Add(request.NewErrParamRequired("RootId")) 12970 } 12971 12972 if invalidParams.Len() > 0 { 12973 return invalidParams 12974 } 12975 return nil 12976} 12977 12978// SetPolicyType sets the PolicyType field's value. 12979func (s *EnablePolicyTypeInput) SetPolicyType(v string) *EnablePolicyTypeInput { 12980 s.PolicyType = &v 12981 return s 12982} 12983 12984// SetRootId sets the RootId field's value. 12985func (s *EnablePolicyTypeInput) SetRootId(v string) *EnablePolicyTypeInput { 12986 s.RootId = &v 12987 return s 12988} 12989 12990type EnablePolicyTypeOutput struct { 12991 _ struct{} `type:"structure"` 12992 12993 // A structure that shows the root with the updated list of enabled policy types. 12994 Root *Root `type:"structure"` 12995} 12996 12997// String returns the string representation 12998func (s EnablePolicyTypeOutput) String() string { 12999 return awsutil.Prettify(s) 13000} 13001 13002// GoString returns the string representation 13003func (s EnablePolicyTypeOutput) GoString() string { 13004 return s.String() 13005} 13006 13007// SetRoot sets the Root field's value. 13008func (s *EnablePolicyTypeOutput) SetRoot(v *Root) *EnablePolicyTypeOutput { 13009 s.Root = v 13010 return s 13011} 13012 13013// A structure that contains details of a service principal that is enabled 13014// to integrate with AWS Organizations. 13015type EnabledServicePrincipal struct { 13016 _ struct{} `type:"structure"` 13017 13018 // The date that the service principal was enabled for integration with AWS 13019 // Organizations. 13020 DateEnabled *time.Time `type:"timestamp"` 13021 13022 // The name of the service principal. This is typically in the form of a URL, 13023 // such as: servicename.amazonaws.com. 13024 ServicePrincipal *string `min:"1" type:"string"` 13025} 13026 13027// String returns the string representation 13028func (s EnabledServicePrincipal) String() string { 13029 return awsutil.Prettify(s) 13030} 13031 13032// GoString returns the string representation 13033func (s EnabledServicePrincipal) GoString() string { 13034 return s.String() 13035} 13036 13037// SetDateEnabled sets the DateEnabled field's value. 13038func (s *EnabledServicePrincipal) SetDateEnabled(v time.Time) *EnabledServicePrincipal { 13039 s.DateEnabled = &v 13040 return s 13041} 13042 13043// SetServicePrincipal sets the ServicePrincipal field's value. 13044func (s *EnabledServicePrincipal) SetServicePrincipal(v string) *EnabledServicePrincipal { 13045 s.ServicePrincipal = &v 13046 return s 13047} 13048 13049// Contains information that must be exchanged to securely establish a relationship 13050// between two accounts (an originator and a recipient). For example, when a 13051// master account (the originator) invites another account (the recipient) to 13052// join its organization, the two accounts exchange information as a series 13053// of handshake requests and responses. 13054// 13055// Note: Handshakes that are CANCELED, ACCEPTED, or DECLINED show up in lists 13056// for only 30 days after entering that state After that they are deleted. 13057type Handshake struct { 13058 _ struct{} `type:"structure"` 13059 13060 // The type of handshake, indicating what action occurs when the recipient accepts 13061 // the handshake. The following handshake types are supported: 13062 // 13063 // * INVITE: This type of handshake represents a request to join an organization. 13064 // It is always sent from the master account to only non-member accounts. 13065 // 13066 // * ENABLE_ALL_FEATURES: This type of handshake represents a request to 13067 // enable all features in an organization. It is always sent from the master 13068 // account to only invited member accounts. Created accounts do not receive 13069 // this because those accounts were created by the organization's master 13070 // account and approval is inferred. 13071 // 13072 // * APPROVE_ALL_FEATURES: This type of handshake is sent from the Organizations 13073 // service when all member accounts have approved the ENABLE_ALL_FEATURES 13074 // invitation. It is sent only to the master account and signals the master 13075 // that it can finalize the process to enable all features. 13076 Action *string `type:"string" enum:"ActionType"` 13077 13078 // The Amazon Resource Name (ARN) of a handshake. 13079 // 13080 // For more information about ARNs in Organizations, see ARN Formats Supported 13081 // by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) 13082 // in the AWS Organizations User Guide. 13083 Arn *string `type:"string"` 13084 13085 // The date and time that the handshake expires. If the recipient of the handshake 13086 // request fails to respond before the specified date and time, the handshake 13087 // becomes inactive and is no longer valid. 13088 ExpirationTimestamp *time.Time `type:"timestamp"` 13089 13090 // The unique identifier (ID) of a handshake. The originating account creates 13091 // the ID when it initiates the handshake. 13092 // 13093 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 13094 // requires "h-" followed by from 8 to 32 lower-case letters or digits. 13095 Id *string `type:"string"` 13096 13097 // Information about the two accounts that are participating in the handshake. 13098 Parties []*HandshakeParty `type:"list"` 13099 13100 // The date and time that the handshake request was made. 13101 RequestedTimestamp *time.Time `type:"timestamp"` 13102 13103 // Additional information that is needed to process the handshake. 13104 Resources []*HandshakeResource `type:"list"` 13105 13106 // The current state of the handshake. Use the state to trace the flow of the 13107 // handshake through the process from its creation to its acceptance. The meaning 13108 // of each of the valid values is as follows: 13109 // 13110 // * REQUESTED: This handshake was sent to multiple recipients (applicable 13111 // to only some handshake types) and not all recipients have responded yet. 13112 // The request stays in this state until all recipients respond. 13113 // 13114 // * OPEN: This handshake was sent to multiple recipients (applicable to 13115 // only some policy types) and all recipients have responded, allowing the 13116 // originator to complete the handshake action. 13117 // 13118 // * CANCELED: This handshake is no longer active because it was canceled 13119 // by the originating account. 13120 // 13121 // * ACCEPTED: This handshake is complete because it has been accepted by 13122 // the recipient. 13123 // 13124 // * DECLINED: This handshake is no longer active because it was declined 13125 // by the recipient account. 13126 // 13127 // * EXPIRED: This handshake is no longer active because the originator did 13128 // not receive a response of any kind from the recipient before the expiration 13129 // time (15 days). 13130 State *string `type:"string" enum:"HandshakeState"` 13131} 13132 13133// String returns the string representation 13134func (s Handshake) String() string { 13135 return awsutil.Prettify(s) 13136} 13137 13138// GoString returns the string representation 13139func (s Handshake) GoString() string { 13140 return s.String() 13141} 13142 13143// SetAction sets the Action field's value. 13144func (s *Handshake) SetAction(v string) *Handshake { 13145 s.Action = &v 13146 return s 13147} 13148 13149// SetArn sets the Arn field's value. 13150func (s *Handshake) SetArn(v string) *Handshake { 13151 s.Arn = &v 13152 return s 13153} 13154 13155// SetExpirationTimestamp sets the ExpirationTimestamp field's value. 13156func (s *Handshake) SetExpirationTimestamp(v time.Time) *Handshake { 13157 s.ExpirationTimestamp = &v 13158 return s 13159} 13160 13161// SetId sets the Id field's value. 13162func (s *Handshake) SetId(v string) *Handshake { 13163 s.Id = &v 13164 return s 13165} 13166 13167// SetParties sets the Parties field's value. 13168func (s *Handshake) SetParties(v []*HandshakeParty) *Handshake { 13169 s.Parties = v 13170 return s 13171} 13172 13173// SetRequestedTimestamp sets the RequestedTimestamp field's value. 13174func (s *Handshake) SetRequestedTimestamp(v time.Time) *Handshake { 13175 s.RequestedTimestamp = &v 13176 return s 13177} 13178 13179// SetResources sets the Resources field's value. 13180func (s *Handshake) SetResources(v []*HandshakeResource) *Handshake { 13181 s.Resources = v 13182 return s 13183} 13184 13185// SetState sets the State field's value. 13186func (s *Handshake) SetState(v string) *Handshake { 13187 s.State = &v 13188 return s 13189} 13190 13191// Specifies the criteria that are used to select the handshakes for the operation. 13192type HandshakeFilter struct { 13193 _ struct{} `type:"structure"` 13194 13195 // Specifies the type of handshake action. 13196 // 13197 // If you specify ActionType, you cannot also specify ParentHandshakeId. 13198 ActionType *string `type:"string" enum:"ActionType"` 13199 13200 // Specifies the parent handshake. Only used for handshake types that are a 13201 // child of another type. 13202 // 13203 // If you specify ParentHandshakeId, you cannot also specify ActionType. 13204 // 13205 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 13206 // requires "h-" followed by from 8 to 32 lower-case letters or digits. 13207 ParentHandshakeId *string `type:"string"` 13208} 13209 13210// String returns the string representation 13211func (s HandshakeFilter) String() string { 13212 return awsutil.Prettify(s) 13213} 13214 13215// GoString returns the string representation 13216func (s HandshakeFilter) GoString() string { 13217 return s.String() 13218} 13219 13220// SetActionType sets the ActionType field's value. 13221func (s *HandshakeFilter) SetActionType(v string) *HandshakeFilter { 13222 s.ActionType = &v 13223 return s 13224} 13225 13226// SetParentHandshakeId sets the ParentHandshakeId field's value. 13227func (s *HandshakeFilter) SetParentHandshakeId(v string) *HandshakeFilter { 13228 s.ParentHandshakeId = &v 13229 return s 13230} 13231 13232// Identifies a participant in a handshake. 13233type HandshakeParty struct { 13234 _ struct{} `type:"structure"` 13235 13236 // The unique identifier (ID) for the party. 13237 // 13238 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 13239 // requires "h-" followed by from 8 to 32 lower-case letters or digits. 13240 // 13241 // Id is a required field 13242 Id *string `min:"1" type:"string" required:"true" sensitive:"true"` 13243 13244 // The type of party. 13245 // 13246 // Type is a required field 13247 Type *string `type:"string" required:"true" enum:"HandshakePartyType"` 13248} 13249 13250// String returns the string representation 13251func (s HandshakeParty) String() string { 13252 return awsutil.Prettify(s) 13253} 13254 13255// GoString returns the string representation 13256func (s HandshakeParty) GoString() string { 13257 return s.String() 13258} 13259 13260// Validate inspects the fields of the type to determine if they are valid. 13261func (s *HandshakeParty) Validate() error { 13262 invalidParams := request.ErrInvalidParams{Context: "HandshakeParty"} 13263 if s.Id == nil { 13264 invalidParams.Add(request.NewErrParamRequired("Id")) 13265 } 13266 if s.Id != nil && len(*s.Id) < 1 { 13267 invalidParams.Add(request.NewErrParamMinLen("Id", 1)) 13268 } 13269 if s.Type == nil { 13270 invalidParams.Add(request.NewErrParamRequired("Type")) 13271 } 13272 13273 if invalidParams.Len() > 0 { 13274 return invalidParams 13275 } 13276 return nil 13277} 13278 13279// SetId sets the Id field's value. 13280func (s *HandshakeParty) SetId(v string) *HandshakeParty { 13281 s.Id = &v 13282 return s 13283} 13284 13285// SetType sets the Type field's value. 13286func (s *HandshakeParty) SetType(v string) *HandshakeParty { 13287 s.Type = &v 13288 return s 13289} 13290 13291// Contains additional data that is needed to process a handshake. 13292type HandshakeResource struct { 13293 _ struct{} `type:"structure"` 13294 13295 // When needed, contains an additional array of HandshakeResource objects. 13296 Resources []*HandshakeResource `type:"list"` 13297 13298 // The type of information being passed, specifying how the value is to be interpreted 13299 // by the other party: 13300 // 13301 // * ACCOUNT - Specifies an AWS account ID number. 13302 // 13303 // * ORGANIZATION - Specifies an organization ID number. 13304 // 13305 // * EMAIL - Specifies the email address that is associated with the account 13306 // that receives the handshake. 13307 // 13308 // * OWNER_EMAIL - Specifies the email address associated with the master 13309 // account. Included as information about an organization. 13310 // 13311 // * OWNER_NAME - Specifies the name associated with the master account. 13312 // Included as information about an organization. 13313 // 13314 // * NOTES - Additional text provided by the handshake initiator and intended 13315 // for the recipient to read. 13316 Type *string `type:"string" enum:"HandshakeResourceType"` 13317 13318 // The information that is passed to the other party in the handshake. The format 13319 // of the value string must match the requirements of the specified type. 13320 Value *string `type:"string" sensitive:"true"` 13321} 13322 13323// String returns the string representation 13324func (s HandshakeResource) String() string { 13325 return awsutil.Prettify(s) 13326} 13327 13328// GoString returns the string representation 13329func (s HandshakeResource) GoString() string { 13330 return s.String() 13331} 13332 13333// SetResources sets the Resources field's value. 13334func (s *HandshakeResource) SetResources(v []*HandshakeResource) *HandshakeResource { 13335 s.Resources = v 13336 return s 13337} 13338 13339// SetType sets the Type field's value. 13340func (s *HandshakeResource) SetType(v string) *HandshakeResource { 13341 s.Type = &v 13342 return s 13343} 13344 13345// SetValue sets the Value field's value. 13346func (s *HandshakeResource) SetValue(v string) *HandshakeResource { 13347 s.Value = &v 13348 return s 13349} 13350 13351type InviteAccountToOrganizationInput struct { 13352 _ struct{} `type:"structure"` 13353 13354 // Additional information that you want to include in the generated email to 13355 // the recipient account owner. 13356 Notes *string `type:"string" sensitive:"true"` 13357 13358 // The identifier (ID) of the AWS account that you want to invite to join your 13359 // organization. This is a JSON object that contains the following elements: 13360 // 13361 // { "Type": "ACCOUNT", "Id": "< account id number >" } 13362 // 13363 // If you use the AWS CLI, you can submit this as a single string, similar to 13364 // the following example: 13365 // 13366 // --target Id=123456789012,Type=ACCOUNT 13367 // 13368 // If you specify "Type": "ACCOUNT", you must provide the AWS account ID number 13369 // as the Id. If you specify "Type": "EMAIL", you must specify the email address 13370 // that is associated with the account. 13371 // 13372 // --target Id=diego@example.com,Type=EMAIL 13373 // 13374 // Target is a required field 13375 Target *HandshakeParty `type:"structure" required:"true"` 13376} 13377 13378// String returns the string representation 13379func (s InviteAccountToOrganizationInput) String() string { 13380 return awsutil.Prettify(s) 13381} 13382 13383// GoString returns the string representation 13384func (s InviteAccountToOrganizationInput) GoString() string { 13385 return s.String() 13386} 13387 13388// Validate inspects the fields of the type to determine if they are valid. 13389func (s *InviteAccountToOrganizationInput) Validate() error { 13390 invalidParams := request.ErrInvalidParams{Context: "InviteAccountToOrganizationInput"} 13391 if s.Target == nil { 13392 invalidParams.Add(request.NewErrParamRequired("Target")) 13393 } 13394 if s.Target != nil { 13395 if err := s.Target.Validate(); err != nil { 13396 invalidParams.AddNested("Target", err.(request.ErrInvalidParams)) 13397 } 13398 } 13399 13400 if invalidParams.Len() > 0 { 13401 return invalidParams 13402 } 13403 return nil 13404} 13405 13406// SetNotes sets the Notes field's value. 13407func (s *InviteAccountToOrganizationInput) SetNotes(v string) *InviteAccountToOrganizationInput { 13408 s.Notes = &v 13409 return s 13410} 13411 13412// SetTarget sets the Target field's value. 13413func (s *InviteAccountToOrganizationInput) SetTarget(v *HandshakeParty) *InviteAccountToOrganizationInput { 13414 s.Target = v 13415 return s 13416} 13417 13418type InviteAccountToOrganizationOutput struct { 13419 _ struct{} `type:"structure"` 13420 13421 // A structure that contains details about the handshake that is created to 13422 // support this invitation request. 13423 Handshake *Handshake `type:"structure"` 13424} 13425 13426// String returns the string representation 13427func (s InviteAccountToOrganizationOutput) String() string { 13428 return awsutil.Prettify(s) 13429} 13430 13431// GoString returns the string representation 13432func (s InviteAccountToOrganizationOutput) GoString() string { 13433 return s.String() 13434} 13435 13436// SetHandshake sets the Handshake field's value. 13437func (s *InviteAccountToOrganizationOutput) SetHandshake(v *Handshake) *InviteAccountToOrganizationOutput { 13438 s.Handshake = v 13439 return s 13440} 13441 13442type LeaveOrganizationInput struct { 13443 _ struct{} `type:"structure"` 13444} 13445 13446// String returns the string representation 13447func (s LeaveOrganizationInput) String() string { 13448 return awsutil.Prettify(s) 13449} 13450 13451// GoString returns the string representation 13452func (s LeaveOrganizationInput) GoString() string { 13453 return s.String() 13454} 13455 13456type LeaveOrganizationOutput struct { 13457 _ struct{} `type:"structure"` 13458} 13459 13460// String returns the string representation 13461func (s LeaveOrganizationOutput) String() string { 13462 return awsutil.Prettify(s) 13463} 13464 13465// GoString returns the string representation 13466func (s LeaveOrganizationOutput) GoString() string { 13467 return s.String() 13468} 13469 13470type ListAWSServiceAccessForOrganizationInput struct { 13471 _ struct{} `type:"structure"` 13472 13473 // (Optional) Use this to limit the number of results you want included per 13474 // page in the response. If you do not include this parameter, it defaults to 13475 // a value that is specific to the operation. If additional items exist beyond 13476 // the maximum you specify, the NextToken response element is present and has 13477 // a value (is not null). Include that value as the NextToken request parameter 13478 // in the next call to the operation to get the next part of the results. Note 13479 // that Organizations might return fewer results than the maximum even when 13480 // there are more results available. You should check NextToken after every 13481 // operation to ensure that you receive all of the results. 13482 MaxResults *int64 `min:"1" type:"integer"` 13483 13484 // Use this parameter if you receive a NextToken response in a previous request 13485 // that indicates that there is more output available. Set it to the value of 13486 // the previous call's NextToken response to indicate where the output should 13487 // continue from. 13488 NextToken *string `type:"string"` 13489} 13490 13491// String returns the string representation 13492func (s ListAWSServiceAccessForOrganizationInput) String() string { 13493 return awsutil.Prettify(s) 13494} 13495 13496// GoString returns the string representation 13497func (s ListAWSServiceAccessForOrganizationInput) GoString() string { 13498 return s.String() 13499} 13500 13501// Validate inspects the fields of the type to determine if they are valid. 13502func (s *ListAWSServiceAccessForOrganizationInput) Validate() error { 13503 invalidParams := request.ErrInvalidParams{Context: "ListAWSServiceAccessForOrganizationInput"} 13504 if s.MaxResults != nil && *s.MaxResults < 1 { 13505 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 13506 } 13507 13508 if invalidParams.Len() > 0 { 13509 return invalidParams 13510 } 13511 return nil 13512} 13513 13514// SetMaxResults sets the MaxResults field's value. 13515func (s *ListAWSServiceAccessForOrganizationInput) SetMaxResults(v int64) *ListAWSServiceAccessForOrganizationInput { 13516 s.MaxResults = &v 13517 return s 13518} 13519 13520// SetNextToken sets the NextToken field's value. 13521func (s *ListAWSServiceAccessForOrganizationInput) SetNextToken(v string) *ListAWSServiceAccessForOrganizationInput { 13522 s.NextToken = &v 13523 return s 13524} 13525 13526type ListAWSServiceAccessForOrganizationOutput struct { 13527 _ struct{} `type:"structure"` 13528 13529 // A list of the service principals for the services that are enabled to integrate 13530 // with your organization. Each principal is a structure that includes the name 13531 // and the date that it was enabled for integration with AWS Organizations. 13532 EnabledServicePrincipals []*EnabledServicePrincipal `type:"list"` 13533 13534 // If present, this value indicates that there is more output available than 13535 // is included in the current response. Use this value in the NextToken request 13536 // parameter in a subsequent call to the operation to get the next part of the 13537 // output. You should repeat this until the NextToken response element comes 13538 // back as null. 13539 NextToken *string `type:"string"` 13540} 13541 13542// String returns the string representation 13543func (s ListAWSServiceAccessForOrganizationOutput) String() string { 13544 return awsutil.Prettify(s) 13545} 13546 13547// GoString returns the string representation 13548func (s ListAWSServiceAccessForOrganizationOutput) GoString() string { 13549 return s.String() 13550} 13551 13552// SetEnabledServicePrincipals sets the EnabledServicePrincipals field's value. 13553func (s *ListAWSServiceAccessForOrganizationOutput) SetEnabledServicePrincipals(v []*EnabledServicePrincipal) *ListAWSServiceAccessForOrganizationOutput { 13554 s.EnabledServicePrincipals = v 13555 return s 13556} 13557 13558// SetNextToken sets the NextToken field's value. 13559func (s *ListAWSServiceAccessForOrganizationOutput) SetNextToken(v string) *ListAWSServiceAccessForOrganizationOutput { 13560 s.NextToken = &v 13561 return s 13562} 13563 13564type ListAccountsForParentInput struct { 13565 _ struct{} `type:"structure"` 13566 13567 // (Optional) Use this to limit the number of results you want included per 13568 // page in the response. If you do not include this parameter, it defaults to 13569 // a value that is specific to the operation. If additional items exist beyond 13570 // the maximum you specify, the NextToken response element is present and has 13571 // a value (is not null). Include that value as the NextToken request parameter 13572 // in the next call to the operation to get the next part of the results. Note 13573 // that Organizations might return fewer results than the maximum even when 13574 // there are more results available. You should check NextToken after every 13575 // operation to ensure that you receive all of the results. 13576 MaxResults *int64 `min:"1" type:"integer"` 13577 13578 // Use this parameter if you receive a NextToken response in a previous request 13579 // that indicates that there is more output available. Set it to the value of 13580 // the previous call's NextToken response to indicate where the output should 13581 // continue from. 13582 NextToken *string `type:"string"` 13583 13584 // The unique identifier (ID) for the parent root or organization unit (OU) 13585 // whose accounts you want to list. 13586 // 13587 // ParentId is a required field 13588 ParentId *string `type:"string" required:"true"` 13589} 13590 13591// String returns the string representation 13592func (s ListAccountsForParentInput) String() string { 13593 return awsutil.Prettify(s) 13594} 13595 13596// GoString returns the string representation 13597func (s ListAccountsForParentInput) GoString() string { 13598 return s.String() 13599} 13600 13601// Validate inspects the fields of the type to determine if they are valid. 13602func (s *ListAccountsForParentInput) Validate() error { 13603 invalidParams := request.ErrInvalidParams{Context: "ListAccountsForParentInput"} 13604 if s.MaxResults != nil && *s.MaxResults < 1 { 13605 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 13606 } 13607 if s.ParentId == nil { 13608 invalidParams.Add(request.NewErrParamRequired("ParentId")) 13609 } 13610 13611 if invalidParams.Len() > 0 { 13612 return invalidParams 13613 } 13614 return nil 13615} 13616 13617// SetMaxResults sets the MaxResults field's value. 13618func (s *ListAccountsForParentInput) SetMaxResults(v int64) *ListAccountsForParentInput { 13619 s.MaxResults = &v 13620 return s 13621} 13622 13623// SetNextToken sets the NextToken field's value. 13624func (s *ListAccountsForParentInput) SetNextToken(v string) *ListAccountsForParentInput { 13625 s.NextToken = &v 13626 return s 13627} 13628 13629// SetParentId sets the ParentId field's value. 13630func (s *ListAccountsForParentInput) SetParentId(v string) *ListAccountsForParentInput { 13631 s.ParentId = &v 13632 return s 13633} 13634 13635type ListAccountsForParentOutput struct { 13636 _ struct{} `type:"structure"` 13637 13638 // A list of the accounts in the specified root or OU. 13639 Accounts []*Account `type:"list"` 13640 13641 // If present, this value indicates that there is more output available than 13642 // is included in the current response. Use this value in the NextToken request 13643 // parameter in a subsequent call to the operation to get the next part of the 13644 // output. You should repeat this until the NextToken response element comes 13645 // back as null. 13646 NextToken *string `type:"string"` 13647} 13648 13649// String returns the string representation 13650func (s ListAccountsForParentOutput) String() string { 13651 return awsutil.Prettify(s) 13652} 13653 13654// GoString returns the string representation 13655func (s ListAccountsForParentOutput) GoString() string { 13656 return s.String() 13657} 13658 13659// SetAccounts sets the Accounts field's value. 13660func (s *ListAccountsForParentOutput) SetAccounts(v []*Account) *ListAccountsForParentOutput { 13661 s.Accounts = v 13662 return s 13663} 13664 13665// SetNextToken sets the NextToken field's value. 13666func (s *ListAccountsForParentOutput) SetNextToken(v string) *ListAccountsForParentOutput { 13667 s.NextToken = &v 13668 return s 13669} 13670 13671type ListAccountsInput struct { 13672 _ struct{} `type:"structure"` 13673 13674 // (Optional) Use this to limit the number of results you want included per 13675 // page in the response. If you do not include this parameter, it defaults to 13676 // a value that is specific to the operation. If additional items exist beyond 13677 // the maximum you specify, the NextToken response element is present and has 13678 // a value (is not null). Include that value as the NextToken request parameter 13679 // in the next call to the operation to get the next part of the results. Note 13680 // that Organizations might return fewer results than the maximum even when 13681 // there are more results available. You should check NextToken after every 13682 // operation to ensure that you receive all of the results. 13683 MaxResults *int64 `min:"1" type:"integer"` 13684 13685 // Use this parameter if you receive a NextToken response in a previous request 13686 // that indicates that there is more output available. Set it to the value of 13687 // the previous call's NextToken response to indicate where the output should 13688 // continue from. 13689 NextToken *string `type:"string"` 13690} 13691 13692// String returns the string representation 13693func (s ListAccountsInput) String() string { 13694 return awsutil.Prettify(s) 13695} 13696 13697// GoString returns the string representation 13698func (s ListAccountsInput) GoString() string { 13699 return s.String() 13700} 13701 13702// Validate inspects the fields of the type to determine if they are valid. 13703func (s *ListAccountsInput) Validate() error { 13704 invalidParams := request.ErrInvalidParams{Context: "ListAccountsInput"} 13705 if s.MaxResults != nil && *s.MaxResults < 1 { 13706 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 13707 } 13708 13709 if invalidParams.Len() > 0 { 13710 return invalidParams 13711 } 13712 return nil 13713} 13714 13715// SetMaxResults sets the MaxResults field's value. 13716func (s *ListAccountsInput) SetMaxResults(v int64) *ListAccountsInput { 13717 s.MaxResults = &v 13718 return s 13719} 13720 13721// SetNextToken sets the NextToken field's value. 13722func (s *ListAccountsInput) SetNextToken(v string) *ListAccountsInput { 13723 s.NextToken = &v 13724 return s 13725} 13726 13727type ListAccountsOutput struct { 13728 _ struct{} `type:"structure"` 13729 13730 // A list of objects in the organization. 13731 Accounts []*Account `type:"list"` 13732 13733 // If present, this value indicates that there is more output available than 13734 // is included in the current response. Use this value in the NextToken request 13735 // parameter in a subsequent call to the operation to get the next part of the 13736 // output. You should repeat this until the NextToken response element comes 13737 // back as null. 13738 NextToken *string `type:"string"` 13739} 13740 13741// String returns the string representation 13742func (s ListAccountsOutput) String() string { 13743 return awsutil.Prettify(s) 13744} 13745 13746// GoString returns the string representation 13747func (s ListAccountsOutput) GoString() string { 13748 return s.String() 13749} 13750 13751// SetAccounts sets the Accounts field's value. 13752func (s *ListAccountsOutput) SetAccounts(v []*Account) *ListAccountsOutput { 13753 s.Accounts = v 13754 return s 13755} 13756 13757// SetNextToken sets the NextToken field's value. 13758func (s *ListAccountsOutput) SetNextToken(v string) *ListAccountsOutput { 13759 s.NextToken = &v 13760 return s 13761} 13762 13763type ListChildrenInput struct { 13764 _ struct{} `type:"structure"` 13765 13766 // Filters the output to include only the specified child type. 13767 // 13768 // ChildType is a required field 13769 ChildType *string `type:"string" required:"true" enum:"ChildType"` 13770 13771 // (Optional) Use this to limit the number of results you want included per 13772 // page in the response. If you do not include this parameter, it defaults to 13773 // a value that is specific to the operation. If additional items exist beyond 13774 // the maximum you specify, the NextToken response element is present and has 13775 // a value (is not null). Include that value as the NextToken request parameter 13776 // in the next call to the operation to get the next part of the results. Note 13777 // that Organizations might return fewer results than the maximum even when 13778 // there are more results available. You should check NextToken after every 13779 // operation to ensure that you receive all of the results. 13780 MaxResults *int64 `min:"1" type:"integer"` 13781 13782 // Use this parameter if you receive a NextToken response in a previous request 13783 // that indicates that there is more output available. Set it to the value of 13784 // the previous call's NextToken response to indicate where the output should 13785 // continue from. 13786 NextToken *string `type:"string"` 13787 13788 // The unique identifier (ID) for the parent root or OU whose children you want 13789 // to list. 13790 // 13791 // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string 13792 // requires one of the following: 13793 // 13794 // * Root - A string that begins with "r-" followed by from 4 to 32 lower-case 13795 // letters or digits. 13796 // 13797 // * Organizational unit (OU) - A string that begins with "ou-" followed 13798 // by from 4 to 32 lower-case letters or digits (the ID of the root that 13799 // the OU is in) followed by a second "-" dash and from 8 to 32 additional 13800 // lower-case letters or digits. 13801 // 13802 // ParentId is a required field 13803 ParentId *string `type:"string" required:"true"` 13804} 13805 13806// String returns the string representation 13807func (s ListChildrenInput) String() string { 13808 return awsutil.Prettify(s) 13809} 13810 13811// GoString returns the string representation 13812func (s ListChildrenInput) GoString() string { 13813 return s.String() 13814} 13815 13816// Validate inspects the fields of the type to determine if they are valid. 13817func (s *ListChildrenInput) Validate() error { 13818 invalidParams := request.ErrInvalidParams{Context: "ListChildrenInput"} 13819 if s.ChildType == nil { 13820 invalidParams.Add(request.NewErrParamRequired("ChildType")) 13821 } 13822 if s.MaxResults != nil && *s.MaxResults < 1 { 13823 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 13824 } 13825 if s.ParentId == nil { 13826 invalidParams.Add(request.NewErrParamRequired("ParentId")) 13827 } 13828 13829 if invalidParams.Len() > 0 { 13830 return invalidParams 13831 } 13832 return nil 13833} 13834 13835// SetChildType sets the ChildType field's value. 13836func (s *ListChildrenInput) SetChildType(v string) *ListChildrenInput { 13837 s.ChildType = &v 13838 return s 13839} 13840 13841// SetMaxResults sets the MaxResults field's value. 13842func (s *ListChildrenInput) SetMaxResults(v int64) *ListChildrenInput { 13843 s.MaxResults = &v 13844 return s 13845} 13846 13847// SetNextToken sets the NextToken field's value. 13848func (s *ListChildrenInput) SetNextToken(v string) *ListChildrenInput { 13849 s.NextToken = &v 13850 return s 13851} 13852 13853// SetParentId sets the ParentId field's value. 13854func (s *ListChildrenInput) SetParentId(v string) *ListChildrenInput { 13855 s.ParentId = &v 13856 return s 13857} 13858 13859type ListChildrenOutput struct { 13860 _ struct{} `type:"structure"` 13861 13862 // The list of children of the specified parent container. 13863 Children []*Child `type:"list"` 13864 13865 // If present, this value indicates that there is more output available than 13866 // is included in the current response. Use this value in the NextToken request 13867 // parameter in a subsequent call to the operation to get the next part of the 13868 // output. You should repeat this until the NextToken response element comes 13869 // back as null. 13870 NextToken *string `type:"string"` 13871} 13872 13873// String returns the string representation 13874func (s ListChildrenOutput) String() string { 13875 return awsutil.Prettify(s) 13876} 13877 13878// GoString returns the string representation 13879func (s ListChildrenOutput) GoString() string { 13880 return s.String() 13881} 13882 13883// SetChildren sets the Children field's value. 13884func (s *ListChildrenOutput) SetChildren(v []*Child) *ListChildrenOutput { 13885 s.Children = v 13886 return s 13887} 13888 13889// SetNextToken sets the NextToken field's value. 13890func (s *ListChildrenOutput) SetNextToken(v string) *ListChildrenOutput { 13891 s.NextToken = &v 13892 return s 13893} 13894 13895type ListCreateAccountStatusInput struct { 13896 _ struct{} `type:"structure"` 13897 13898 // (Optional) Use this to limit the number of results you want included per 13899 // page in the response. If you do not include this parameter, it defaults to 13900 // a value that is specific to the operation. If additional items exist beyond 13901 // the maximum you specify, the NextToken response element is present and has 13902 // a value (is not null). Include that value as the NextToken request parameter 13903 // in the next call to the operation to get the next part of the results. Note 13904 // that Organizations might return fewer results than the maximum even when 13905 // there are more results available. You should check NextToken after every 13906 // operation to ensure that you receive all of the results. 13907 MaxResults *int64 `min:"1" type:"integer"` 13908 13909 // Use this parameter if you receive a NextToken response in a previous request 13910 // that indicates that there is more output available. Set it to the value of 13911 // the previous call's NextToken response to indicate where the output should 13912 // continue from. 13913 NextToken *string `type:"string"` 13914 13915 // A list of one or more states that you want included in the response. If this 13916 // parameter isn't present, all requests are included in the response. 13917 States []*string `type:"list"` 13918} 13919 13920// String returns the string representation 13921func (s ListCreateAccountStatusInput) String() string { 13922 return awsutil.Prettify(s) 13923} 13924 13925// GoString returns the string representation 13926func (s ListCreateAccountStatusInput) GoString() string { 13927 return s.String() 13928} 13929 13930// Validate inspects the fields of the type to determine if they are valid. 13931func (s *ListCreateAccountStatusInput) Validate() error { 13932 invalidParams := request.ErrInvalidParams{Context: "ListCreateAccountStatusInput"} 13933 if s.MaxResults != nil && *s.MaxResults < 1 { 13934 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 13935 } 13936 13937 if invalidParams.Len() > 0 { 13938 return invalidParams 13939 } 13940 return nil 13941} 13942 13943// SetMaxResults sets the MaxResults field's value. 13944func (s *ListCreateAccountStatusInput) SetMaxResults(v int64) *ListCreateAccountStatusInput { 13945 s.MaxResults = &v 13946 return s 13947} 13948 13949// SetNextToken sets the NextToken field's value. 13950func (s *ListCreateAccountStatusInput) SetNextToken(v string) *ListCreateAccountStatusInput { 13951 s.NextToken = &v 13952 return s 13953} 13954 13955// SetStates sets the States field's value. 13956func (s *ListCreateAccountStatusInput) SetStates(v []*string) *ListCreateAccountStatusInput { 13957 s.States = v 13958 return s 13959} 13960 13961type ListCreateAccountStatusOutput struct { 13962 _ struct{} `type:"structure"` 13963 13964 // A list of objects with details about the requests. Certain elements, such 13965 // as the accountId number, are present in the output only after the account 13966 // has been successfully created. 13967 CreateAccountStatuses []*CreateAccountStatus `type:"list"` 13968 13969 // If present, this value indicates that there is more output available than 13970 // is included in the current response. Use this value in the NextToken request 13971 // parameter in a subsequent call to the operation to get the next part of the 13972 // output. You should repeat this until the NextToken response element comes 13973 // back as null. 13974 NextToken *string `type:"string"` 13975} 13976 13977// String returns the string representation 13978func (s ListCreateAccountStatusOutput) String() string { 13979 return awsutil.Prettify(s) 13980} 13981 13982// GoString returns the string representation 13983func (s ListCreateAccountStatusOutput) GoString() string { 13984 return s.String() 13985} 13986 13987// SetCreateAccountStatuses sets the CreateAccountStatuses field's value. 13988func (s *ListCreateAccountStatusOutput) SetCreateAccountStatuses(v []*CreateAccountStatus) *ListCreateAccountStatusOutput { 13989 s.CreateAccountStatuses = v 13990 return s 13991} 13992 13993// SetNextToken sets the NextToken field's value. 13994func (s *ListCreateAccountStatusOutput) SetNextToken(v string) *ListCreateAccountStatusOutput { 13995 s.NextToken = &v 13996 return s 13997} 13998 13999type ListHandshakesForAccountInput struct { 14000 _ struct{} `type:"structure"` 14001 14002 // Filters the handshakes that you want included in the response. The default 14003 // is all types. Use the ActionType element to limit the output to only a specified 14004 // type, such as INVITE, ENABLE_ALL_FEATURES, or APPROVE_ALL_FEATURES. Alternatively, 14005 // for the ENABLE_ALL_FEATURES handshake that generates a separate child handshake 14006 // for each member account, you can specify ParentHandshakeId to see only the 14007 // handshakes that were generated by that parent request. 14008 Filter *HandshakeFilter `type:"structure"` 14009 14010 // (Optional) Use this to limit the number of results you want included per 14011 // page in the response. If you do not include this parameter, it defaults to 14012 // a value that is specific to the operation. If additional items exist beyond 14013 // the maximum you specify, the NextToken response element is present and has 14014 // a value (is not null). Include that value as the NextToken request parameter 14015 // in the next call to the operation to get the next part of the results. Note 14016 // that Organizations might return fewer results than the maximum even when 14017 // there are more results available. You should check NextToken after every 14018 // operation to ensure that you receive all of the results. 14019 MaxResults *int64 `min:"1" type:"integer"` 14020 14021 // Use this parameter if you receive a NextToken response in a previous request 14022 // that indicates that there is more output available. Set it to the value of 14023 // the previous call's NextToken response to indicate where the output should 14024 // continue from. 14025 NextToken *string `type:"string"` 14026} 14027 14028// String returns the string representation 14029func (s ListHandshakesForAccountInput) String() string { 14030 return awsutil.Prettify(s) 14031} 14032 14033// GoString returns the string representation 14034func (s ListHandshakesForAccountInput) GoString() string { 14035 return s.String() 14036} 14037 14038// Validate inspects the fields of the type to determine if they are valid. 14039func (s *ListHandshakesForAccountInput) Validate() error { 14040 invalidParams := request.ErrInvalidParams{Context: "ListHandshakesForAccountInput"} 14041 if s.MaxResults != nil && *s.MaxResults < 1 { 14042 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 14043 } 14044 14045 if invalidParams.Len() > 0 { 14046 return invalidParams 14047 } 14048 return nil 14049} 14050 14051// SetFilter sets the Filter field's value. 14052func (s *ListHandshakesForAccountInput) SetFilter(v *HandshakeFilter) *ListHandshakesForAccountInput { 14053 s.Filter = v 14054 return s 14055} 14056 14057// SetMaxResults sets the MaxResults field's value. 14058func (s *ListHandshakesForAccountInput) SetMaxResults(v int64) *ListHandshakesForAccountInput { 14059 s.MaxResults = &v 14060 return s 14061} 14062 14063// SetNextToken sets the NextToken field's value. 14064func (s *ListHandshakesForAccountInput) SetNextToken(v string) *ListHandshakesForAccountInput { 14065 s.NextToken = &v 14066 return s 14067} 14068 14069type ListHandshakesForAccountOutput struct { 14070 _ struct{} `type:"structure"` 14071 14072 // A list of Handshake objects with details about each of the handshakes that 14073 // is associated with the specified account. 14074 Handshakes []*Handshake `type:"list"` 14075 14076 // If present, this value indicates that there is more output available than 14077 // is included in the current response. Use this value in the NextToken request 14078 // parameter in a subsequent call to the operation to get the next part of the 14079 // output. You should repeat this until the NextToken response element comes 14080 // back as null. 14081 NextToken *string `type:"string"` 14082} 14083 14084// String returns the string representation 14085func (s ListHandshakesForAccountOutput) String() string { 14086 return awsutil.Prettify(s) 14087} 14088 14089// GoString returns the string representation 14090func (s ListHandshakesForAccountOutput) GoString() string { 14091 return s.String() 14092} 14093 14094// SetHandshakes sets the Handshakes field's value. 14095func (s *ListHandshakesForAccountOutput) SetHandshakes(v []*Handshake) *ListHandshakesForAccountOutput { 14096 s.Handshakes = v 14097 return s 14098} 14099 14100// SetNextToken sets the NextToken field's value. 14101func (s *ListHandshakesForAccountOutput) SetNextToken(v string) *ListHandshakesForAccountOutput { 14102 s.NextToken = &v 14103 return s 14104} 14105 14106type ListHandshakesForOrganizationInput struct { 14107 _ struct{} `type:"structure"` 14108 14109 // A filter of the handshakes that you want included in the response. The default 14110 // is all types. Use the ActionType element to limit the output to only a specified 14111 // type, such as INVITE, ENABLE-ALL-FEATURES, or APPROVE-ALL-FEATURES. Alternatively, 14112 // for the ENABLE-ALL-FEATURES handshake that generates a separate child handshake 14113 // for each member account, you can specify the ParentHandshakeId to see only 14114 // the handshakes that were generated by that parent request. 14115 Filter *HandshakeFilter `type:"structure"` 14116 14117 // (Optional) Use this to limit the number of results you want included per 14118 // page in the response. If you do not include this parameter, it defaults to 14119 // a value that is specific to the operation. If additional items exist beyond 14120 // the maximum you specify, the NextToken response element is present and has 14121 // a value (is not null). Include that value as the NextToken request parameter 14122 // in the next call to the operation to get the next part of the results. Note 14123 // that Organizations might return fewer results than the maximum even when 14124 // there are more results available. You should check NextToken after every 14125 // operation to ensure that you receive all of the results. 14126 MaxResults *int64 `min:"1" type:"integer"` 14127 14128 // Use this parameter if you receive a NextToken response in a previous request 14129 // that indicates that there is more output available. Set it to the value of 14130 // the previous call's NextToken response to indicate where the output should 14131 // continue from. 14132 NextToken *string `type:"string"` 14133} 14134 14135// String returns the string representation 14136func (s ListHandshakesForOrganizationInput) String() string { 14137 return awsutil.Prettify(s) 14138} 14139 14140// GoString returns the string representation 14141func (s ListHandshakesForOrganizationInput) GoString() string { 14142 return s.String() 14143} 14144 14145// Validate inspects the fields of the type to determine if they are valid. 14146func (s *ListHandshakesForOrganizationInput) Validate() error { 14147 invalidParams := request.ErrInvalidParams{Context: "ListHandshakesForOrganizationInput"} 14148 if s.MaxResults != nil && *s.MaxResults < 1 { 14149 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 14150 } 14151 14152 if invalidParams.Len() > 0 { 14153 return invalidParams 14154 } 14155 return nil 14156} 14157 14158// SetFilter sets the Filter field's value. 14159func (s *ListHandshakesForOrganizationInput) SetFilter(v *HandshakeFilter) *ListHandshakesForOrganizationInput { 14160 s.Filter = v 14161 return s 14162} 14163 14164// SetMaxResults sets the MaxResults field's value. 14165func (s *ListHandshakesForOrganizationInput) SetMaxResults(v int64) *ListHandshakesForOrganizationInput { 14166 s.MaxResults = &v 14167 return s 14168} 14169 14170// SetNextToken sets the NextToken field's value. 14171func (s *ListHandshakesForOrganizationInput) SetNextToken(v string) *ListHandshakesForOrganizationInput { 14172 s.NextToken = &v 14173 return s 14174} 14175 14176type ListHandshakesForOrganizationOutput struct { 14177 _ struct{} `type:"structure"` 14178 14179 // A list of Handshake objects with details about each of the handshakes that 14180 // are associated with an organization. 14181 Handshakes []*Handshake `type:"list"` 14182 14183 // If present, this value indicates that there is more output available than 14184 // is included in the current response. Use this value in the NextToken request 14185 // parameter in a subsequent call to the operation to get the next part of the 14186 // output. You should repeat this until the NextToken response element comes 14187 // back as null. 14188 NextToken *string `type:"string"` 14189} 14190 14191// String returns the string representation 14192func (s ListHandshakesForOrganizationOutput) String() string { 14193 return awsutil.Prettify(s) 14194} 14195 14196// GoString returns the string representation 14197func (s ListHandshakesForOrganizationOutput) GoString() string { 14198 return s.String() 14199} 14200 14201// SetHandshakes sets the Handshakes field's value. 14202func (s *ListHandshakesForOrganizationOutput) SetHandshakes(v []*Handshake) *ListHandshakesForOrganizationOutput { 14203 s.Handshakes = v 14204 return s 14205} 14206 14207// SetNextToken sets the NextToken field's value. 14208func (s *ListHandshakesForOrganizationOutput) SetNextToken(v string) *ListHandshakesForOrganizationOutput { 14209 s.NextToken = &v 14210 return s 14211} 14212 14213type ListOrganizationalUnitsForParentInput struct { 14214 _ struct{} `type:"structure"` 14215 14216 // (Optional) Use this to limit the number of results you want included per 14217 // page in the response. If you do not include this parameter, it defaults to 14218 // a value that is specific to the operation. If additional items exist beyond 14219 // the maximum you specify, the NextToken response element is present and has 14220 // a value (is not null). Include that value as the NextToken request parameter 14221 // in the next call to the operation to get the next part of the results. Note 14222 // that Organizations might return fewer results than the maximum even when 14223 // there are more results available. You should check NextToken after every 14224 // operation to ensure that you receive all of the results. 14225 MaxResults *int64 `min:"1" type:"integer"` 14226 14227 // Use this parameter if you receive a NextToken response in a previous request 14228 // that indicates that there is more output available. Set it to the value of 14229 // the previous call's NextToken response to indicate where the output should 14230 // continue from. 14231 NextToken *string `type:"string"` 14232 14233 // The unique identifier (ID) of the root or OU whose child OUs you want to 14234 // list. 14235 // 14236 // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string 14237 // requires one of the following: 14238 // 14239 // * Root - A string that begins with "r-" followed by from 4 to 32 lower-case 14240 // letters or digits. 14241 // 14242 // * Organizational unit (OU) - A string that begins with "ou-" followed 14243 // by from 4 to 32 lower-case letters or digits (the ID of the root that 14244 // the OU is in) followed by a second "-" dash and from 8 to 32 additional 14245 // lower-case letters or digits. 14246 // 14247 // ParentId is a required field 14248 ParentId *string `type:"string" required:"true"` 14249} 14250 14251// String returns the string representation 14252func (s ListOrganizationalUnitsForParentInput) String() string { 14253 return awsutil.Prettify(s) 14254} 14255 14256// GoString returns the string representation 14257func (s ListOrganizationalUnitsForParentInput) GoString() string { 14258 return s.String() 14259} 14260 14261// Validate inspects the fields of the type to determine if they are valid. 14262func (s *ListOrganizationalUnitsForParentInput) Validate() error { 14263 invalidParams := request.ErrInvalidParams{Context: "ListOrganizationalUnitsForParentInput"} 14264 if s.MaxResults != nil && *s.MaxResults < 1 { 14265 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 14266 } 14267 if s.ParentId == nil { 14268 invalidParams.Add(request.NewErrParamRequired("ParentId")) 14269 } 14270 14271 if invalidParams.Len() > 0 { 14272 return invalidParams 14273 } 14274 return nil 14275} 14276 14277// SetMaxResults sets the MaxResults field's value. 14278func (s *ListOrganizationalUnitsForParentInput) SetMaxResults(v int64) *ListOrganizationalUnitsForParentInput { 14279 s.MaxResults = &v 14280 return s 14281} 14282 14283// SetNextToken sets the NextToken field's value. 14284func (s *ListOrganizationalUnitsForParentInput) SetNextToken(v string) *ListOrganizationalUnitsForParentInput { 14285 s.NextToken = &v 14286 return s 14287} 14288 14289// SetParentId sets the ParentId field's value. 14290func (s *ListOrganizationalUnitsForParentInput) SetParentId(v string) *ListOrganizationalUnitsForParentInput { 14291 s.ParentId = &v 14292 return s 14293} 14294 14295type ListOrganizationalUnitsForParentOutput struct { 14296 _ struct{} `type:"structure"` 14297 14298 // If present, this value indicates that there is more output available than 14299 // is included in the current response. Use this value in the NextToken request 14300 // parameter in a subsequent call to the operation to get the next part of the 14301 // output. You should repeat this until the NextToken response element comes 14302 // back as null. 14303 NextToken *string `type:"string"` 14304 14305 // A list of the OUs in the specified root or parent OU. 14306 OrganizationalUnits []*OrganizationalUnit `type:"list"` 14307} 14308 14309// String returns the string representation 14310func (s ListOrganizationalUnitsForParentOutput) String() string { 14311 return awsutil.Prettify(s) 14312} 14313 14314// GoString returns the string representation 14315func (s ListOrganizationalUnitsForParentOutput) GoString() string { 14316 return s.String() 14317} 14318 14319// SetNextToken sets the NextToken field's value. 14320func (s *ListOrganizationalUnitsForParentOutput) SetNextToken(v string) *ListOrganizationalUnitsForParentOutput { 14321 s.NextToken = &v 14322 return s 14323} 14324 14325// SetOrganizationalUnits sets the OrganizationalUnits field's value. 14326func (s *ListOrganizationalUnitsForParentOutput) SetOrganizationalUnits(v []*OrganizationalUnit) *ListOrganizationalUnitsForParentOutput { 14327 s.OrganizationalUnits = v 14328 return s 14329} 14330 14331type ListParentsInput struct { 14332 _ struct{} `type:"structure"` 14333 14334 // The unique identifier (ID) of the OU or account whose parent containers you 14335 // want to list. Don't specify a root. 14336 // 14337 // The regex pattern (http://wikipedia.org/wiki/regex) for a child ID string 14338 // requires one of the following: 14339 // 14340 // * Account - A string that consists of exactly 12 digits. 14341 // 14342 // * Organizational unit (OU) - A string that begins with "ou-" followed 14343 // by from 4 to 32 lower-case letters or digits (the ID of the root that 14344 // contains the OU) followed by a second "-" dash and from 8 to 32 additional 14345 // lower-case letters or digits. 14346 // 14347 // ChildId is a required field 14348 ChildId *string `type:"string" required:"true"` 14349 14350 // (Optional) Use this to limit the number of results you want included per 14351 // page in the response. If you do not include this parameter, it defaults to 14352 // a value that is specific to the operation. If additional items exist beyond 14353 // the maximum you specify, the NextToken response element is present and has 14354 // a value (is not null). Include that value as the NextToken request parameter 14355 // in the next call to the operation to get the next part of the results. Note 14356 // that Organizations might return fewer results than the maximum even when 14357 // there are more results available. You should check NextToken after every 14358 // operation to ensure that you receive all of the results. 14359 MaxResults *int64 `min:"1" type:"integer"` 14360 14361 // Use this parameter if you receive a NextToken response in a previous request 14362 // that indicates that there is more output available. Set it to the value of 14363 // the previous call's NextToken response to indicate where the output should 14364 // continue from. 14365 NextToken *string `type:"string"` 14366} 14367 14368// String returns the string representation 14369func (s ListParentsInput) String() string { 14370 return awsutil.Prettify(s) 14371} 14372 14373// GoString returns the string representation 14374func (s ListParentsInput) GoString() string { 14375 return s.String() 14376} 14377 14378// Validate inspects the fields of the type to determine if they are valid. 14379func (s *ListParentsInput) Validate() error { 14380 invalidParams := request.ErrInvalidParams{Context: "ListParentsInput"} 14381 if s.ChildId == nil { 14382 invalidParams.Add(request.NewErrParamRequired("ChildId")) 14383 } 14384 if s.MaxResults != nil && *s.MaxResults < 1 { 14385 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 14386 } 14387 14388 if invalidParams.Len() > 0 { 14389 return invalidParams 14390 } 14391 return nil 14392} 14393 14394// SetChildId sets the ChildId field's value. 14395func (s *ListParentsInput) SetChildId(v string) *ListParentsInput { 14396 s.ChildId = &v 14397 return s 14398} 14399 14400// SetMaxResults sets the MaxResults field's value. 14401func (s *ListParentsInput) SetMaxResults(v int64) *ListParentsInput { 14402 s.MaxResults = &v 14403 return s 14404} 14405 14406// SetNextToken sets the NextToken field's value. 14407func (s *ListParentsInput) SetNextToken(v string) *ListParentsInput { 14408 s.NextToken = &v 14409 return s 14410} 14411 14412type ListParentsOutput struct { 14413 _ struct{} `type:"structure"` 14414 14415 // If present, this value indicates that there is more output available than 14416 // is included in the current response. Use this value in the NextToken request 14417 // parameter in a subsequent call to the operation to get the next part of the 14418 // output. You should repeat this until the NextToken response element comes 14419 // back as null. 14420 NextToken *string `type:"string"` 14421 14422 // A list of parents for the specified child account or OU. 14423 Parents []*Parent `type:"list"` 14424} 14425 14426// String returns the string representation 14427func (s ListParentsOutput) String() string { 14428 return awsutil.Prettify(s) 14429} 14430 14431// GoString returns the string representation 14432func (s ListParentsOutput) GoString() string { 14433 return s.String() 14434} 14435 14436// SetNextToken sets the NextToken field's value. 14437func (s *ListParentsOutput) SetNextToken(v string) *ListParentsOutput { 14438 s.NextToken = &v 14439 return s 14440} 14441 14442// SetParents sets the Parents field's value. 14443func (s *ListParentsOutput) SetParents(v []*Parent) *ListParentsOutput { 14444 s.Parents = v 14445 return s 14446} 14447 14448type ListPoliciesForTargetInput struct { 14449 _ struct{} `type:"structure"` 14450 14451 // The type of policy that you want to include in the returned list. 14452 // 14453 // Filter is a required field 14454 Filter *string `type:"string" required:"true" enum:"PolicyType"` 14455 14456 // (Optional) Use this to limit the number of results you want included per 14457 // page in the response. If you do not include this parameter, it defaults to 14458 // a value that is specific to the operation. If additional items exist beyond 14459 // the maximum you specify, the NextToken response element is present and has 14460 // a value (is not null). Include that value as the NextToken request parameter 14461 // in the next call to the operation to get the next part of the results. Note 14462 // that Organizations might return fewer results than the maximum even when 14463 // there are more results available. You should check NextToken after every 14464 // operation to ensure that you receive all of the results. 14465 MaxResults *int64 `min:"1" type:"integer"` 14466 14467 // Use this parameter if you receive a NextToken response in a previous request 14468 // that indicates that there is more output available. Set it to the value of 14469 // the previous call's NextToken response to indicate where the output should 14470 // continue from. 14471 NextToken *string `type:"string"` 14472 14473 // The unique identifier (ID) of the root, organizational unit, or account whose 14474 // policies you want to list. 14475 // 14476 // The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string 14477 // requires one of the following: 14478 // 14479 // * Root - A string that begins with "r-" followed by from 4 to 32 lower-case 14480 // letters or digits. 14481 // 14482 // * Account - A string that consists of exactly 12 digits. 14483 // 14484 // * Organizational unit (OU) - A string that begins with "ou-" followed 14485 // by from 4 to 32 lower-case letters or digits (the ID of the root that 14486 // the OU is in) followed by a second "-" dash and from 8 to 32 additional 14487 // lower-case letters or digits. 14488 // 14489 // TargetId is a required field 14490 TargetId *string `type:"string" required:"true"` 14491} 14492 14493// String returns the string representation 14494func (s ListPoliciesForTargetInput) String() string { 14495 return awsutil.Prettify(s) 14496} 14497 14498// GoString returns the string representation 14499func (s ListPoliciesForTargetInput) GoString() string { 14500 return s.String() 14501} 14502 14503// Validate inspects the fields of the type to determine if they are valid. 14504func (s *ListPoliciesForTargetInput) Validate() error { 14505 invalidParams := request.ErrInvalidParams{Context: "ListPoliciesForTargetInput"} 14506 if s.Filter == nil { 14507 invalidParams.Add(request.NewErrParamRequired("Filter")) 14508 } 14509 if s.MaxResults != nil && *s.MaxResults < 1 { 14510 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 14511 } 14512 if s.TargetId == nil { 14513 invalidParams.Add(request.NewErrParamRequired("TargetId")) 14514 } 14515 14516 if invalidParams.Len() > 0 { 14517 return invalidParams 14518 } 14519 return nil 14520} 14521 14522// SetFilter sets the Filter field's value. 14523func (s *ListPoliciesForTargetInput) SetFilter(v string) *ListPoliciesForTargetInput { 14524 s.Filter = &v 14525 return s 14526} 14527 14528// SetMaxResults sets the MaxResults field's value. 14529func (s *ListPoliciesForTargetInput) SetMaxResults(v int64) *ListPoliciesForTargetInput { 14530 s.MaxResults = &v 14531 return s 14532} 14533 14534// SetNextToken sets the NextToken field's value. 14535func (s *ListPoliciesForTargetInput) SetNextToken(v string) *ListPoliciesForTargetInput { 14536 s.NextToken = &v 14537 return s 14538} 14539 14540// SetTargetId sets the TargetId field's value. 14541func (s *ListPoliciesForTargetInput) SetTargetId(v string) *ListPoliciesForTargetInput { 14542 s.TargetId = &v 14543 return s 14544} 14545 14546type ListPoliciesForTargetOutput struct { 14547 _ struct{} `type:"structure"` 14548 14549 // If present, this value indicates that there is more output available than 14550 // is included in the current response. Use this value in the NextToken request 14551 // parameter in a subsequent call to the operation to get the next part of the 14552 // output. You should repeat this until the NextToken response element comes 14553 // back as null. 14554 NextToken *string `type:"string"` 14555 14556 // The list of policies that match the criteria in the request. 14557 Policies []*PolicySummary `type:"list"` 14558} 14559 14560// String returns the string representation 14561func (s ListPoliciesForTargetOutput) String() string { 14562 return awsutil.Prettify(s) 14563} 14564 14565// GoString returns the string representation 14566func (s ListPoliciesForTargetOutput) GoString() string { 14567 return s.String() 14568} 14569 14570// SetNextToken sets the NextToken field's value. 14571func (s *ListPoliciesForTargetOutput) SetNextToken(v string) *ListPoliciesForTargetOutput { 14572 s.NextToken = &v 14573 return s 14574} 14575 14576// SetPolicies sets the Policies field's value. 14577func (s *ListPoliciesForTargetOutput) SetPolicies(v []*PolicySummary) *ListPoliciesForTargetOutput { 14578 s.Policies = v 14579 return s 14580} 14581 14582type ListPoliciesInput struct { 14583 _ struct{} `type:"structure"` 14584 14585 // Specifies the type of policy that you want to include in the response. 14586 // 14587 // Filter is a required field 14588 Filter *string `type:"string" required:"true" enum:"PolicyType"` 14589 14590 // (Optional) Use this to limit the number of results you want included per 14591 // page in the response. If you do not include this parameter, it defaults to 14592 // a value that is specific to the operation. If additional items exist beyond 14593 // the maximum you specify, the NextToken response element is present and has 14594 // a value (is not null). Include that value as the NextToken request parameter 14595 // in the next call to the operation to get the next part of the results. Note 14596 // that Organizations might return fewer results than the maximum even when 14597 // there are more results available. You should check NextToken after every 14598 // operation to ensure that you receive all of the results. 14599 MaxResults *int64 `min:"1" type:"integer"` 14600 14601 // Use this parameter if you receive a NextToken response in a previous request 14602 // that indicates that there is more output available. Set it to the value of 14603 // the previous call's NextToken response to indicate where the output should 14604 // continue from. 14605 NextToken *string `type:"string"` 14606} 14607 14608// String returns the string representation 14609func (s ListPoliciesInput) String() string { 14610 return awsutil.Prettify(s) 14611} 14612 14613// GoString returns the string representation 14614func (s ListPoliciesInput) GoString() string { 14615 return s.String() 14616} 14617 14618// Validate inspects the fields of the type to determine if they are valid. 14619func (s *ListPoliciesInput) Validate() error { 14620 invalidParams := request.ErrInvalidParams{Context: "ListPoliciesInput"} 14621 if s.Filter == nil { 14622 invalidParams.Add(request.NewErrParamRequired("Filter")) 14623 } 14624 if s.MaxResults != nil && *s.MaxResults < 1 { 14625 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 14626 } 14627 14628 if invalidParams.Len() > 0 { 14629 return invalidParams 14630 } 14631 return nil 14632} 14633 14634// SetFilter sets the Filter field's value. 14635func (s *ListPoliciesInput) SetFilter(v string) *ListPoliciesInput { 14636 s.Filter = &v 14637 return s 14638} 14639 14640// SetMaxResults sets the MaxResults field's value. 14641func (s *ListPoliciesInput) SetMaxResults(v int64) *ListPoliciesInput { 14642 s.MaxResults = &v 14643 return s 14644} 14645 14646// SetNextToken sets the NextToken field's value. 14647func (s *ListPoliciesInput) SetNextToken(v string) *ListPoliciesInput { 14648 s.NextToken = &v 14649 return s 14650} 14651 14652type ListPoliciesOutput struct { 14653 _ struct{} `type:"structure"` 14654 14655 // If present, this value indicates that there is more output available than 14656 // is included in the current response. Use this value in the NextToken request 14657 // parameter in a subsequent call to the operation to get the next part of the 14658 // output. You should repeat this until the NextToken response element comes 14659 // back as null. 14660 NextToken *string `type:"string"` 14661 14662 // A list of policies that match the filter criteria in the request. The output 14663 // list doesn't include the policy contents. To see the content for a policy, 14664 // see DescribePolicy. 14665 Policies []*PolicySummary `type:"list"` 14666} 14667 14668// String returns the string representation 14669func (s ListPoliciesOutput) String() string { 14670 return awsutil.Prettify(s) 14671} 14672 14673// GoString returns the string representation 14674func (s ListPoliciesOutput) GoString() string { 14675 return s.String() 14676} 14677 14678// SetNextToken sets the NextToken field's value. 14679func (s *ListPoliciesOutput) SetNextToken(v string) *ListPoliciesOutput { 14680 s.NextToken = &v 14681 return s 14682} 14683 14684// SetPolicies sets the Policies field's value. 14685func (s *ListPoliciesOutput) SetPolicies(v []*PolicySummary) *ListPoliciesOutput { 14686 s.Policies = v 14687 return s 14688} 14689 14690type ListRootsInput struct { 14691 _ struct{} `type:"structure"` 14692 14693 // (Optional) Use this to limit the number of results you want included per 14694 // page in the response. If you do not include this parameter, it defaults to 14695 // a value that is specific to the operation. If additional items exist beyond 14696 // the maximum you specify, the NextToken response element is present and has 14697 // a value (is not null). Include that value as the NextToken request parameter 14698 // in the next call to the operation to get the next part of the results. Note 14699 // that Organizations might return fewer results than the maximum even when 14700 // there are more results available. You should check NextToken after every 14701 // operation to ensure that you receive all of the results. 14702 MaxResults *int64 `min:"1" type:"integer"` 14703 14704 // Use this parameter if you receive a NextToken response in a previous request 14705 // that indicates that there is more output available. Set it to the value of 14706 // the previous call's NextToken response to indicate where the output should 14707 // continue from. 14708 NextToken *string `type:"string"` 14709} 14710 14711// String returns the string representation 14712func (s ListRootsInput) String() string { 14713 return awsutil.Prettify(s) 14714} 14715 14716// GoString returns the string representation 14717func (s ListRootsInput) GoString() string { 14718 return s.String() 14719} 14720 14721// Validate inspects the fields of the type to determine if they are valid. 14722func (s *ListRootsInput) Validate() error { 14723 invalidParams := request.ErrInvalidParams{Context: "ListRootsInput"} 14724 if s.MaxResults != nil && *s.MaxResults < 1 { 14725 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 14726 } 14727 14728 if invalidParams.Len() > 0 { 14729 return invalidParams 14730 } 14731 return nil 14732} 14733 14734// SetMaxResults sets the MaxResults field's value. 14735func (s *ListRootsInput) SetMaxResults(v int64) *ListRootsInput { 14736 s.MaxResults = &v 14737 return s 14738} 14739 14740// SetNextToken sets the NextToken field's value. 14741func (s *ListRootsInput) SetNextToken(v string) *ListRootsInput { 14742 s.NextToken = &v 14743 return s 14744} 14745 14746type ListRootsOutput struct { 14747 _ struct{} `type:"structure"` 14748 14749 // If present, this value indicates that there is more output available than 14750 // is included in the current response. Use this value in the NextToken request 14751 // parameter in a subsequent call to the operation to get the next part of the 14752 // output. You should repeat this until the NextToken response element comes 14753 // back as null. 14754 NextToken *string `type:"string"` 14755 14756 // A list of roots that are defined in an organization. 14757 Roots []*Root `type:"list"` 14758} 14759 14760// String returns the string representation 14761func (s ListRootsOutput) String() string { 14762 return awsutil.Prettify(s) 14763} 14764 14765// GoString returns the string representation 14766func (s ListRootsOutput) GoString() string { 14767 return s.String() 14768} 14769 14770// SetNextToken sets the NextToken field's value. 14771func (s *ListRootsOutput) SetNextToken(v string) *ListRootsOutput { 14772 s.NextToken = &v 14773 return s 14774} 14775 14776// SetRoots sets the Roots field's value. 14777func (s *ListRootsOutput) SetRoots(v []*Root) *ListRootsOutput { 14778 s.Roots = v 14779 return s 14780} 14781 14782type ListTagsForResourceInput struct { 14783 _ struct{} `type:"structure"` 14784 14785 // Use this parameter if you receive a NextToken response in a previous request 14786 // that indicates that there is more output available. Set it to the value of 14787 // the previous call's NextToken response to indicate where the output should 14788 // continue from. 14789 NextToken *string `type:"string"` 14790 14791 // The ID of the resource that you want to retrieve tags for. 14792 // 14793 // ResourceId is a required field 14794 ResourceId *string `type:"string" required:"true"` 14795} 14796 14797// String returns the string representation 14798func (s ListTagsForResourceInput) String() string { 14799 return awsutil.Prettify(s) 14800} 14801 14802// GoString returns the string representation 14803func (s ListTagsForResourceInput) GoString() string { 14804 return s.String() 14805} 14806 14807// Validate inspects the fields of the type to determine if they are valid. 14808func (s *ListTagsForResourceInput) Validate() error { 14809 invalidParams := request.ErrInvalidParams{Context: "ListTagsForResourceInput"} 14810 if s.ResourceId == nil { 14811 invalidParams.Add(request.NewErrParamRequired("ResourceId")) 14812 } 14813 14814 if invalidParams.Len() > 0 { 14815 return invalidParams 14816 } 14817 return nil 14818} 14819 14820// SetNextToken sets the NextToken field's value. 14821func (s *ListTagsForResourceInput) SetNextToken(v string) *ListTagsForResourceInput { 14822 s.NextToken = &v 14823 return s 14824} 14825 14826// SetResourceId sets the ResourceId field's value. 14827func (s *ListTagsForResourceInput) SetResourceId(v string) *ListTagsForResourceInput { 14828 s.ResourceId = &v 14829 return s 14830} 14831 14832type ListTagsForResourceOutput struct { 14833 _ struct{} `type:"structure"` 14834 14835 // If present, this value indicates that there is more output available than 14836 // is included in the current response. Use this value in the NextToken request 14837 // parameter in a subsequent call to the operation to get the next part of the 14838 // output. You should repeat this until the NextToken response element comes 14839 // back as null. 14840 NextToken *string `type:"string"` 14841 14842 // The tags that are assigned to the resource. 14843 Tags []*Tag `type:"list"` 14844} 14845 14846// String returns the string representation 14847func (s ListTagsForResourceOutput) String() string { 14848 return awsutil.Prettify(s) 14849} 14850 14851// GoString returns the string representation 14852func (s ListTagsForResourceOutput) GoString() string { 14853 return s.String() 14854} 14855 14856// SetNextToken sets the NextToken field's value. 14857func (s *ListTagsForResourceOutput) SetNextToken(v string) *ListTagsForResourceOutput { 14858 s.NextToken = &v 14859 return s 14860} 14861 14862// SetTags sets the Tags field's value. 14863func (s *ListTagsForResourceOutput) SetTags(v []*Tag) *ListTagsForResourceOutput { 14864 s.Tags = v 14865 return s 14866} 14867 14868type ListTargetsForPolicyInput struct { 14869 _ struct{} `type:"structure"` 14870 14871 // (Optional) Use this to limit the number of results you want included per 14872 // page in the response. If you do not include this parameter, it defaults to 14873 // a value that is specific to the operation. If additional items exist beyond 14874 // the maximum you specify, the NextToken response element is present and has 14875 // a value (is not null). Include that value as the NextToken request parameter 14876 // in the next call to the operation to get the next part of the results. Note 14877 // that Organizations might return fewer results than the maximum even when 14878 // there are more results available. You should check NextToken after every 14879 // operation to ensure that you receive all of the results. 14880 MaxResults *int64 `min:"1" type:"integer"` 14881 14882 // Use this parameter if you receive a NextToken response in a previous request 14883 // that indicates that there is more output available. Set it to the value of 14884 // the previous call's NextToken response to indicate where the output should 14885 // continue from. 14886 NextToken *string `type:"string"` 14887 14888 // The unique identifier (ID) of the policy whose attachments you want to know. 14889 // 14890 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 14891 // requires "p-" followed by from 8 to 128 lower-case letters or digits. 14892 // 14893 // PolicyId is a required field 14894 PolicyId *string `type:"string" required:"true"` 14895} 14896 14897// String returns the string representation 14898func (s ListTargetsForPolicyInput) String() string { 14899 return awsutil.Prettify(s) 14900} 14901 14902// GoString returns the string representation 14903func (s ListTargetsForPolicyInput) GoString() string { 14904 return s.String() 14905} 14906 14907// Validate inspects the fields of the type to determine if they are valid. 14908func (s *ListTargetsForPolicyInput) Validate() error { 14909 invalidParams := request.ErrInvalidParams{Context: "ListTargetsForPolicyInput"} 14910 if s.MaxResults != nil && *s.MaxResults < 1 { 14911 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 14912 } 14913 if s.PolicyId == nil { 14914 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 14915 } 14916 14917 if invalidParams.Len() > 0 { 14918 return invalidParams 14919 } 14920 return nil 14921} 14922 14923// SetMaxResults sets the MaxResults field's value. 14924func (s *ListTargetsForPolicyInput) SetMaxResults(v int64) *ListTargetsForPolicyInput { 14925 s.MaxResults = &v 14926 return s 14927} 14928 14929// SetNextToken sets the NextToken field's value. 14930func (s *ListTargetsForPolicyInput) SetNextToken(v string) *ListTargetsForPolicyInput { 14931 s.NextToken = &v 14932 return s 14933} 14934 14935// SetPolicyId sets the PolicyId field's value. 14936func (s *ListTargetsForPolicyInput) SetPolicyId(v string) *ListTargetsForPolicyInput { 14937 s.PolicyId = &v 14938 return s 14939} 14940 14941type ListTargetsForPolicyOutput struct { 14942 _ struct{} `type:"structure"` 14943 14944 // If present, this value indicates that there is more output available than 14945 // is included in the current response. Use this value in the NextToken request 14946 // parameter in a subsequent call to the operation to get the next part of the 14947 // output. You should repeat this until the NextToken response element comes 14948 // back as null. 14949 NextToken *string `type:"string"` 14950 14951 // A list of structures, each of which contains details about one of the entities 14952 // to which the specified policy is attached. 14953 Targets []*PolicyTargetSummary `type:"list"` 14954} 14955 14956// String returns the string representation 14957func (s ListTargetsForPolicyOutput) String() string { 14958 return awsutil.Prettify(s) 14959} 14960 14961// GoString returns the string representation 14962func (s ListTargetsForPolicyOutput) GoString() string { 14963 return s.String() 14964} 14965 14966// SetNextToken sets the NextToken field's value. 14967func (s *ListTargetsForPolicyOutput) SetNextToken(v string) *ListTargetsForPolicyOutput { 14968 s.NextToken = &v 14969 return s 14970} 14971 14972// SetTargets sets the Targets field's value. 14973func (s *ListTargetsForPolicyOutput) SetTargets(v []*PolicyTargetSummary) *ListTargetsForPolicyOutput { 14974 s.Targets = v 14975 return s 14976} 14977 14978type MoveAccountInput struct { 14979 _ struct{} `type:"structure"` 14980 14981 // The unique identifier (ID) of the account that you want to move. 14982 // 14983 // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string 14984 // requires exactly 12 digits. 14985 // 14986 // AccountId is a required field 14987 AccountId *string `type:"string" required:"true"` 14988 14989 // The unique identifier (ID) of the root or organizational unit that you want 14990 // to move the account to. 14991 // 14992 // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string 14993 // requires one of the following: 14994 // 14995 // * Root - A string that begins with "r-" followed by from 4 to 32 lower-case 14996 // letters or digits. 14997 // 14998 // * Organizational unit (OU) - A string that begins with "ou-" followed 14999 // by from 4 to 32 lower-case letters or digits (the ID of the root that 15000 // the OU is in) followed by a second "-" dash and from 8 to 32 additional 15001 // lower-case letters or digits. 15002 // 15003 // DestinationParentId is a required field 15004 DestinationParentId *string `type:"string" required:"true"` 15005 15006 // The unique identifier (ID) of the root or organizational unit that you want 15007 // to move the account from. 15008 // 15009 // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string 15010 // requires one of the following: 15011 // 15012 // * Root - A string that begins with "r-" followed by from 4 to 32 lower-case 15013 // letters or digits. 15014 // 15015 // * Organizational unit (OU) - A string that begins with "ou-" followed 15016 // by from 4 to 32 lower-case letters or digits (the ID of the root that 15017 // the OU is in) followed by a second "-" dash and from 8 to 32 additional 15018 // lower-case letters or digits. 15019 // 15020 // SourceParentId is a required field 15021 SourceParentId *string `type:"string" required:"true"` 15022} 15023 15024// String returns the string representation 15025func (s MoveAccountInput) String() string { 15026 return awsutil.Prettify(s) 15027} 15028 15029// GoString returns the string representation 15030func (s MoveAccountInput) GoString() string { 15031 return s.String() 15032} 15033 15034// Validate inspects the fields of the type to determine if they are valid. 15035func (s *MoveAccountInput) Validate() error { 15036 invalidParams := request.ErrInvalidParams{Context: "MoveAccountInput"} 15037 if s.AccountId == nil { 15038 invalidParams.Add(request.NewErrParamRequired("AccountId")) 15039 } 15040 if s.DestinationParentId == nil { 15041 invalidParams.Add(request.NewErrParamRequired("DestinationParentId")) 15042 } 15043 if s.SourceParentId == nil { 15044 invalidParams.Add(request.NewErrParamRequired("SourceParentId")) 15045 } 15046 15047 if invalidParams.Len() > 0 { 15048 return invalidParams 15049 } 15050 return nil 15051} 15052 15053// SetAccountId sets the AccountId field's value. 15054func (s *MoveAccountInput) SetAccountId(v string) *MoveAccountInput { 15055 s.AccountId = &v 15056 return s 15057} 15058 15059// SetDestinationParentId sets the DestinationParentId field's value. 15060func (s *MoveAccountInput) SetDestinationParentId(v string) *MoveAccountInput { 15061 s.DestinationParentId = &v 15062 return s 15063} 15064 15065// SetSourceParentId sets the SourceParentId field's value. 15066func (s *MoveAccountInput) SetSourceParentId(v string) *MoveAccountInput { 15067 s.SourceParentId = &v 15068 return s 15069} 15070 15071type MoveAccountOutput struct { 15072 _ struct{} `type:"structure"` 15073} 15074 15075// String returns the string representation 15076func (s MoveAccountOutput) String() string { 15077 return awsutil.Prettify(s) 15078} 15079 15080// GoString returns the string representation 15081func (s MoveAccountOutput) GoString() string { 15082 return s.String() 15083} 15084 15085// Contains details about an organization. An organization is a collection of 15086// accounts that are centrally managed together using consolidated billing, 15087// organized hierarchically with organizational units (OUs), and controlled 15088// with policies . 15089type Organization struct { 15090 _ struct{} `type:"structure"` 15091 15092 // The Amazon Resource Name (ARN) of an organization. 15093 // 15094 // For more information about ARNs in Organizations, see ARN Formats Supported 15095 // by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) 15096 // in the AWS Organizations User Guide. 15097 Arn *string `type:"string"` 15098 15099 // A list of policy types that are enabled for this organization. For example, 15100 // if your organization has all features enabled, then service control policies 15101 // (SCPs) are included in the list. 15102 // 15103 // Even if a policy type is shown as available in the organization, you can 15104 // separately enable and disable them at the root level by using EnablePolicyType 15105 // and DisablePolicyType. Use ListRoots to see the status of a policy type in 15106 // that root. 15107 AvailablePolicyTypes []*PolicyTypeSummary `type:"list"` 15108 15109 // Specifies the functionality that currently is available to the organization. 15110 // If set to "ALL", then all features are enabled and policies can be applied 15111 // to accounts in the organization. If set to "CONSOLIDATED_BILLING", then only 15112 // consolidated billing functionality is available. For more information, see 15113 // Enabling All Features in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) 15114 // in the AWS Organizations User Guide. 15115 FeatureSet *string `type:"string" enum:"OrganizationFeatureSet"` 15116 15117 // The unique identifier (ID) of an organization. 15118 // 15119 // The regex pattern (http://wikipedia.org/wiki/regex) for an organization ID 15120 // string requires "o-" followed by from 10 to 32 lower-case letters or digits. 15121 Id *string `type:"string"` 15122 15123 // The Amazon Resource Name (ARN) of the account that is designated as the master 15124 // account for the organization. 15125 // 15126 // For more information about ARNs in Organizations, see ARN Formats Supported 15127 // by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) 15128 // in the AWS Organizations User Guide. 15129 MasterAccountArn *string `type:"string"` 15130 15131 // The email address that is associated with the AWS account that is designated 15132 // as the master account for the organization. 15133 MasterAccountEmail *string `min:"6" type:"string" sensitive:"true"` 15134 15135 // The unique identifier (ID) of the master account of an organization. 15136 // 15137 // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string 15138 // requires exactly 12 digits. 15139 MasterAccountId *string `type:"string"` 15140} 15141 15142// String returns the string representation 15143func (s Organization) String() string { 15144 return awsutil.Prettify(s) 15145} 15146 15147// GoString returns the string representation 15148func (s Organization) GoString() string { 15149 return s.String() 15150} 15151 15152// SetArn sets the Arn field's value. 15153func (s *Organization) SetArn(v string) *Organization { 15154 s.Arn = &v 15155 return s 15156} 15157 15158// SetAvailablePolicyTypes sets the AvailablePolicyTypes field's value. 15159func (s *Organization) SetAvailablePolicyTypes(v []*PolicyTypeSummary) *Organization { 15160 s.AvailablePolicyTypes = v 15161 return s 15162} 15163 15164// SetFeatureSet sets the FeatureSet field's value. 15165func (s *Organization) SetFeatureSet(v string) *Organization { 15166 s.FeatureSet = &v 15167 return s 15168} 15169 15170// SetId sets the Id field's value. 15171func (s *Organization) SetId(v string) *Organization { 15172 s.Id = &v 15173 return s 15174} 15175 15176// SetMasterAccountArn sets the MasterAccountArn field's value. 15177func (s *Organization) SetMasterAccountArn(v string) *Organization { 15178 s.MasterAccountArn = &v 15179 return s 15180} 15181 15182// SetMasterAccountEmail sets the MasterAccountEmail field's value. 15183func (s *Organization) SetMasterAccountEmail(v string) *Organization { 15184 s.MasterAccountEmail = &v 15185 return s 15186} 15187 15188// SetMasterAccountId sets the MasterAccountId field's value. 15189func (s *Organization) SetMasterAccountId(v string) *Organization { 15190 s.MasterAccountId = &v 15191 return s 15192} 15193 15194// Contains details about an organizational unit (OU). An OU is a container 15195// of AWS accounts within a root of an organization. Policies that are attached 15196// to an OU apply to all accounts contained in that OU and in any child OUs. 15197type OrganizationalUnit struct { 15198 _ struct{} `type:"structure"` 15199 15200 // The Amazon Resource Name (ARN) of this OU. 15201 // 15202 // For more information about ARNs in Organizations, see ARN Formats Supported 15203 // by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) 15204 // in the AWS Organizations User Guide. 15205 Arn *string `type:"string"` 15206 15207 // The unique identifier (ID) associated with this OU. 15208 // 15209 // The regex pattern (http://wikipedia.org/wiki/regex) for an organizational 15210 // unit ID string requires "ou-" followed by from 4 to 32 lower-case letters 15211 // or digits (the ID of the root that contains the OU) followed by a second 15212 // "-" dash and from 8 to 32 additional lower-case letters or digits. 15213 Id *string `type:"string"` 15214 15215 // The friendly name of this OU. 15216 // 15217 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 15218 // this parameter is a string of any of the characters in the ASCII character 15219 // range. 15220 Name *string `min:"1" type:"string"` 15221} 15222 15223// String returns the string representation 15224func (s OrganizationalUnit) String() string { 15225 return awsutil.Prettify(s) 15226} 15227 15228// GoString returns the string representation 15229func (s OrganizationalUnit) GoString() string { 15230 return s.String() 15231} 15232 15233// SetArn sets the Arn field's value. 15234func (s *OrganizationalUnit) SetArn(v string) *OrganizationalUnit { 15235 s.Arn = &v 15236 return s 15237} 15238 15239// SetId sets the Id field's value. 15240func (s *OrganizationalUnit) SetId(v string) *OrganizationalUnit { 15241 s.Id = &v 15242 return s 15243} 15244 15245// SetName sets the Name field's value. 15246func (s *OrganizationalUnit) SetName(v string) *OrganizationalUnit { 15247 s.Name = &v 15248 return s 15249} 15250 15251// Contains information about either a root or an organizational unit (OU) that 15252// can contain OUs or accounts in an organization. 15253type Parent struct { 15254 _ struct{} `type:"structure"` 15255 15256 // The unique identifier (ID) of the parent entity. 15257 // 15258 // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string 15259 // requires one of the following: 15260 // 15261 // * Root: a string that begins with "r-" followed by from 4 to 32 lower-case 15262 // letters or digits. 15263 // 15264 // * Organizational unit (OU): a string that begins with "ou-" followed by 15265 // from 4 to 32 lower-case letters or digits (the ID of the root that the 15266 // OU is in) followed by a second "-" dash and from 8 to 32 additional lower-case 15267 // letters or digits. 15268 Id *string `type:"string"` 15269 15270 // The type of the parent entity. 15271 Type *string `type:"string" enum:"ParentType"` 15272} 15273 15274// String returns the string representation 15275func (s Parent) String() string { 15276 return awsutil.Prettify(s) 15277} 15278 15279// GoString returns the string representation 15280func (s Parent) GoString() string { 15281 return s.String() 15282} 15283 15284// SetId sets the Id field's value. 15285func (s *Parent) SetId(v string) *Parent { 15286 s.Id = &v 15287 return s 15288} 15289 15290// SetType sets the Type field's value. 15291func (s *Parent) SetType(v string) *Parent { 15292 s.Type = &v 15293 return s 15294} 15295 15296// Contains rules to be applied to the affected accounts. Policies can be attached 15297// directly to accounts, or to roots and OUs to affect all accounts in those 15298// hierarchies. 15299type Policy struct { 15300 _ struct{} `type:"structure"` 15301 15302 // The text content of the policy. 15303 Content *string `min:"1" type:"string"` 15304 15305 // A structure that contains additional details about the policy. 15306 PolicySummary *PolicySummary `type:"structure"` 15307} 15308 15309// String returns the string representation 15310func (s Policy) String() string { 15311 return awsutil.Prettify(s) 15312} 15313 15314// GoString returns the string representation 15315func (s Policy) GoString() string { 15316 return s.String() 15317} 15318 15319// SetContent sets the Content field's value. 15320func (s *Policy) SetContent(v string) *Policy { 15321 s.Content = &v 15322 return s 15323} 15324 15325// SetPolicySummary sets the PolicySummary field's value. 15326func (s *Policy) SetPolicySummary(v *PolicySummary) *Policy { 15327 s.PolicySummary = v 15328 return s 15329} 15330 15331// Contains information about a policy, but does not include the content. To 15332// see the content of a policy, see DescribePolicy. 15333type PolicySummary struct { 15334 _ struct{} `type:"structure"` 15335 15336 // The Amazon Resource Name (ARN) of the policy. 15337 // 15338 // For more information about ARNs in Organizations, see ARN Formats Supported 15339 // by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) 15340 // in the AWS Organizations User Guide. 15341 Arn *string `type:"string"` 15342 15343 // A boolean value that indicates whether the specified policy is an AWS managed 15344 // policy. If true, then you can attach the policy to roots, OUs, or accounts, 15345 // but you cannot edit it. 15346 AwsManaged *bool `type:"boolean"` 15347 15348 // The description of the policy. 15349 Description *string `type:"string"` 15350 15351 // The unique identifier (ID) of the policy. 15352 // 15353 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 15354 // requires "p-" followed by from 8 to 128 lower-case letters or digits. 15355 Id *string `type:"string"` 15356 15357 // The friendly name of the policy. 15358 // 15359 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 15360 // this parameter is a string of any of the characters in the ASCII character 15361 // range. 15362 Name *string `min:"1" type:"string"` 15363 15364 // The type of policy. 15365 Type *string `type:"string" enum:"PolicyType"` 15366} 15367 15368// String returns the string representation 15369func (s PolicySummary) String() string { 15370 return awsutil.Prettify(s) 15371} 15372 15373// GoString returns the string representation 15374func (s PolicySummary) GoString() string { 15375 return s.String() 15376} 15377 15378// SetArn sets the Arn field's value. 15379func (s *PolicySummary) SetArn(v string) *PolicySummary { 15380 s.Arn = &v 15381 return s 15382} 15383 15384// SetAwsManaged sets the AwsManaged field's value. 15385func (s *PolicySummary) SetAwsManaged(v bool) *PolicySummary { 15386 s.AwsManaged = &v 15387 return s 15388} 15389 15390// SetDescription sets the Description field's value. 15391func (s *PolicySummary) SetDescription(v string) *PolicySummary { 15392 s.Description = &v 15393 return s 15394} 15395 15396// SetId sets the Id field's value. 15397func (s *PolicySummary) SetId(v string) *PolicySummary { 15398 s.Id = &v 15399 return s 15400} 15401 15402// SetName sets the Name field's value. 15403func (s *PolicySummary) SetName(v string) *PolicySummary { 15404 s.Name = &v 15405 return s 15406} 15407 15408// SetType sets the Type field's value. 15409func (s *PolicySummary) SetType(v string) *PolicySummary { 15410 s.Type = &v 15411 return s 15412} 15413 15414// Contains information about a root, OU, or account that a policy is attached 15415// to. 15416type PolicyTargetSummary struct { 15417 _ struct{} `type:"structure"` 15418 15419 // The Amazon Resource Name (ARN) of the policy target. 15420 // 15421 // For more information about ARNs in Organizations, see ARN Formats Supported 15422 // by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) 15423 // in the AWS Organizations User Guide. 15424 Arn *string `type:"string"` 15425 15426 // The friendly name of the policy target. 15427 // 15428 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 15429 // this parameter is a string of any of the characters in the ASCII character 15430 // range. 15431 Name *string `min:"1" type:"string"` 15432 15433 // The unique identifier (ID) of the policy target. 15434 // 15435 // The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string 15436 // requires one of the following: 15437 // 15438 // * Root: a string that begins with "r-" followed by from 4 to 32 lower-case 15439 // letters or digits. 15440 // 15441 // * Account: a string that consists of exactly 12 digits. 15442 // 15443 // * Organizational unit (OU): a string that begins with "ou-" followed by 15444 // from 4 to 32 lower-case letters or digits (the ID of the root that the 15445 // OU is in) followed by a second "-" dash and from 8 to 32 additional lower-case 15446 // letters or digits. 15447 TargetId *string `type:"string"` 15448 15449 // The type of the policy target. 15450 Type *string `type:"string" enum:"TargetType"` 15451} 15452 15453// String returns the string representation 15454func (s PolicyTargetSummary) String() string { 15455 return awsutil.Prettify(s) 15456} 15457 15458// GoString returns the string representation 15459func (s PolicyTargetSummary) GoString() string { 15460 return s.String() 15461} 15462 15463// SetArn sets the Arn field's value. 15464func (s *PolicyTargetSummary) SetArn(v string) *PolicyTargetSummary { 15465 s.Arn = &v 15466 return s 15467} 15468 15469// SetName sets the Name field's value. 15470func (s *PolicyTargetSummary) SetName(v string) *PolicyTargetSummary { 15471 s.Name = &v 15472 return s 15473} 15474 15475// SetTargetId sets the TargetId field's value. 15476func (s *PolicyTargetSummary) SetTargetId(v string) *PolicyTargetSummary { 15477 s.TargetId = &v 15478 return s 15479} 15480 15481// SetType sets the Type field's value. 15482func (s *PolicyTargetSummary) SetType(v string) *PolicyTargetSummary { 15483 s.Type = &v 15484 return s 15485} 15486 15487// Contains information about a policy type and its status in the associated 15488// root. 15489type PolicyTypeSummary struct { 15490 _ struct{} `type:"structure"` 15491 15492 // The status of the policy type as it relates to the associated root. To attach 15493 // a policy of the specified type to a root or to an OU or account in that root, 15494 // it must be available in the organization and enabled for that root. 15495 Status *string `type:"string" enum:"PolicyTypeStatus"` 15496 15497 // The name of the policy type. 15498 Type *string `type:"string" enum:"PolicyType"` 15499} 15500 15501// String returns the string representation 15502func (s PolicyTypeSummary) String() string { 15503 return awsutil.Prettify(s) 15504} 15505 15506// GoString returns the string representation 15507func (s PolicyTypeSummary) GoString() string { 15508 return s.String() 15509} 15510 15511// SetStatus sets the Status field's value. 15512func (s *PolicyTypeSummary) SetStatus(v string) *PolicyTypeSummary { 15513 s.Status = &v 15514 return s 15515} 15516 15517// SetType sets the Type field's value. 15518func (s *PolicyTypeSummary) SetType(v string) *PolicyTypeSummary { 15519 s.Type = &v 15520 return s 15521} 15522 15523type RemoveAccountFromOrganizationInput struct { 15524 _ struct{} `type:"structure"` 15525 15526 // The unique identifier (ID) of the member account that you want to remove 15527 // from the organization. 15528 // 15529 // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string 15530 // requires exactly 12 digits. 15531 // 15532 // AccountId is a required field 15533 AccountId *string `type:"string" required:"true"` 15534} 15535 15536// String returns the string representation 15537func (s RemoveAccountFromOrganizationInput) String() string { 15538 return awsutil.Prettify(s) 15539} 15540 15541// GoString returns the string representation 15542func (s RemoveAccountFromOrganizationInput) GoString() string { 15543 return s.String() 15544} 15545 15546// Validate inspects the fields of the type to determine if they are valid. 15547func (s *RemoveAccountFromOrganizationInput) Validate() error { 15548 invalidParams := request.ErrInvalidParams{Context: "RemoveAccountFromOrganizationInput"} 15549 if s.AccountId == nil { 15550 invalidParams.Add(request.NewErrParamRequired("AccountId")) 15551 } 15552 15553 if invalidParams.Len() > 0 { 15554 return invalidParams 15555 } 15556 return nil 15557} 15558 15559// SetAccountId sets the AccountId field's value. 15560func (s *RemoveAccountFromOrganizationInput) SetAccountId(v string) *RemoveAccountFromOrganizationInput { 15561 s.AccountId = &v 15562 return s 15563} 15564 15565type RemoveAccountFromOrganizationOutput struct { 15566 _ struct{} `type:"structure"` 15567} 15568 15569// String returns the string representation 15570func (s RemoveAccountFromOrganizationOutput) String() string { 15571 return awsutil.Prettify(s) 15572} 15573 15574// GoString returns the string representation 15575func (s RemoveAccountFromOrganizationOutput) GoString() string { 15576 return s.String() 15577} 15578 15579// Contains details about a root. A root is a top-level parent node in the hierarchy 15580// of an organization that can contain organizational units (OUs) and accounts. 15581// Every root contains every AWS account in the organization. Each root enables 15582// the accounts to be organized in a different way and to have different policy 15583// types enabled for use in that root. 15584type Root struct { 15585 _ struct{} `type:"structure"` 15586 15587 // The Amazon Resource Name (ARN) of the root. 15588 // 15589 // For more information about ARNs in Organizations, see ARN Formats Supported 15590 // by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) 15591 // in the AWS Organizations User Guide. 15592 Arn *string `type:"string"` 15593 15594 // The unique identifier (ID) for the root. 15595 // 15596 // The regex pattern (http://wikipedia.org/wiki/regex) for a root ID string 15597 // requires "r-" followed by from 4 to 32 lower-case letters or digits. 15598 Id *string `type:"string"` 15599 15600 // The friendly name of the root. 15601 // 15602 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 15603 // this parameter is a string of any of the characters in the ASCII character 15604 // range. 15605 Name *string `min:"1" type:"string"` 15606 15607 // The types of policies that are currently enabled for the root and therefore 15608 // can be attached to the root or to its OUs or accounts. 15609 // 15610 // Even if a policy type is shown as available in the organization, you can 15611 // separately enable and disable them at the root level by using EnablePolicyType 15612 // and DisablePolicyType. Use DescribeOrganization to see the availability of 15613 // the policy types in that organization. 15614 PolicyTypes []*PolicyTypeSummary `type:"list"` 15615} 15616 15617// String returns the string representation 15618func (s Root) String() string { 15619 return awsutil.Prettify(s) 15620} 15621 15622// GoString returns the string representation 15623func (s Root) GoString() string { 15624 return s.String() 15625} 15626 15627// SetArn sets the Arn field's value. 15628func (s *Root) SetArn(v string) *Root { 15629 s.Arn = &v 15630 return s 15631} 15632 15633// SetId sets the Id field's value. 15634func (s *Root) SetId(v string) *Root { 15635 s.Id = &v 15636 return s 15637} 15638 15639// SetName sets the Name field's value. 15640func (s *Root) SetName(v string) *Root { 15641 s.Name = &v 15642 return s 15643} 15644 15645// SetPolicyTypes sets the PolicyTypes field's value. 15646func (s *Root) SetPolicyTypes(v []*PolicyTypeSummary) *Root { 15647 s.PolicyTypes = v 15648 return s 15649} 15650 15651// A custom key-value pair associated with a resource such as an account within 15652// your organization. 15653type Tag struct { 15654 _ struct{} `type:"structure"` 15655 15656 // The key identifier, or name, of the tag. 15657 // 15658 // Key is a required field 15659 Key *string `min:"1" type:"string" required:"true"` 15660 15661 // The string value that's associated with the key of the tag. You can set the 15662 // value of a tag to an empty string, but you can't set the value of a tag to 15663 // null. 15664 // 15665 // Value is a required field 15666 Value *string `type:"string" required:"true"` 15667} 15668 15669// String returns the string representation 15670func (s Tag) String() string { 15671 return awsutil.Prettify(s) 15672} 15673 15674// GoString returns the string representation 15675func (s Tag) GoString() string { 15676 return s.String() 15677} 15678 15679// Validate inspects the fields of the type to determine if they are valid. 15680func (s *Tag) Validate() error { 15681 invalidParams := request.ErrInvalidParams{Context: "Tag"} 15682 if s.Key == nil { 15683 invalidParams.Add(request.NewErrParamRequired("Key")) 15684 } 15685 if s.Key != nil && len(*s.Key) < 1 { 15686 invalidParams.Add(request.NewErrParamMinLen("Key", 1)) 15687 } 15688 if s.Value == nil { 15689 invalidParams.Add(request.NewErrParamRequired("Value")) 15690 } 15691 15692 if invalidParams.Len() > 0 { 15693 return invalidParams 15694 } 15695 return nil 15696} 15697 15698// SetKey sets the Key field's value. 15699func (s *Tag) SetKey(v string) *Tag { 15700 s.Key = &v 15701 return s 15702} 15703 15704// SetValue sets the Value field's value. 15705func (s *Tag) SetValue(v string) *Tag { 15706 s.Value = &v 15707 return s 15708} 15709 15710type TagResourceInput struct { 15711 _ struct{} `type:"structure"` 15712 15713 // The ID of the resource to add a tag to. 15714 // 15715 // ResourceId is a required field 15716 ResourceId *string `type:"string" required:"true"` 15717 15718 // The tag to add to the specified resource. Specifying the tag key is required. 15719 // You can set the value of a tag to an empty string, but you can't set the 15720 // value of a tag to null. 15721 // 15722 // Tags is a required field 15723 Tags []*Tag `type:"list" required:"true"` 15724} 15725 15726// String returns the string representation 15727func (s TagResourceInput) String() string { 15728 return awsutil.Prettify(s) 15729} 15730 15731// GoString returns the string representation 15732func (s TagResourceInput) GoString() string { 15733 return s.String() 15734} 15735 15736// Validate inspects the fields of the type to determine if they are valid. 15737func (s *TagResourceInput) Validate() error { 15738 invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"} 15739 if s.ResourceId == nil { 15740 invalidParams.Add(request.NewErrParamRequired("ResourceId")) 15741 } 15742 if s.Tags == nil { 15743 invalidParams.Add(request.NewErrParamRequired("Tags")) 15744 } 15745 if s.Tags != nil { 15746 for i, v := range s.Tags { 15747 if v == nil { 15748 continue 15749 } 15750 if err := v.Validate(); err != nil { 15751 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 15752 } 15753 } 15754 } 15755 15756 if invalidParams.Len() > 0 { 15757 return invalidParams 15758 } 15759 return nil 15760} 15761 15762// SetResourceId sets the ResourceId field's value. 15763func (s *TagResourceInput) SetResourceId(v string) *TagResourceInput { 15764 s.ResourceId = &v 15765 return s 15766} 15767 15768// SetTags sets the Tags field's value. 15769func (s *TagResourceInput) SetTags(v []*Tag) *TagResourceInput { 15770 s.Tags = v 15771 return s 15772} 15773 15774type TagResourceOutput struct { 15775 _ struct{} `type:"structure"` 15776} 15777 15778// String returns the string representation 15779func (s TagResourceOutput) String() string { 15780 return awsutil.Prettify(s) 15781} 15782 15783// GoString returns the string representation 15784func (s TagResourceOutput) GoString() string { 15785 return s.String() 15786} 15787 15788type UntagResourceInput struct { 15789 _ struct{} `type:"structure"` 15790 15791 // The ID of the resource to remove the tag from. 15792 // 15793 // ResourceId is a required field 15794 ResourceId *string `type:"string" required:"true"` 15795 15796 // The tag to remove from the specified resource. 15797 // 15798 // TagKeys is a required field 15799 TagKeys []*string `type:"list" required:"true"` 15800} 15801 15802// String returns the string representation 15803func (s UntagResourceInput) String() string { 15804 return awsutil.Prettify(s) 15805} 15806 15807// GoString returns the string representation 15808func (s UntagResourceInput) GoString() string { 15809 return s.String() 15810} 15811 15812// Validate inspects the fields of the type to determine if they are valid. 15813func (s *UntagResourceInput) Validate() error { 15814 invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"} 15815 if s.ResourceId == nil { 15816 invalidParams.Add(request.NewErrParamRequired("ResourceId")) 15817 } 15818 if s.TagKeys == nil { 15819 invalidParams.Add(request.NewErrParamRequired("TagKeys")) 15820 } 15821 15822 if invalidParams.Len() > 0 { 15823 return invalidParams 15824 } 15825 return nil 15826} 15827 15828// SetResourceId sets the ResourceId field's value. 15829func (s *UntagResourceInput) SetResourceId(v string) *UntagResourceInput { 15830 s.ResourceId = &v 15831 return s 15832} 15833 15834// SetTagKeys sets the TagKeys field's value. 15835func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput { 15836 s.TagKeys = v 15837 return s 15838} 15839 15840type UntagResourceOutput struct { 15841 _ struct{} `type:"structure"` 15842} 15843 15844// String returns the string representation 15845func (s UntagResourceOutput) String() string { 15846 return awsutil.Prettify(s) 15847} 15848 15849// GoString returns the string representation 15850func (s UntagResourceOutput) GoString() string { 15851 return s.String() 15852} 15853 15854type UpdateOrganizationalUnitInput struct { 15855 _ struct{} `type:"structure"` 15856 15857 // The new name that you want to assign to the OU. 15858 // 15859 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 15860 // this parameter is a string of any of the characters in the ASCII character 15861 // range. 15862 Name *string `min:"1" type:"string"` 15863 15864 // The unique identifier (ID) of the OU that you want to rename. You can get 15865 // the ID from the ListOrganizationalUnitsForParent operation. 15866 // 15867 // The regex pattern (http://wikipedia.org/wiki/regex) for an organizational 15868 // unit ID string requires "ou-" followed by from 4 to 32 lower-case letters 15869 // or digits (the ID of the root that contains the OU) followed by a second 15870 // "-" dash and from 8 to 32 additional lower-case letters or digits. 15871 // 15872 // OrganizationalUnitId is a required field 15873 OrganizationalUnitId *string `type:"string" required:"true"` 15874} 15875 15876// String returns the string representation 15877func (s UpdateOrganizationalUnitInput) String() string { 15878 return awsutil.Prettify(s) 15879} 15880 15881// GoString returns the string representation 15882func (s UpdateOrganizationalUnitInput) GoString() string { 15883 return s.String() 15884} 15885 15886// Validate inspects the fields of the type to determine if they are valid. 15887func (s *UpdateOrganizationalUnitInput) Validate() error { 15888 invalidParams := request.ErrInvalidParams{Context: "UpdateOrganizationalUnitInput"} 15889 if s.Name != nil && len(*s.Name) < 1 { 15890 invalidParams.Add(request.NewErrParamMinLen("Name", 1)) 15891 } 15892 if s.OrganizationalUnitId == nil { 15893 invalidParams.Add(request.NewErrParamRequired("OrganizationalUnitId")) 15894 } 15895 15896 if invalidParams.Len() > 0 { 15897 return invalidParams 15898 } 15899 return nil 15900} 15901 15902// SetName sets the Name field's value. 15903func (s *UpdateOrganizationalUnitInput) SetName(v string) *UpdateOrganizationalUnitInput { 15904 s.Name = &v 15905 return s 15906} 15907 15908// SetOrganizationalUnitId sets the OrganizationalUnitId field's value. 15909func (s *UpdateOrganizationalUnitInput) SetOrganizationalUnitId(v string) *UpdateOrganizationalUnitInput { 15910 s.OrganizationalUnitId = &v 15911 return s 15912} 15913 15914type UpdateOrganizationalUnitOutput struct { 15915 _ struct{} `type:"structure"` 15916 15917 // A structure that contains the details about the specified OU, including its 15918 // new name. 15919 OrganizationalUnit *OrganizationalUnit `type:"structure"` 15920} 15921 15922// String returns the string representation 15923func (s UpdateOrganizationalUnitOutput) String() string { 15924 return awsutil.Prettify(s) 15925} 15926 15927// GoString returns the string representation 15928func (s UpdateOrganizationalUnitOutput) GoString() string { 15929 return s.String() 15930} 15931 15932// SetOrganizationalUnit sets the OrganizationalUnit field's value. 15933func (s *UpdateOrganizationalUnitOutput) SetOrganizationalUnit(v *OrganizationalUnit) *UpdateOrganizationalUnitOutput { 15934 s.OrganizationalUnit = v 15935 return s 15936} 15937 15938type UpdatePolicyInput struct { 15939 _ struct{} `type:"structure"` 15940 15941 // If provided, the new content for the policy. The text must be correctly formatted 15942 // JSON that complies with the syntax for the policy's type. For more information, 15943 // see Service Control Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html) 15944 // in the AWS Organizations User Guide. 15945 Content *string `min:"1" type:"string"` 15946 15947 // If provided, the new description for the policy. 15948 Description *string `type:"string"` 15949 15950 // If provided, the new name for the policy. 15951 // 15952 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 15953 // this parameter is a string of any of the characters in the ASCII character 15954 // range. 15955 Name *string `min:"1" type:"string"` 15956 15957 // The unique identifier (ID) of the policy that you want to update. 15958 // 15959 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 15960 // requires "p-" followed by from 8 to 128 lower-case letters or digits. 15961 // 15962 // PolicyId is a required field 15963 PolicyId *string `type:"string" required:"true"` 15964} 15965 15966// String returns the string representation 15967func (s UpdatePolicyInput) String() string { 15968 return awsutil.Prettify(s) 15969} 15970 15971// GoString returns the string representation 15972func (s UpdatePolicyInput) GoString() string { 15973 return s.String() 15974} 15975 15976// Validate inspects the fields of the type to determine if they are valid. 15977func (s *UpdatePolicyInput) Validate() error { 15978 invalidParams := request.ErrInvalidParams{Context: "UpdatePolicyInput"} 15979 if s.Content != nil && len(*s.Content) < 1 { 15980 invalidParams.Add(request.NewErrParamMinLen("Content", 1)) 15981 } 15982 if s.Name != nil && len(*s.Name) < 1 { 15983 invalidParams.Add(request.NewErrParamMinLen("Name", 1)) 15984 } 15985 if s.PolicyId == nil { 15986 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 15987 } 15988 15989 if invalidParams.Len() > 0 { 15990 return invalidParams 15991 } 15992 return nil 15993} 15994 15995// SetContent sets the Content field's value. 15996func (s *UpdatePolicyInput) SetContent(v string) *UpdatePolicyInput { 15997 s.Content = &v 15998 return s 15999} 16000 16001// SetDescription sets the Description field's value. 16002func (s *UpdatePolicyInput) SetDescription(v string) *UpdatePolicyInput { 16003 s.Description = &v 16004 return s 16005} 16006 16007// SetName sets the Name field's value. 16008func (s *UpdatePolicyInput) SetName(v string) *UpdatePolicyInput { 16009 s.Name = &v 16010 return s 16011} 16012 16013// SetPolicyId sets the PolicyId field's value. 16014func (s *UpdatePolicyInput) SetPolicyId(v string) *UpdatePolicyInput { 16015 s.PolicyId = &v 16016 return s 16017} 16018 16019type UpdatePolicyOutput struct { 16020 _ struct{} `type:"structure"` 16021 16022 // A structure that contains details about the updated policy, showing the requested 16023 // changes. 16024 Policy *Policy `type:"structure"` 16025} 16026 16027// String returns the string representation 16028func (s UpdatePolicyOutput) String() string { 16029 return awsutil.Prettify(s) 16030} 16031 16032// GoString returns the string representation 16033func (s UpdatePolicyOutput) GoString() string { 16034 return s.String() 16035} 16036 16037// SetPolicy sets the Policy field's value. 16038func (s *UpdatePolicyOutput) SetPolicy(v *Policy) *UpdatePolicyOutput { 16039 s.Policy = v 16040 return s 16041} 16042 16043const ( 16044 // AccessDeniedForDependencyExceptionReasonAccessDeniedDuringCreateServiceLinkedRole is a AccessDeniedForDependencyExceptionReason enum value 16045 AccessDeniedForDependencyExceptionReasonAccessDeniedDuringCreateServiceLinkedRole = "ACCESS_DENIED_DURING_CREATE_SERVICE_LINKED_ROLE" 16046) 16047 16048const ( 16049 // AccountJoinedMethodInvited is a AccountJoinedMethod enum value 16050 AccountJoinedMethodInvited = "INVITED" 16051 16052 // AccountJoinedMethodCreated is a AccountJoinedMethod enum value 16053 AccountJoinedMethodCreated = "CREATED" 16054) 16055 16056const ( 16057 // AccountStatusActive is a AccountStatus enum value 16058 AccountStatusActive = "ACTIVE" 16059 16060 // AccountStatusSuspended is a AccountStatus enum value 16061 AccountStatusSuspended = "SUSPENDED" 16062) 16063 16064const ( 16065 // ActionTypeInvite is a ActionType enum value 16066 ActionTypeInvite = "INVITE" 16067 16068 // ActionTypeEnableAllFeatures is a ActionType enum value 16069 ActionTypeEnableAllFeatures = "ENABLE_ALL_FEATURES" 16070 16071 // ActionTypeApproveAllFeatures is a ActionType enum value 16072 ActionTypeApproveAllFeatures = "APPROVE_ALL_FEATURES" 16073 16074 // ActionTypeAddOrganizationsServiceLinkedRole is a ActionType enum value 16075 ActionTypeAddOrganizationsServiceLinkedRole = "ADD_ORGANIZATIONS_SERVICE_LINKED_ROLE" 16076) 16077 16078const ( 16079 // ChildTypeAccount is a ChildType enum value 16080 ChildTypeAccount = "ACCOUNT" 16081 16082 // ChildTypeOrganizationalUnit is a ChildType enum value 16083 ChildTypeOrganizationalUnit = "ORGANIZATIONAL_UNIT" 16084) 16085 16086const ( 16087 // ConstraintViolationExceptionReasonAccountNumberLimitExceeded is a ConstraintViolationExceptionReason enum value 16088 ConstraintViolationExceptionReasonAccountNumberLimitExceeded = "ACCOUNT_NUMBER_LIMIT_EXCEEDED" 16089 16090 // ConstraintViolationExceptionReasonHandshakeRateLimitExceeded is a ConstraintViolationExceptionReason enum value 16091 ConstraintViolationExceptionReasonHandshakeRateLimitExceeded = "HANDSHAKE_RATE_LIMIT_EXCEEDED" 16092 16093 // ConstraintViolationExceptionReasonOuNumberLimitExceeded is a ConstraintViolationExceptionReason enum value 16094 ConstraintViolationExceptionReasonOuNumberLimitExceeded = "OU_NUMBER_LIMIT_EXCEEDED" 16095 16096 // ConstraintViolationExceptionReasonOuDepthLimitExceeded is a ConstraintViolationExceptionReason enum value 16097 ConstraintViolationExceptionReasonOuDepthLimitExceeded = "OU_DEPTH_LIMIT_EXCEEDED" 16098 16099 // ConstraintViolationExceptionReasonPolicyNumberLimitExceeded is a ConstraintViolationExceptionReason enum value 16100 ConstraintViolationExceptionReasonPolicyNumberLimitExceeded = "POLICY_NUMBER_LIMIT_EXCEEDED" 16101 16102 // ConstraintViolationExceptionReasonMaxPolicyTypeAttachmentLimitExceeded is a ConstraintViolationExceptionReason enum value 16103 ConstraintViolationExceptionReasonMaxPolicyTypeAttachmentLimitExceeded = "MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED" 16104 16105 // ConstraintViolationExceptionReasonMinPolicyTypeAttachmentLimitExceeded is a ConstraintViolationExceptionReason enum value 16106 ConstraintViolationExceptionReasonMinPolicyTypeAttachmentLimitExceeded = "MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED" 16107 16108 // ConstraintViolationExceptionReasonAccountCannotLeaveOrganization is a ConstraintViolationExceptionReason enum value 16109 ConstraintViolationExceptionReasonAccountCannotLeaveOrganization = "ACCOUNT_CANNOT_LEAVE_ORGANIZATION" 16110 16111 // ConstraintViolationExceptionReasonAccountCannotLeaveWithoutEula is a ConstraintViolationExceptionReason enum value 16112 ConstraintViolationExceptionReasonAccountCannotLeaveWithoutEula = "ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA" 16113 16114 // ConstraintViolationExceptionReasonAccountCannotLeaveWithoutPhoneVerification is a ConstraintViolationExceptionReason enum value 16115 ConstraintViolationExceptionReasonAccountCannotLeaveWithoutPhoneVerification = "ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION" 16116 16117 // ConstraintViolationExceptionReasonMasterAccountPaymentInstrumentRequired is a ConstraintViolationExceptionReason enum value 16118 ConstraintViolationExceptionReasonMasterAccountPaymentInstrumentRequired = "MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED" 16119 16120 // ConstraintViolationExceptionReasonMemberAccountPaymentInstrumentRequired is a ConstraintViolationExceptionReason enum value 16121 ConstraintViolationExceptionReasonMemberAccountPaymentInstrumentRequired = "MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED" 16122 16123 // ConstraintViolationExceptionReasonAccountCreationRateLimitExceeded is a ConstraintViolationExceptionReason enum value 16124 ConstraintViolationExceptionReasonAccountCreationRateLimitExceeded = "ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED" 16125 16126 // ConstraintViolationExceptionReasonMasterAccountAddressDoesNotMatchMarketplace is a ConstraintViolationExceptionReason enum value 16127 ConstraintViolationExceptionReasonMasterAccountAddressDoesNotMatchMarketplace = "MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE" 16128 16129 // ConstraintViolationExceptionReasonMasterAccountMissingContactInfo is a ConstraintViolationExceptionReason enum value 16130 ConstraintViolationExceptionReasonMasterAccountMissingContactInfo = "MASTER_ACCOUNT_MISSING_CONTACT_INFO" 16131 16132 // ConstraintViolationExceptionReasonMasterAccountNotGovcloudEnabled is a ConstraintViolationExceptionReason enum value 16133 ConstraintViolationExceptionReasonMasterAccountNotGovcloudEnabled = "MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED" 16134 16135 // ConstraintViolationExceptionReasonOrganizationNotInAllFeaturesMode is a ConstraintViolationExceptionReason enum value 16136 ConstraintViolationExceptionReasonOrganizationNotInAllFeaturesMode = "ORGANIZATION_NOT_IN_ALL_FEATURES_MODE" 16137 16138 // ConstraintViolationExceptionReasonCreateOrganizationInBillingModeUnsupportedRegion is a ConstraintViolationExceptionReason enum value 16139 ConstraintViolationExceptionReasonCreateOrganizationInBillingModeUnsupportedRegion = "CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION" 16140 16141 // ConstraintViolationExceptionReasonEmailVerificationCodeExpired is a ConstraintViolationExceptionReason enum value 16142 ConstraintViolationExceptionReasonEmailVerificationCodeExpired = "EMAIL_VERIFICATION_CODE_EXPIRED" 16143 16144 // ConstraintViolationExceptionReasonWaitPeriodActive is a ConstraintViolationExceptionReason enum value 16145 ConstraintViolationExceptionReasonWaitPeriodActive = "WAIT_PERIOD_ACTIVE" 16146 16147 // ConstraintViolationExceptionReasonMaxTagLimitExceeded is a ConstraintViolationExceptionReason enum value 16148 ConstraintViolationExceptionReasonMaxTagLimitExceeded = "MAX_TAG_LIMIT_EXCEEDED" 16149 16150 // ConstraintViolationExceptionReasonTagPolicyViolation is a ConstraintViolationExceptionReason enum value 16151 ConstraintViolationExceptionReasonTagPolicyViolation = "TAG_POLICY_VIOLATION" 16152) 16153 16154const ( 16155 // CreateAccountFailureReasonAccountLimitExceeded is a CreateAccountFailureReason enum value 16156 CreateAccountFailureReasonAccountLimitExceeded = "ACCOUNT_LIMIT_EXCEEDED" 16157 16158 // CreateAccountFailureReasonEmailAlreadyExists is a CreateAccountFailureReason enum value 16159 CreateAccountFailureReasonEmailAlreadyExists = "EMAIL_ALREADY_EXISTS" 16160 16161 // CreateAccountFailureReasonInvalidAddress is a CreateAccountFailureReason enum value 16162 CreateAccountFailureReasonInvalidAddress = "INVALID_ADDRESS" 16163 16164 // CreateAccountFailureReasonInvalidEmail is a CreateAccountFailureReason enum value 16165 CreateAccountFailureReasonInvalidEmail = "INVALID_EMAIL" 16166 16167 // CreateAccountFailureReasonConcurrentAccountModification is a CreateAccountFailureReason enum value 16168 CreateAccountFailureReasonConcurrentAccountModification = "CONCURRENT_ACCOUNT_MODIFICATION" 16169 16170 // CreateAccountFailureReasonInternalFailure is a CreateAccountFailureReason enum value 16171 CreateAccountFailureReasonInternalFailure = "INTERNAL_FAILURE" 16172) 16173 16174const ( 16175 // CreateAccountStateInProgress is a CreateAccountState enum value 16176 CreateAccountStateInProgress = "IN_PROGRESS" 16177 16178 // CreateAccountStateSucceeded is a CreateAccountState enum value 16179 CreateAccountStateSucceeded = "SUCCEEDED" 16180 16181 // CreateAccountStateFailed is a CreateAccountState enum value 16182 CreateAccountStateFailed = "FAILED" 16183) 16184 16185const ( 16186 // HandshakeConstraintViolationExceptionReasonAccountNumberLimitExceeded is a HandshakeConstraintViolationExceptionReason enum value 16187 HandshakeConstraintViolationExceptionReasonAccountNumberLimitExceeded = "ACCOUNT_NUMBER_LIMIT_EXCEEDED" 16188 16189 // HandshakeConstraintViolationExceptionReasonHandshakeRateLimitExceeded is a HandshakeConstraintViolationExceptionReason enum value 16190 HandshakeConstraintViolationExceptionReasonHandshakeRateLimitExceeded = "HANDSHAKE_RATE_LIMIT_EXCEEDED" 16191 16192 // HandshakeConstraintViolationExceptionReasonAlreadyInAnOrganization is a HandshakeConstraintViolationExceptionReason enum value 16193 HandshakeConstraintViolationExceptionReasonAlreadyInAnOrganization = "ALREADY_IN_AN_ORGANIZATION" 16194 16195 // HandshakeConstraintViolationExceptionReasonOrganizationAlreadyHasAllFeatures is a HandshakeConstraintViolationExceptionReason enum value 16196 HandshakeConstraintViolationExceptionReasonOrganizationAlreadyHasAllFeatures = "ORGANIZATION_ALREADY_HAS_ALL_FEATURES" 16197 16198 // HandshakeConstraintViolationExceptionReasonInviteDisabledDuringEnableAllFeatures is a HandshakeConstraintViolationExceptionReason enum value 16199 HandshakeConstraintViolationExceptionReasonInviteDisabledDuringEnableAllFeatures = "INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES" 16200 16201 // HandshakeConstraintViolationExceptionReasonPaymentInstrumentRequired is a HandshakeConstraintViolationExceptionReason enum value 16202 HandshakeConstraintViolationExceptionReasonPaymentInstrumentRequired = "PAYMENT_INSTRUMENT_REQUIRED" 16203 16204 // HandshakeConstraintViolationExceptionReasonOrganizationFromDifferentSellerOfRecord is a HandshakeConstraintViolationExceptionReason enum value 16205 HandshakeConstraintViolationExceptionReasonOrganizationFromDifferentSellerOfRecord = "ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD" 16206 16207 // HandshakeConstraintViolationExceptionReasonOrganizationMembershipChangeRateLimitExceeded is a HandshakeConstraintViolationExceptionReason enum value 16208 HandshakeConstraintViolationExceptionReasonOrganizationMembershipChangeRateLimitExceeded = "ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED" 16209) 16210 16211const ( 16212 // HandshakePartyTypeAccount is a HandshakePartyType enum value 16213 HandshakePartyTypeAccount = "ACCOUNT" 16214 16215 // HandshakePartyTypeOrganization is a HandshakePartyType enum value 16216 HandshakePartyTypeOrganization = "ORGANIZATION" 16217 16218 // HandshakePartyTypeEmail is a HandshakePartyType enum value 16219 HandshakePartyTypeEmail = "EMAIL" 16220) 16221 16222const ( 16223 // HandshakeResourceTypeAccount is a HandshakeResourceType enum value 16224 HandshakeResourceTypeAccount = "ACCOUNT" 16225 16226 // HandshakeResourceTypeOrganization is a HandshakeResourceType enum value 16227 HandshakeResourceTypeOrganization = "ORGANIZATION" 16228 16229 // HandshakeResourceTypeOrganizationFeatureSet is a HandshakeResourceType enum value 16230 HandshakeResourceTypeOrganizationFeatureSet = "ORGANIZATION_FEATURE_SET" 16231 16232 // HandshakeResourceTypeEmail is a HandshakeResourceType enum value 16233 HandshakeResourceTypeEmail = "EMAIL" 16234 16235 // HandshakeResourceTypeMasterEmail is a HandshakeResourceType enum value 16236 HandshakeResourceTypeMasterEmail = "MASTER_EMAIL" 16237 16238 // HandshakeResourceTypeMasterName is a HandshakeResourceType enum value 16239 HandshakeResourceTypeMasterName = "MASTER_NAME" 16240 16241 // HandshakeResourceTypeNotes is a HandshakeResourceType enum value 16242 HandshakeResourceTypeNotes = "NOTES" 16243 16244 // HandshakeResourceTypeParentHandshake is a HandshakeResourceType enum value 16245 HandshakeResourceTypeParentHandshake = "PARENT_HANDSHAKE" 16246) 16247 16248const ( 16249 // HandshakeStateRequested is a HandshakeState enum value 16250 HandshakeStateRequested = "REQUESTED" 16251 16252 // HandshakeStateOpen is a HandshakeState enum value 16253 HandshakeStateOpen = "OPEN" 16254 16255 // HandshakeStateCanceled is a HandshakeState enum value 16256 HandshakeStateCanceled = "CANCELED" 16257 16258 // HandshakeStateAccepted is a HandshakeState enum value 16259 HandshakeStateAccepted = "ACCEPTED" 16260 16261 // HandshakeStateDeclined is a HandshakeState enum value 16262 HandshakeStateDeclined = "DECLINED" 16263 16264 // HandshakeStateExpired is a HandshakeState enum value 16265 HandshakeStateExpired = "EXPIRED" 16266) 16267 16268const ( 16269 // IAMUserAccessToBillingAllow is a IAMUserAccessToBilling enum value 16270 IAMUserAccessToBillingAllow = "ALLOW" 16271 16272 // IAMUserAccessToBillingDeny is a IAMUserAccessToBilling enum value 16273 IAMUserAccessToBillingDeny = "DENY" 16274) 16275 16276const ( 16277 // InvalidInputExceptionReasonInvalidPartyTypeTarget is a InvalidInputExceptionReason enum value 16278 InvalidInputExceptionReasonInvalidPartyTypeTarget = "INVALID_PARTY_TYPE_TARGET" 16279 16280 // InvalidInputExceptionReasonInvalidSyntaxOrganizationArn is a InvalidInputExceptionReason enum value 16281 InvalidInputExceptionReasonInvalidSyntaxOrganizationArn = "INVALID_SYNTAX_ORGANIZATION_ARN" 16282 16283 // InvalidInputExceptionReasonInvalidSyntaxPolicyId is a InvalidInputExceptionReason enum value 16284 InvalidInputExceptionReasonInvalidSyntaxPolicyId = "INVALID_SYNTAX_POLICY_ID" 16285 16286 // InvalidInputExceptionReasonInvalidEnum is a InvalidInputExceptionReason enum value 16287 InvalidInputExceptionReasonInvalidEnum = "INVALID_ENUM" 16288 16289 // InvalidInputExceptionReasonInvalidListMember is a InvalidInputExceptionReason enum value 16290 InvalidInputExceptionReasonInvalidListMember = "INVALID_LIST_MEMBER" 16291 16292 // InvalidInputExceptionReasonMaxLengthExceeded is a InvalidInputExceptionReason enum value 16293 InvalidInputExceptionReasonMaxLengthExceeded = "MAX_LENGTH_EXCEEDED" 16294 16295 // InvalidInputExceptionReasonMaxValueExceeded is a InvalidInputExceptionReason enum value 16296 InvalidInputExceptionReasonMaxValueExceeded = "MAX_VALUE_EXCEEDED" 16297 16298 // InvalidInputExceptionReasonMinLengthExceeded is a InvalidInputExceptionReason enum value 16299 InvalidInputExceptionReasonMinLengthExceeded = "MIN_LENGTH_EXCEEDED" 16300 16301 // InvalidInputExceptionReasonMinValueExceeded is a InvalidInputExceptionReason enum value 16302 InvalidInputExceptionReasonMinValueExceeded = "MIN_VALUE_EXCEEDED" 16303 16304 // InvalidInputExceptionReasonImmutablePolicy is a InvalidInputExceptionReason enum value 16305 InvalidInputExceptionReasonImmutablePolicy = "IMMUTABLE_POLICY" 16306 16307 // InvalidInputExceptionReasonInvalidPattern is a InvalidInputExceptionReason enum value 16308 InvalidInputExceptionReasonInvalidPattern = "INVALID_PATTERN" 16309 16310 // InvalidInputExceptionReasonInvalidPatternTargetId is a InvalidInputExceptionReason enum value 16311 InvalidInputExceptionReasonInvalidPatternTargetId = "INVALID_PATTERN_TARGET_ID" 16312 16313 // InvalidInputExceptionReasonInputRequired is a InvalidInputExceptionReason enum value 16314 InvalidInputExceptionReasonInputRequired = "INPUT_REQUIRED" 16315 16316 // InvalidInputExceptionReasonInvalidNextToken is a InvalidInputExceptionReason enum value 16317 InvalidInputExceptionReasonInvalidNextToken = "INVALID_NEXT_TOKEN" 16318 16319 // InvalidInputExceptionReasonMaxLimitExceededFilter is a InvalidInputExceptionReason enum value 16320 InvalidInputExceptionReasonMaxLimitExceededFilter = "MAX_LIMIT_EXCEEDED_FILTER" 16321 16322 // InvalidInputExceptionReasonMovingAccountBetweenDifferentRoots is a InvalidInputExceptionReason enum value 16323 InvalidInputExceptionReasonMovingAccountBetweenDifferentRoots = "MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS" 16324 16325 // InvalidInputExceptionReasonInvalidFullNameTarget is a InvalidInputExceptionReason enum value 16326 InvalidInputExceptionReasonInvalidFullNameTarget = "INVALID_FULL_NAME_TARGET" 16327 16328 // InvalidInputExceptionReasonUnrecognizedServicePrincipal is a InvalidInputExceptionReason enum value 16329 InvalidInputExceptionReasonUnrecognizedServicePrincipal = "UNRECOGNIZED_SERVICE_PRINCIPAL" 16330 16331 // InvalidInputExceptionReasonInvalidRoleName is a InvalidInputExceptionReason enum value 16332 InvalidInputExceptionReasonInvalidRoleName = "INVALID_ROLE_NAME" 16333 16334 // InvalidInputExceptionReasonInvalidSystemTagsParameter is a InvalidInputExceptionReason enum value 16335 InvalidInputExceptionReasonInvalidSystemTagsParameter = "INVALID_SYSTEM_TAGS_PARAMETER" 16336) 16337 16338const ( 16339 // OrganizationFeatureSetAll is a OrganizationFeatureSet enum value 16340 OrganizationFeatureSetAll = "ALL" 16341 16342 // OrganizationFeatureSetConsolidatedBilling is a OrganizationFeatureSet enum value 16343 OrganizationFeatureSetConsolidatedBilling = "CONSOLIDATED_BILLING" 16344) 16345 16346const ( 16347 // ParentTypeRoot is a ParentType enum value 16348 ParentTypeRoot = "ROOT" 16349 16350 // ParentTypeOrganizationalUnit is a ParentType enum value 16351 ParentTypeOrganizationalUnit = "ORGANIZATIONAL_UNIT" 16352) 16353 16354const ( 16355 // PolicyTypeServiceControlPolicy is a PolicyType enum value 16356 PolicyTypeServiceControlPolicy = "SERVICE_CONTROL_POLICY" 16357) 16358 16359const ( 16360 // PolicyTypeStatusEnabled is a PolicyTypeStatus enum value 16361 PolicyTypeStatusEnabled = "ENABLED" 16362 16363 // PolicyTypeStatusPendingEnable is a PolicyTypeStatus enum value 16364 PolicyTypeStatusPendingEnable = "PENDING_ENABLE" 16365 16366 // PolicyTypeStatusPendingDisable is a PolicyTypeStatus enum value 16367 PolicyTypeStatusPendingDisable = "PENDING_DISABLE" 16368) 16369 16370const ( 16371 // TargetTypeAccount is a TargetType enum value 16372 TargetTypeAccount = "ACCOUNT" 16373 16374 // TargetTypeOrganizationalUnit is a TargetType enum value 16375 TargetTypeOrganizationalUnit = "ORGANIZATIONAL_UNIT" 16376 16377 // TargetTypeRoot is a TargetType enum value 16378 TargetTypeRoot = "ROOT" 16379) 16380