1// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. 2 3package organizations 4 5import ( 6 "fmt" 7 "time" 8 9 "github.com/aws/aws-sdk-go/aws" 10 "github.com/aws/aws-sdk-go/aws/awsutil" 11 "github.com/aws/aws-sdk-go/aws/request" 12 "github.com/aws/aws-sdk-go/private/protocol" 13 "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" 14) 15 16const opAcceptHandshake = "AcceptHandshake" 17 18// AcceptHandshakeRequest generates a "aws/request.Request" representing the 19// client's request for the AcceptHandshake operation. The "output" return 20// value will be populated with the request's response once the request completes 21// successfully. 22// 23// Use "Send" method on the returned Request to send the API call to the service. 24// the "output" return value is not valid until after Send returns without error. 25// 26// See AcceptHandshake for more information on using the AcceptHandshake 27// API call, and error handling. 28// 29// This method is useful when you want to inject custom logic or configuration 30// into the SDK's request lifecycle. Such as custom headers, or retry logic. 31// 32// 33// // Example sending a request using the AcceptHandshakeRequest method. 34// req, resp := client.AcceptHandshakeRequest(params) 35// 36// err := req.Send() 37// if err == nil { // resp is now filled 38// fmt.Println(resp) 39// } 40// 41// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AcceptHandshake 42func (c *Organizations) AcceptHandshakeRequest(input *AcceptHandshakeInput) (req *request.Request, output *AcceptHandshakeOutput) { 43 op := &request.Operation{ 44 Name: opAcceptHandshake, 45 HTTPMethod: "POST", 46 HTTPPath: "/", 47 } 48 49 if input == nil { 50 input = &AcceptHandshakeInput{} 51 } 52 53 output = &AcceptHandshakeOutput{} 54 req = c.newRequest(op, input, output) 55 return 56} 57 58// AcceptHandshake API operation for AWS Organizations. 59// 60// Sends a response to the originator of a handshake agreeing to the action 61// proposed by the handshake request. 62// 63// This operation can be called only by the following principals when they also 64// have the relevant IAM permissions: 65// 66// * Invitation to join or Approve all features request handshakes: only 67// a principal from the member account. The user who calls the API for an 68// invitation to join must have the organizations:AcceptHandshake permission. 69// If you enabled all features in the organization, the user must also have 70// the iam:CreateServiceLinkedRole permission so that AWS Organizations can 71// create the required service-linked role named AWSServiceRoleForOrganizations. 72// For more information, see AWS Organizations and Service-Linked Roles (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integration_services.html#orgs_integration_service-linked-roles) 73// in the AWS Organizations User Guide. 74// 75// * Enable all features final confirmation handshake: only a principal from 76// the management account. For more information about invitations, see Inviting 77// an AWS Account to Join Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_invites.html) 78// in the AWS Organizations User Guide. For more information about requests 79// to enable all features in the organization, see Enabling All Features 80// in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) 81// in the AWS Organizations User Guide. 82// 83// After you accept a handshake, it continues to appear in the results of relevant 84// APIs for only 30 days. After that, it's deleted. 85// 86// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 87// with awserr.Error's Code and Message methods to get detailed information about 88// the error. 89// 90// See the AWS API reference guide for AWS Organizations's 91// API operation AcceptHandshake for usage and error information. 92// 93// Returned Error Types: 94// * AccessDeniedException 95// You don't have permissions to perform the requested operation. The user or 96// role that is making the request must have at least one IAM permissions policy 97// attached that grants the required permissions. For more information, see 98// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 99// in the IAM User Guide. 100// 101// * AWSOrganizationsNotInUseException 102// Your account isn't a member of an organization. To make this request, you 103// must use the credentials of an account that belongs to an organization. 104// 105// * HandshakeConstraintViolationException 106// The requested operation would violate the constraint identified in the reason 107// code. 108// 109// Some of the reasons in the following list might not be applicable to this 110// specific API or operation: 111// 112// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 113// the number of accounts in an organization. Note that deleted and closed 114// accounts still count toward your limit. If you get this exception immediately 115// after creating the organization, wait one hour and try again. If after 116// an hour it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/). 117// 118// * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because 119// the invited account is already a member of an organization. 120// 121// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 122// handshakes that you can send in one day. 123// 124// * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations 125// to join an organization while it's in the process of enabling all features. 126// You can resume inviting accounts after you finalize the process when all 127// accounts have agreed to the change. 128// 129// * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid 130// because the organization has already enabled all features. 131// 132// * ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake 133// request is invalid because the organization has already started the process 134// to enable all features. 135// 136// * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because 137// the account is from a different marketplace than the accounts in the organization. 138// For example, accounts with India addresses must be associated with the 139// AISPL marketplace. All accounts in an organization must be from the same 140// marketplace. 141// 142// * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to 143// change the membership of an account too quickly after its previous change. 144// 145// * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an 146// account that doesn't have a payment instrument, such as a credit card, 147// associated with it. 148// 149// * HandshakeNotFoundException 150// We can't find a handshake with the HandshakeId that you specified. 151// 152// * InvalidHandshakeTransitionException 153// You can't perform the operation on the handshake in its current state. For 154// example, you can't cancel a handshake that was already accepted or accept 155// a handshake that was already declined. 156// 157// * HandshakeAlreadyInStateException 158// The specified handshake is already in the requested state. For example, you 159// can't accept a handshake that was already accepted. 160// 161// * InvalidInputException 162// The requested operation failed because you provided invalid values for one 163// or more of the request parameters. This exception includes a reason that 164// contains additional information about the violated limit: 165// 166// Some of the reasons in the following list might not be applicable to this 167// specific API or operation. 168// 169// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 170// the same entity. 171// 172// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 173// can't be modified. 174// 175// * INPUT_REQUIRED: You must include a value for all required parameters. 176// 177// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 178// for the invited account owner. 179// 180// * INVALID_ENUM: You specified an invalid value. 181// 182// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 183// 184// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 185// characters. 186// 187// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 188// at least one invalid value. 189// 190// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 191// from the response to a previous call of the operation. 192// 193// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 194// organization, or email) as a party. 195// 196// * INVALID_PATTERN: You provided a value that doesn't match the required 197// pattern. 198// 199// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 200// match the required pattern. 201// 202// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 203// name can't begin with the reserved prefix AWSServiceRoleFor. 204// 205// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 206// Name (ARN) for the organization. 207// 208// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 209// 210// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 211// tag. You can’t add, edit, or delete system tag keys because they're 212// reserved for AWS use. System tags don’t count against your tags per 213// resource limit. 214// 215// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 216// for the operation. 217// 218// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 219// than allowed. 220// 221// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 222// value than allowed. 223// 224// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 225// than allowed. 226// 227// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 228// value than allowed. 229// 230// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 231// between entities in the same root. 232// 233// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 234// target entity. 235// 236// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 237// isn't recognized. 238// 239// * ConcurrentModificationException 240// The target of the operation is currently being modified by a different request. 241// Try again later. 242// 243// * ServiceException 244// AWS Organizations can't complete your request because of an internal service 245// error. Try again later. 246// 247// * TooManyRequestsException 248// You have sent too many requests in too short a period of time. The quota 249// helps protect against denial-of-service attacks. Try again later. 250// 251// For information about quotas that affect AWS Organizations, see Quotas for 252// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 253// the AWS Organizations User Guide. 254// 255// * AccessDeniedForDependencyException 256// The operation that you attempted requires you to have the iam:CreateServiceLinkedRole 257// for organizations.amazonaws.com permission so that AWS Organizations can 258// create the required service-linked role. You don't have that permission. 259// 260// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AcceptHandshake 261func (c *Organizations) AcceptHandshake(input *AcceptHandshakeInput) (*AcceptHandshakeOutput, error) { 262 req, out := c.AcceptHandshakeRequest(input) 263 return out, req.Send() 264} 265 266// AcceptHandshakeWithContext is the same as AcceptHandshake with the addition of 267// the ability to pass a context and additional request options. 268// 269// See AcceptHandshake for details on how to use this API operation. 270// 271// The context must be non-nil and will be used for request cancellation. If 272// the context is nil a panic will occur. In the future the SDK may create 273// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 274// for more information on using Contexts. 275func (c *Organizations) AcceptHandshakeWithContext(ctx aws.Context, input *AcceptHandshakeInput, opts ...request.Option) (*AcceptHandshakeOutput, error) { 276 req, out := c.AcceptHandshakeRequest(input) 277 req.SetContext(ctx) 278 req.ApplyOptions(opts...) 279 return out, req.Send() 280} 281 282const opAttachPolicy = "AttachPolicy" 283 284// AttachPolicyRequest generates a "aws/request.Request" representing the 285// client's request for the AttachPolicy operation. The "output" return 286// value will be populated with the request's response once the request completes 287// successfully. 288// 289// Use "Send" method on the returned Request to send the API call to the service. 290// the "output" return value is not valid until after Send returns without error. 291// 292// See AttachPolicy for more information on using the AttachPolicy 293// API call, and error handling. 294// 295// This method is useful when you want to inject custom logic or configuration 296// into the SDK's request lifecycle. Such as custom headers, or retry logic. 297// 298// 299// // Example sending a request using the AttachPolicyRequest method. 300// req, resp := client.AttachPolicyRequest(params) 301// 302// err := req.Send() 303// if err == nil { // resp is now filled 304// fmt.Println(resp) 305// } 306// 307// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AttachPolicy 308func (c *Organizations) AttachPolicyRequest(input *AttachPolicyInput) (req *request.Request, output *AttachPolicyOutput) { 309 op := &request.Operation{ 310 Name: opAttachPolicy, 311 HTTPMethod: "POST", 312 HTTPPath: "/", 313 } 314 315 if input == nil { 316 input = &AttachPolicyInput{} 317 } 318 319 output = &AttachPolicyOutput{} 320 req = c.newRequest(op, input, output) 321 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 322 return 323} 324 325// AttachPolicy API operation for AWS Organizations. 326// 327// Attaches a policy to a root, an organizational unit (OU), or an individual 328// account. How the policy affects accounts depends on the type of policy. Refer 329// to the AWS Organizations User Guide for information about each policy type: 330// 331// * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html) 332// 333// * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html) 334// 335// * SERVICE_CONTROL_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html) 336// 337// * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html) 338// 339// This operation can be called only from the organization's management account. 340// 341// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 342// with awserr.Error's Code and Message methods to get detailed information about 343// the error. 344// 345// See the AWS API reference guide for AWS Organizations's 346// API operation AttachPolicy for usage and error information. 347// 348// Returned Error Types: 349// * AccessDeniedException 350// You don't have permissions to perform the requested operation. The user or 351// role that is making the request must have at least one IAM permissions policy 352// attached that grants the required permissions. For more information, see 353// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 354// in the IAM User Guide. 355// 356// * AWSOrganizationsNotInUseException 357// Your account isn't a member of an organization. To make this request, you 358// must use the credentials of an account that belongs to an organization. 359// 360// * ConcurrentModificationException 361// The target of the operation is currently being modified by a different request. 362// Try again later. 363// 364// * ConstraintViolationException 365// Performing this operation violates a minimum or maximum value limit. For 366// example, attempting to remove the last service control policy (SCP) from 367// an OU or root, inviting or creating too many accounts to the organization, 368// or attaching too many policies to an account, OU, or root. This exception 369// includes a reason that contains additional information about the violated 370// limit: 371// 372// Some of the reasons in the following list might not be applicable to this 373// specific API or operation. 374// 375// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 376// account from the organization. You can't remove the management account. 377// Instead, after you remove all member accounts, delete the organization 378// itself. 379// 380// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 381// from the organization that doesn't yet have enough information to exist 382// as a standalone account. This account requires you to first agree to the 383// AWS Customer Agreement. Follow the steps at Removing a member account 384// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 385// the AWS Organizations User Guide. 386// 387// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 388// an account from the organization that doesn't yet have enough information 389// to exist as a standalone account. This account requires you to first complete 390// phone verification. Follow the steps at Removing a member account from 391// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 392// in the AWS Organizations User Guide. 393// 394// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 395// of accounts that you can create in one day. 396// 397// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 398// the number of accounts in an organization. If you need more accounts, 399// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 400// request an increase in your limit. Or the number of invitations that you 401// tried to send would cause you to exceed the limit of accounts in your 402// organization. Send fewer invitations or contact AWS Support to request 403// an increase in the number of accounts. Deleted and closed accounts still 404// count toward your limit. If you get this exception when running a command 405// immediately after creating the organization, wait one hour and try again. 406// After an hour, if the command continues to fail with this error, contact 407// AWS Support (https://console.aws.amazon.com/support/home#/). 408// 409// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 410// register the management account of the organization as a delegated administrator 411// for an AWS service integrated with Organizations. You can designate only 412// a member account as a delegated administrator. 413// 414// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 415// an account that is registered as a delegated administrator for a service 416// integrated with your organization. To complete this operation, you must 417// first deregister this account as a delegated administrator. 418// 419// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 420// organization in the specified region, you must enable all features mode. 421// 422// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 423// an AWS account as a delegated administrator for an AWS service that already 424// has a delegated administrator. To complete this operation, you must first 425// deregister any existing delegated administrators for this service. 426// 427// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 428// valid for a limited period of time. You must resubmit the request and 429// generate a new verfication code. 430// 431// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 432// handshakes that you can send in one day. 433// 434// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 435// in this organization, you first must migrate the organization's management 436// account to the marketplace that corresponds to the management account's 437// address. For example, accounts with India addresses must be associated 438// with the AISPL marketplace. All accounts in an organization must be associated 439// with the same marketplace. 440// 441// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 442// in China. To create an organization, the master must have a valid business 443// license. For more information, contact customer support. 444// 445// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 446// must first provide a valid contact address and phone number for the management 447// account. Then try the operation again. 448// 449// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 450// management account must have an associated account in the AWS GovCloud 451// (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 452// in the AWS GovCloud User Guide. 453// 454// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 455// with this management account, you first must associate a valid payment 456// instrument, such as a credit card, with the account. Follow the steps 457// at To leave an organization when all required account information has 458// not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 459// in the AWS Organizations User Guide. 460// 461// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 462// to register more delegated administrators than allowed for the service 463// principal. 464// 465// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 466// number of policies of a certain type that can be attached to an entity 467// at one time. 468// 469// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 470// on this resource. 471// 472// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 473// with this member account, you first must associate a valid payment instrument, 474// such as a credit card, with the account. Follow the steps at To leave 475// an organization when all required account information has not yet been 476// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 477// in the AWS Organizations User Guide. 478// 479// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 480// policy from an entity that would cause the entity to have fewer than the 481// minimum number of policies of a certain type required. 482// 483// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 484// that requires the organization to be configured to support all features. 485// An organization that supports only consolidated billing features can't 486// perform this operation. 487// 488// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 489// too many levels deep. 490// 491// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 492// that you can have in an organization. 493// 494// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 495// is larger than the maximum size. 496// 497// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 498// policies that you can have in an organization. 499// 500// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 501// tags that are not compliant with the tag policy requirements for this 502// account. 503// 504// * DuplicatePolicyAttachmentException 505// The selected policy is already attached to the specified target. 506// 507// * InvalidInputException 508// The requested operation failed because you provided invalid values for one 509// or more of the request parameters. This exception includes a reason that 510// contains additional information about the violated limit: 511// 512// Some of the reasons in the following list might not be applicable to this 513// specific API or operation. 514// 515// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 516// the same entity. 517// 518// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 519// can't be modified. 520// 521// * INPUT_REQUIRED: You must include a value for all required parameters. 522// 523// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 524// for the invited account owner. 525// 526// * INVALID_ENUM: You specified an invalid value. 527// 528// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 529// 530// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 531// characters. 532// 533// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 534// at least one invalid value. 535// 536// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 537// from the response to a previous call of the operation. 538// 539// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 540// organization, or email) as a party. 541// 542// * INVALID_PATTERN: You provided a value that doesn't match the required 543// pattern. 544// 545// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 546// match the required pattern. 547// 548// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 549// name can't begin with the reserved prefix AWSServiceRoleFor. 550// 551// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 552// Name (ARN) for the organization. 553// 554// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 555// 556// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 557// tag. You can’t add, edit, or delete system tag keys because they're 558// reserved for AWS use. System tags don’t count against your tags per 559// resource limit. 560// 561// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 562// for the operation. 563// 564// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 565// than allowed. 566// 567// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 568// value than allowed. 569// 570// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 571// than allowed. 572// 573// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 574// value than allowed. 575// 576// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 577// between entities in the same root. 578// 579// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 580// target entity. 581// 582// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 583// isn't recognized. 584// 585// * PolicyNotFoundException 586// We can't find a policy with the PolicyId that you specified. 587// 588// * PolicyTypeNotEnabledException 589// The specified policy type isn't currently enabled in this root. You can't 590// attach policies of the specified type to entities in a root until you enable 591// that type in the root. For more information, see Enabling All Features in 592// Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) 593// in the AWS Organizations User Guide. 594// 595// * ServiceException 596// AWS Organizations can't complete your request because of an internal service 597// error. Try again later. 598// 599// * TargetNotFoundException 600// We can't find a root, OU, account, or policy with the TargetId that you specified. 601// 602// * TooManyRequestsException 603// You have sent too many requests in too short a period of time. The quota 604// helps protect against denial-of-service attacks. Try again later. 605// 606// For information about quotas that affect AWS Organizations, see Quotas for 607// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 608// the AWS Organizations User Guide. 609// 610// * UnsupportedAPIEndpointException 611// This action isn't available in the current AWS Region. 612// 613// * PolicyChangesInProgressException 614// Changes to the effective policy are in progress, and its contents can't be 615// returned. Try the operation again later. 616// 617// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AttachPolicy 618func (c *Organizations) AttachPolicy(input *AttachPolicyInput) (*AttachPolicyOutput, error) { 619 req, out := c.AttachPolicyRequest(input) 620 return out, req.Send() 621} 622 623// AttachPolicyWithContext is the same as AttachPolicy with the addition of 624// the ability to pass a context and additional request options. 625// 626// See AttachPolicy for details on how to use this API operation. 627// 628// The context must be non-nil and will be used for request cancellation. If 629// the context is nil a panic will occur. In the future the SDK may create 630// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 631// for more information on using Contexts. 632func (c *Organizations) AttachPolicyWithContext(ctx aws.Context, input *AttachPolicyInput, opts ...request.Option) (*AttachPolicyOutput, error) { 633 req, out := c.AttachPolicyRequest(input) 634 req.SetContext(ctx) 635 req.ApplyOptions(opts...) 636 return out, req.Send() 637} 638 639const opCancelHandshake = "CancelHandshake" 640 641// CancelHandshakeRequest generates a "aws/request.Request" representing the 642// client's request for the CancelHandshake operation. The "output" return 643// value will be populated with the request's response once the request completes 644// successfully. 645// 646// Use "Send" method on the returned Request to send the API call to the service. 647// the "output" return value is not valid until after Send returns without error. 648// 649// See CancelHandshake for more information on using the CancelHandshake 650// API call, and error handling. 651// 652// This method is useful when you want to inject custom logic or configuration 653// into the SDK's request lifecycle. Such as custom headers, or retry logic. 654// 655// 656// // Example sending a request using the CancelHandshakeRequest method. 657// req, resp := client.CancelHandshakeRequest(params) 658// 659// err := req.Send() 660// if err == nil { // resp is now filled 661// fmt.Println(resp) 662// } 663// 664// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CancelHandshake 665func (c *Organizations) CancelHandshakeRequest(input *CancelHandshakeInput) (req *request.Request, output *CancelHandshakeOutput) { 666 op := &request.Operation{ 667 Name: opCancelHandshake, 668 HTTPMethod: "POST", 669 HTTPPath: "/", 670 } 671 672 if input == nil { 673 input = &CancelHandshakeInput{} 674 } 675 676 output = &CancelHandshakeOutput{} 677 req = c.newRequest(op, input, output) 678 return 679} 680 681// CancelHandshake API operation for AWS Organizations. 682// 683// Cancels a handshake. Canceling a handshake sets the handshake state to CANCELED. 684// 685// This operation can be called only from the account that originated the handshake. 686// The recipient of the handshake can't cancel it, but can use DeclineHandshake 687// instead. After a handshake is canceled, the recipient can no longer respond 688// to that handshake. 689// 690// After you cancel a handshake, it continues to appear in the results of relevant 691// APIs for only 30 days. After that, it's deleted. 692// 693// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 694// with awserr.Error's Code and Message methods to get detailed information about 695// the error. 696// 697// See the AWS API reference guide for AWS Organizations's 698// API operation CancelHandshake for usage and error information. 699// 700// Returned Error Types: 701// * AccessDeniedException 702// You don't have permissions to perform the requested operation. The user or 703// role that is making the request must have at least one IAM permissions policy 704// attached that grants the required permissions. For more information, see 705// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 706// in the IAM User Guide. 707// 708// * ConcurrentModificationException 709// The target of the operation is currently being modified by a different request. 710// Try again later. 711// 712// * HandshakeNotFoundException 713// We can't find a handshake with the HandshakeId that you specified. 714// 715// * InvalidHandshakeTransitionException 716// You can't perform the operation on the handshake in its current state. For 717// example, you can't cancel a handshake that was already accepted or accept 718// a handshake that was already declined. 719// 720// * HandshakeAlreadyInStateException 721// The specified handshake is already in the requested state. For example, you 722// can't accept a handshake that was already accepted. 723// 724// * InvalidInputException 725// The requested operation failed because you provided invalid values for one 726// or more of the request parameters. This exception includes a reason that 727// contains additional information about the violated limit: 728// 729// Some of the reasons in the following list might not be applicable to this 730// specific API or operation. 731// 732// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 733// the same entity. 734// 735// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 736// can't be modified. 737// 738// * INPUT_REQUIRED: You must include a value for all required parameters. 739// 740// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 741// for the invited account owner. 742// 743// * INVALID_ENUM: You specified an invalid value. 744// 745// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 746// 747// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 748// characters. 749// 750// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 751// at least one invalid value. 752// 753// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 754// from the response to a previous call of the operation. 755// 756// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 757// organization, or email) as a party. 758// 759// * INVALID_PATTERN: You provided a value that doesn't match the required 760// pattern. 761// 762// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 763// match the required pattern. 764// 765// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 766// name can't begin with the reserved prefix AWSServiceRoleFor. 767// 768// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 769// Name (ARN) for the organization. 770// 771// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 772// 773// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 774// tag. You can’t add, edit, or delete system tag keys because they're 775// reserved for AWS use. System tags don’t count against your tags per 776// resource limit. 777// 778// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 779// for the operation. 780// 781// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 782// than allowed. 783// 784// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 785// value than allowed. 786// 787// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 788// than allowed. 789// 790// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 791// value than allowed. 792// 793// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 794// between entities in the same root. 795// 796// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 797// target entity. 798// 799// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 800// isn't recognized. 801// 802// * ServiceException 803// AWS Organizations can't complete your request because of an internal service 804// error. Try again later. 805// 806// * TooManyRequestsException 807// You have sent too many requests in too short a period of time. The quota 808// helps protect against denial-of-service attacks. Try again later. 809// 810// For information about quotas that affect AWS Organizations, see Quotas for 811// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 812// the AWS Organizations User Guide. 813// 814// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CancelHandshake 815func (c *Organizations) CancelHandshake(input *CancelHandshakeInput) (*CancelHandshakeOutput, error) { 816 req, out := c.CancelHandshakeRequest(input) 817 return out, req.Send() 818} 819 820// CancelHandshakeWithContext is the same as CancelHandshake with the addition of 821// the ability to pass a context and additional request options. 822// 823// See CancelHandshake for details on how to use this API operation. 824// 825// The context must be non-nil and will be used for request cancellation. If 826// the context is nil a panic will occur. In the future the SDK may create 827// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 828// for more information on using Contexts. 829func (c *Organizations) CancelHandshakeWithContext(ctx aws.Context, input *CancelHandshakeInput, opts ...request.Option) (*CancelHandshakeOutput, error) { 830 req, out := c.CancelHandshakeRequest(input) 831 req.SetContext(ctx) 832 req.ApplyOptions(opts...) 833 return out, req.Send() 834} 835 836const opCreateAccount = "CreateAccount" 837 838// CreateAccountRequest generates a "aws/request.Request" representing the 839// client's request for the CreateAccount operation. The "output" return 840// value will be populated with the request's response once the request completes 841// successfully. 842// 843// Use "Send" method on the returned Request to send the API call to the service. 844// the "output" return value is not valid until after Send returns without error. 845// 846// See CreateAccount for more information on using the CreateAccount 847// API call, and error handling. 848// 849// This method is useful when you want to inject custom logic or configuration 850// into the SDK's request lifecycle. Such as custom headers, or retry logic. 851// 852// 853// // Example sending a request using the CreateAccountRequest method. 854// req, resp := client.CreateAccountRequest(params) 855// 856// err := req.Send() 857// if err == nil { // resp is now filled 858// fmt.Println(resp) 859// } 860// 861// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount 862func (c *Organizations) CreateAccountRequest(input *CreateAccountInput) (req *request.Request, output *CreateAccountOutput) { 863 op := &request.Operation{ 864 Name: opCreateAccount, 865 HTTPMethod: "POST", 866 HTTPPath: "/", 867 } 868 869 if input == nil { 870 input = &CreateAccountInput{} 871 } 872 873 output = &CreateAccountOutput{} 874 req = c.newRequest(op, input, output) 875 return 876} 877 878// CreateAccount API operation for AWS Organizations. 879// 880// Creates an AWS account that is automatically a member of the organization 881// whose credentials made the request. This is an asynchronous request that 882// AWS performs in the background. Because CreateAccount operates asynchronously, 883// it can return a successful completion message even though account initialization 884// might still be in progress. You might need to wait a few minutes before you 885// can successfully access the account. To check the status of the request, 886// do one of the following: 887// 888// * Use the Id member of the CreateAccountStatus response element from this 889// operation to provide as a parameter to the DescribeCreateAccountStatus 890// operation. 891// 892// * Check the AWS CloudTrail log for the CreateAccountResult event. For 893// information on using AWS CloudTrail with AWS Organizations, see Logging 894// and monitoring in AWS Organizations (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_security_incident-response.html#orgs_cloudtrail-integration) 895// in the AWS Organizations User Guide. 896// 897// The user who calls the API to create an account must have the organizations:CreateAccount 898// permission. If you enabled all features in the organization, AWS Organizations 899// creates the required service-linked role named AWSServiceRoleForOrganizations. 900// For more information, see AWS Organizations and Service-Linked Roles (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs) 901// in the AWS Organizations User Guide. 902// 903// If the request includes tags, then the requester must have the organizations:TagResource 904// permission. 905// 906// AWS Organizations preconfigures the new member account with a role (named 907// OrganizationAccountAccessRole by default) that grants users in the management 908// account administrator permissions in the new member account. Principals in 909// the management account can assume the role. AWS Organizations clones the 910// company name and address information for the new account from the organization's 911// management account. 912// 913// This operation can be called only from the organization's management account. 914// 915// For more information about creating accounts, see Creating an AWS Account 916// in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html) 917// in the AWS Organizations User Guide. 918// 919// * When you create an account in an organization using the AWS Organizations 920// console, API, or CLI commands, the information required for the account 921// to operate as a standalone account, such as a payment method and signing 922// the end user license agreement (EULA) is not automatically collected. 923// If you must remove an account from your organization later, you can do 924// so only after you provide the missing information. Follow the steps at 925// To leave an organization as a member account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 926// in the AWS Organizations User Guide. 927// 928// * If you get an exception that indicates that you exceeded your account 929// limits for the organization, contact AWS Support (https://console.aws.amazon.com/support/home#/). 930// 931// * If you get an exception that indicates that the operation failed because 932// your organization is still initializing, wait one hour and then try again. 933// If the error persists, contact AWS Support (https://console.aws.amazon.com/support/home#/). 934// 935// * Using CreateAccount to create multiple temporary accounts isn't recommended. 936// You can only close an account from the Billing and Cost Management Console, 937// and you must be signed in as the root user. For information on the requirements 938// and process for closing an account, see Closing an AWS Account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html) 939// in the AWS Organizations User Guide. 940// 941// When you create a member account with this operation, you can choose whether 942// to create the account with the IAM User and Role Access to Billing Information 943// switch enabled. If you enable it, IAM users and roles that have appropriate 944// permissions can view billing information for the account. If you disable 945// it, only the account root user can access billing information. For information 946// about how to disable this switch for an account, see Granting Access to Your 947// Billing Information and Tools (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html). 948// 949// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 950// with awserr.Error's Code and Message methods to get detailed information about 951// the error. 952// 953// See the AWS API reference guide for AWS Organizations's 954// API operation CreateAccount for usage and error information. 955// 956// Returned Error Types: 957// * AccessDeniedException 958// You don't have permissions to perform the requested operation. The user or 959// role that is making the request must have at least one IAM permissions policy 960// attached that grants the required permissions. For more information, see 961// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 962// in the IAM User Guide. 963// 964// * AWSOrganizationsNotInUseException 965// Your account isn't a member of an organization. To make this request, you 966// must use the credentials of an account that belongs to an organization. 967// 968// * ConcurrentModificationException 969// The target of the operation is currently being modified by a different request. 970// Try again later. 971// 972// * ConstraintViolationException 973// Performing this operation violates a minimum or maximum value limit. For 974// example, attempting to remove the last service control policy (SCP) from 975// an OU or root, inviting or creating too many accounts to the organization, 976// or attaching too many policies to an account, OU, or root. This exception 977// includes a reason that contains additional information about the violated 978// limit: 979// 980// Some of the reasons in the following list might not be applicable to this 981// specific API or operation. 982// 983// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 984// account from the organization. You can't remove the management account. 985// Instead, after you remove all member accounts, delete the organization 986// itself. 987// 988// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 989// from the organization that doesn't yet have enough information to exist 990// as a standalone account. This account requires you to first agree to the 991// AWS Customer Agreement. Follow the steps at Removing a member account 992// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 993// the AWS Organizations User Guide. 994// 995// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 996// an account from the organization that doesn't yet have enough information 997// to exist as a standalone account. This account requires you to first complete 998// phone verification. Follow the steps at Removing a member account from 999// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 1000// in the AWS Organizations User Guide. 1001// 1002// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 1003// of accounts that you can create in one day. 1004// 1005// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 1006// the number of accounts in an organization. If you need more accounts, 1007// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 1008// request an increase in your limit. Or the number of invitations that you 1009// tried to send would cause you to exceed the limit of accounts in your 1010// organization. Send fewer invitations or contact AWS Support to request 1011// an increase in the number of accounts. Deleted and closed accounts still 1012// count toward your limit. If you get this exception when running a command 1013// immediately after creating the organization, wait one hour and try again. 1014// After an hour, if the command continues to fail with this error, contact 1015// AWS Support (https://console.aws.amazon.com/support/home#/). 1016// 1017// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 1018// register the management account of the organization as a delegated administrator 1019// for an AWS service integrated with Organizations. You can designate only 1020// a member account as a delegated administrator. 1021// 1022// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 1023// an account that is registered as a delegated administrator for a service 1024// integrated with your organization. To complete this operation, you must 1025// first deregister this account as a delegated administrator. 1026// 1027// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 1028// organization in the specified region, you must enable all features mode. 1029// 1030// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 1031// an AWS account as a delegated administrator for an AWS service that already 1032// has a delegated administrator. To complete this operation, you must first 1033// deregister any existing delegated administrators for this service. 1034// 1035// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 1036// valid for a limited period of time. You must resubmit the request and 1037// generate a new verfication code. 1038// 1039// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 1040// handshakes that you can send in one day. 1041// 1042// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 1043// in this organization, you first must migrate the organization's management 1044// account to the marketplace that corresponds to the management account's 1045// address. For example, accounts with India addresses must be associated 1046// with the AISPL marketplace. All accounts in an organization must be associated 1047// with the same marketplace. 1048// 1049// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 1050// in China. To create an organization, the master must have a valid business 1051// license. For more information, contact customer support. 1052// 1053// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 1054// must first provide a valid contact address and phone number for the management 1055// account. Then try the operation again. 1056// 1057// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 1058// management account must have an associated account in the AWS GovCloud 1059// (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 1060// in the AWS GovCloud User Guide. 1061// 1062// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 1063// with this management account, you first must associate a valid payment 1064// instrument, such as a credit card, with the account. Follow the steps 1065// at To leave an organization when all required account information has 1066// not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1067// in the AWS Organizations User Guide. 1068// 1069// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 1070// to register more delegated administrators than allowed for the service 1071// principal. 1072// 1073// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 1074// number of policies of a certain type that can be attached to an entity 1075// at one time. 1076// 1077// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 1078// on this resource. 1079// 1080// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 1081// with this member account, you first must associate a valid payment instrument, 1082// such as a credit card, with the account. Follow the steps at To leave 1083// an organization when all required account information has not yet been 1084// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1085// in the AWS Organizations User Guide. 1086// 1087// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 1088// policy from an entity that would cause the entity to have fewer than the 1089// minimum number of policies of a certain type required. 1090// 1091// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 1092// that requires the organization to be configured to support all features. 1093// An organization that supports only consolidated billing features can't 1094// perform this operation. 1095// 1096// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 1097// too many levels deep. 1098// 1099// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 1100// that you can have in an organization. 1101// 1102// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 1103// is larger than the maximum size. 1104// 1105// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 1106// policies that you can have in an organization. 1107// 1108// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 1109// tags that are not compliant with the tag policy requirements for this 1110// account. 1111// 1112// * InvalidInputException 1113// The requested operation failed because you provided invalid values for one 1114// or more of the request parameters. This exception includes a reason that 1115// contains additional information about the violated limit: 1116// 1117// Some of the reasons in the following list might not be applicable to this 1118// specific API or operation. 1119// 1120// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 1121// the same entity. 1122// 1123// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 1124// can't be modified. 1125// 1126// * INPUT_REQUIRED: You must include a value for all required parameters. 1127// 1128// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 1129// for the invited account owner. 1130// 1131// * INVALID_ENUM: You specified an invalid value. 1132// 1133// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 1134// 1135// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 1136// characters. 1137// 1138// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 1139// at least one invalid value. 1140// 1141// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 1142// from the response to a previous call of the operation. 1143// 1144// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 1145// organization, or email) as a party. 1146// 1147// * INVALID_PATTERN: You provided a value that doesn't match the required 1148// pattern. 1149// 1150// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 1151// match the required pattern. 1152// 1153// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 1154// name can't begin with the reserved prefix AWSServiceRoleFor. 1155// 1156// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 1157// Name (ARN) for the organization. 1158// 1159// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 1160// 1161// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 1162// tag. You can’t add, edit, or delete system tag keys because they're 1163// reserved for AWS use. System tags don’t count against your tags per 1164// resource limit. 1165// 1166// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 1167// for the operation. 1168// 1169// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 1170// than allowed. 1171// 1172// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 1173// value than allowed. 1174// 1175// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 1176// than allowed. 1177// 1178// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 1179// value than allowed. 1180// 1181// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 1182// between entities in the same root. 1183// 1184// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 1185// target entity. 1186// 1187// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 1188// isn't recognized. 1189// 1190// * FinalizingOrganizationException 1191// AWS Organizations couldn't perform the operation because your organization 1192// hasn't finished initializing. This can take up to an hour. Try again later. 1193// If after one hour you continue to receive this error, contact AWS Support 1194// (https://console.aws.amazon.com/support/home#/). 1195// 1196// * ServiceException 1197// AWS Organizations can't complete your request because of an internal service 1198// error. Try again later. 1199// 1200// * TooManyRequestsException 1201// You have sent too many requests in too short a period of time. The quota 1202// helps protect against denial-of-service attacks. Try again later. 1203// 1204// For information about quotas that affect AWS Organizations, see Quotas for 1205// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 1206// the AWS Organizations User Guide. 1207// 1208// * UnsupportedAPIEndpointException 1209// This action isn't available in the current AWS Region. 1210// 1211// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount 1212func (c *Organizations) CreateAccount(input *CreateAccountInput) (*CreateAccountOutput, error) { 1213 req, out := c.CreateAccountRequest(input) 1214 return out, req.Send() 1215} 1216 1217// CreateAccountWithContext is the same as CreateAccount with the addition of 1218// the ability to pass a context and additional request options. 1219// 1220// See CreateAccount for details on how to use this API operation. 1221// 1222// The context must be non-nil and will be used for request cancellation. If 1223// the context is nil a panic will occur. In the future the SDK may create 1224// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1225// for more information on using Contexts. 1226func (c *Organizations) CreateAccountWithContext(ctx aws.Context, input *CreateAccountInput, opts ...request.Option) (*CreateAccountOutput, error) { 1227 req, out := c.CreateAccountRequest(input) 1228 req.SetContext(ctx) 1229 req.ApplyOptions(opts...) 1230 return out, req.Send() 1231} 1232 1233const opCreateGovCloudAccount = "CreateGovCloudAccount" 1234 1235// CreateGovCloudAccountRequest generates a "aws/request.Request" representing the 1236// client's request for the CreateGovCloudAccount operation. The "output" return 1237// value will be populated with the request's response once the request completes 1238// successfully. 1239// 1240// Use "Send" method on the returned Request to send the API call to the service. 1241// the "output" return value is not valid until after Send returns without error. 1242// 1243// See CreateGovCloudAccount for more information on using the CreateGovCloudAccount 1244// API call, and error handling. 1245// 1246// This method is useful when you want to inject custom logic or configuration 1247// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1248// 1249// 1250// // Example sending a request using the CreateGovCloudAccountRequest method. 1251// req, resp := client.CreateGovCloudAccountRequest(params) 1252// 1253// err := req.Send() 1254// if err == nil { // resp is now filled 1255// fmt.Println(resp) 1256// } 1257// 1258// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccount 1259func (c *Organizations) CreateGovCloudAccountRequest(input *CreateGovCloudAccountInput) (req *request.Request, output *CreateGovCloudAccountOutput) { 1260 op := &request.Operation{ 1261 Name: opCreateGovCloudAccount, 1262 HTTPMethod: "POST", 1263 HTTPPath: "/", 1264 } 1265 1266 if input == nil { 1267 input = &CreateGovCloudAccountInput{} 1268 } 1269 1270 output = &CreateGovCloudAccountOutput{} 1271 req = c.newRequest(op, input, output) 1272 return 1273} 1274 1275// CreateGovCloudAccount API operation for AWS Organizations. 1276// 1277// This action is available if all of the following are true: 1278// 1279// * You're authorized to create accounts in the AWS GovCloud (US) Region. 1280// For more information on the AWS GovCloud (US) Region, see the AWS GovCloud 1281// User Guide. (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/welcome.html) 1282// 1283// * You already have an account in the AWS GovCloud (US) Region that is 1284// paired with a management account of an organization in the commercial 1285// Region. 1286// 1287// * You call this action from the management account of your organization 1288// in the commercial Region. 1289// 1290// * You have the organizations:CreateGovCloudAccount permission. 1291// 1292// AWS Organizations automatically creates the required service-linked role 1293// named AWSServiceRoleForOrganizations. For more information, see AWS Organizations 1294// and Service-Linked Roles (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs) 1295// in the AWS Organizations User Guide. 1296// 1297// AWS automatically enables AWS CloudTrail for AWS GovCloud (US) accounts, 1298// but you should also do the following: 1299// 1300// * Verify that AWS CloudTrail is enabled to store logs. 1301// 1302// * Create an S3 bucket for AWS CloudTrail log storage. For more information, 1303// see Verifying AWS CloudTrail Is Enabled (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/verifying-cloudtrail.html) 1304// in the AWS GovCloud User Guide. 1305// 1306// If the request includes tags, then the requester must have the organizations:TagResource 1307// permission. The tags are attached to the commercial account associated with 1308// the GovCloud account, rather than the GovCloud account itself. To add tags 1309// to the GovCloud account, call the TagResource operation in the GovCloud Region 1310// after the new GovCloud account exists. 1311// 1312// You call this action from the management account of your organization in 1313// the commercial Region to create a standalone AWS account in the AWS GovCloud 1314// (US) Region. After the account is created, the management account of an organization 1315// in the AWS GovCloud (US) Region can invite it to that organization. For more 1316// information on inviting standalone accounts in the AWS GovCloud (US) to join 1317// an organization, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 1318// in the AWS GovCloud User Guide. 1319// 1320// Calling CreateGovCloudAccount is an asynchronous request that AWS performs 1321// in the background. Because CreateGovCloudAccount operates asynchronously, 1322// it can return a successful completion message even though account initialization 1323// might still be in progress. You might need to wait a few minutes before you 1324// can successfully access the account. To check the status of the request, 1325// do one of the following: 1326// 1327// * Use the OperationId response element from this operation to provide 1328// as a parameter to the DescribeCreateAccountStatus operation. 1329// 1330// * Check the AWS CloudTrail log for the CreateAccountResult event. For 1331// information on using AWS CloudTrail with Organizations, see Monitoring 1332// the Activity in Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_monitoring.html) 1333// in the AWS Organizations User Guide. 1334// 1335// When you call the CreateGovCloudAccount action, you create two accounts: 1336// a standalone account in the AWS GovCloud (US) Region and an associated account 1337// in the commercial Region for billing and support purposes. The account in 1338// the commercial Region is automatically a member of the organization whose 1339// credentials made the request. Both accounts are associated with the same 1340// email address. 1341// 1342// A role is created in the new account in the commercial Region that allows 1343// the management account in the organization in the commercial Region to assume 1344// it. An AWS GovCloud (US) account is then created and associated with the 1345// commercial account that you just created. A role is also created in the new 1346// AWS GovCloud (US) account that can be assumed by the AWS GovCloud (US) account 1347// that is associated with the management account of the commercial organization. 1348// For more information and to view a diagram that explains how account access 1349// works, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 1350// in the AWS GovCloud User Guide. 1351// 1352// For more information about creating accounts, see Creating an AWS Account 1353// in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html) 1354// in the AWS Organizations User Guide. 1355// 1356// * When you create an account in an organization using the AWS Organizations 1357// console, API, or CLI commands, the information required for the account 1358// to operate as a standalone account is not automatically collected. This 1359// includes a payment method and signing the end user license agreement (EULA). 1360// If you must remove an account from your organization later, you can do 1361// so only after you provide the missing information. Follow the steps at 1362// To leave an organization as a member account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1363// in the AWS Organizations User Guide. 1364// 1365// * If you get an exception that indicates that you exceeded your account 1366// limits for the organization, contact AWS Support (https://console.aws.amazon.com/support/home#/). 1367// 1368// * If you get an exception that indicates that the operation failed because 1369// your organization is still initializing, wait one hour and then try again. 1370// If the error persists, contact AWS Support (https://console.aws.amazon.com/support/home#/). 1371// 1372// * Using CreateGovCloudAccount to create multiple temporary accounts isn't 1373// recommended. You can only close an account from the AWS Billing and Cost 1374// Management console, and you must be signed in as the root user. For information 1375// on the requirements and process for closing an account, see Closing an 1376// AWS Account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html) 1377// in the AWS Organizations User Guide. 1378// 1379// When you create a member account with this operation, you can choose whether 1380// to create the account with the IAM User and Role Access to Billing Information 1381// switch enabled. If you enable it, IAM users and roles that have appropriate 1382// permissions can view billing information for the account. If you disable 1383// it, only the account root user can access billing information. For information 1384// about how to disable this switch for an account, see Granting Access to Your 1385// Billing Information and Tools (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html). 1386// 1387// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1388// with awserr.Error's Code and Message methods to get detailed information about 1389// the error. 1390// 1391// See the AWS API reference guide for AWS Organizations's 1392// API operation CreateGovCloudAccount for usage and error information. 1393// 1394// Returned Error Types: 1395// * AccessDeniedException 1396// You don't have permissions to perform the requested operation. The user or 1397// role that is making the request must have at least one IAM permissions policy 1398// attached that grants the required permissions. For more information, see 1399// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 1400// in the IAM User Guide. 1401// 1402// * AWSOrganizationsNotInUseException 1403// Your account isn't a member of an organization. To make this request, you 1404// must use the credentials of an account that belongs to an organization. 1405// 1406// * ConcurrentModificationException 1407// The target of the operation is currently being modified by a different request. 1408// Try again later. 1409// 1410// * ConstraintViolationException 1411// Performing this operation violates a minimum or maximum value limit. For 1412// example, attempting to remove the last service control policy (SCP) from 1413// an OU or root, inviting or creating too many accounts to the organization, 1414// or attaching too many policies to an account, OU, or root. This exception 1415// includes a reason that contains additional information about the violated 1416// limit: 1417// 1418// Some of the reasons in the following list might not be applicable to this 1419// specific API or operation. 1420// 1421// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 1422// account from the organization. You can't remove the management account. 1423// Instead, after you remove all member accounts, delete the organization 1424// itself. 1425// 1426// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 1427// from the organization that doesn't yet have enough information to exist 1428// as a standalone account. This account requires you to first agree to the 1429// AWS Customer Agreement. Follow the steps at Removing a member account 1430// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 1431// the AWS Organizations User Guide. 1432// 1433// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 1434// an account from the organization that doesn't yet have enough information 1435// to exist as a standalone account. This account requires you to first complete 1436// phone verification. Follow the steps at Removing a member account from 1437// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 1438// in the AWS Organizations User Guide. 1439// 1440// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 1441// of accounts that you can create in one day. 1442// 1443// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 1444// the number of accounts in an organization. If you need more accounts, 1445// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 1446// request an increase in your limit. Or the number of invitations that you 1447// tried to send would cause you to exceed the limit of accounts in your 1448// organization. Send fewer invitations or contact AWS Support to request 1449// an increase in the number of accounts. Deleted and closed accounts still 1450// count toward your limit. If you get this exception when running a command 1451// immediately after creating the organization, wait one hour and try again. 1452// After an hour, if the command continues to fail with this error, contact 1453// AWS Support (https://console.aws.amazon.com/support/home#/). 1454// 1455// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 1456// register the management account of the organization as a delegated administrator 1457// for an AWS service integrated with Organizations. You can designate only 1458// a member account as a delegated administrator. 1459// 1460// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 1461// an account that is registered as a delegated administrator for a service 1462// integrated with your organization. To complete this operation, you must 1463// first deregister this account as a delegated administrator. 1464// 1465// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 1466// organization in the specified region, you must enable all features mode. 1467// 1468// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 1469// an AWS account as a delegated administrator for an AWS service that already 1470// has a delegated administrator. To complete this operation, you must first 1471// deregister any existing delegated administrators for this service. 1472// 1473// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 1474// valid for a limited period of time. You must resubmit the request and 1475// generate a new verfication code. 1476// 1477// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 1478// handshakes that you can send in one day. 1479// 1480// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 1481// in this organization, you first must migrate the organization's management 1482// account to the marketplace that corresponds to the management account's 1483// address. For example, accounts with India addresses must be associated 1484// with the AISPL marketplace. All accounts in an organization must be associated 1485// with the same marketplace. 1486// 1487// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 1488// in China. To create an organization, the master must have a valid business 1489// license. For more information, contact customer support. 1490// 1491// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 1492// must first provide a valid contact address and phone number for the management 1493// account. Then try the operation again. 1494// 1495// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 1496// management account must have an associated account in the AWS GovCloud 1497// (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 1498// in the AWS GovCloud User Guide. 1499// 1500// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 1501// with this management account, you first must associate a valid payment 1502// instrument, such as a credit card, with the account. Follow the steps 1503// at To leave an organization when all required account information has 1504// not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1505// in the AWS Organizations User Guide. 1506// 1507// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 1508// to register more delegated administrators than allowed for the service 1509// principal. 1510// 1511// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 1512// number of policies of a certain type that can be attached to an entity 1513// at one time. 1514// 1515// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 1516// on this resource. 1517// 1518// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 1519// with this member account, you first must associate a valid payment instrument, 1520// such as a credit card, with the account. Follow the steps at To leave 1521// an organization when all required account information has not yet been 1522// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1523// in the AWS Organizations User Guide. 1524// 1525// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 1526// policy from an entity that would cause the entity to have fewer than the 1527// minimum number of policies of a certain type required. 1528// 1529// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 1530// that requires the organization to be configured to support all features. 1531// An organization that supports only consolidated billing features can't 1532// perform this operation. 1533// 1534// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 1535// too many levels deep. 1536// 1537// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 1538// that you can have in an organization. 1539// 1540// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 1541// is larger than the maximum size. 1542// 1543// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 1544// policies that you can have in an organization. 1545// 1546// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 1547// tags that are not compliant with the tag policy requirements for this 1548// account. 1549// 1550// * InvalidInputException 1551// The requested operation failed because you provided invalid values for one 1552// or more of the request parameters. This exception includes a reason that 1553// contains additional information about the violated limit: 1554// 1555// Some of the reasons in the following list might not be applicable to this 1556// specific API or operation. 1557// 1558// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 1559// the same entity. 1560// 1561// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 1562// can't be modified. 1563// 1564// * INPUT_REQUIRED: You must include a value for all required parameters. 1565// 1566// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 1567// for the invited account owner. 1568// 1569// * INVALID_ENUM: You specified an invalid value. 1570// 1571// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 1572// 1573// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 1574// characters. 1575// 1576// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 1577// at least one invalid value. 1578// 1579// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 1580// from the response to a previous call of the operation. 1581// 1582// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 1583// organization, or email) as a party. 1584// 1585// * INVALID_PATTERN: You provided a value that doesn't match the required 1586// pattern. 1587// 1588// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 1589// match the required pattern. 1590// 1591// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 1592// name can't begin with the reserved prefix AWSServiceRoleFor. 1593// 1594// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 1595// Name (ARN) for the organization. 1596// 1597// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 1598// 1599// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 1600// tag. You can’t add, edit, or delete system tag keys because they're 1601// reserved for AWS use. System tags don’t count against your tags per 1602// resource limit. 1603// 1604// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 1605// for the operation. 1606// 1607// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 1608// than allowed. 1609// 1610// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 1611// value than allowed. 1612// 1613// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 1614// than allowed. 1615// 1616// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 1617// value than allowed. 1618// 1619// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 1620// between entities in the same root. 1621// 1622// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 1623// target entity. 1624// 1625// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 1626// isn't recognized. 1627// 1628// * FinalizingOrganizationException 1629// AWS Organizations couldn't perform the operation because your organization 1630// hasn't finished initializing. This can take up to an hour. Try again later. 1631// If after one hour you continue to receive this error, contact AWS Support 1632// (https://console.aws.amazon.com/support/home#/). 1633// 1634// * ServiceException 1635// AWS Organizations can't complete your request because of an internal service 1636// error. Try again later. 1637// 1638// * TooManyRequestsException 1639// You have sent too many requests in too short a period of time. The quota 1640// helps protect against denial-of-service attacks. Try again later. 1641// 1642// For information about quotas that affect AWS Organizations, see Quotas for 1643// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 1644// the AWS Organizations User Guide. 1645// 1646// * UnsupportedAPIEndpointException 1647// This action isn't available in the current AWS Region. 1648// 1649// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccount 1650func (c *Organizations) CreateGovCloudAccount(input *CreateGovCloudAccountInput) (*CreateGovCloudAccountOutput, error) { 1651 req, out := c.CreateGovCloudAccountRequest(input) 1652 return out, req.Send() 1653} 1654 1655// CreateGovCloudAccountWithContext is the same as CreateGovCloudAccount with the addition of 1656// the ability to pass a context and additional request options. 1657// 1658// See CreateGovCloudAccount for details on how to use this API operation. 1659// 1660// The context must be non-nil and will be used for request cancellation. If 1661// the context is nil a panic will occur. In the future the SDK may create 1662// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1663// for more information on using Contexts. 1664func (c *Organizations) CreateGovCloudAccountWithContext(ctx aws.Context, input *CreateGovCloudAccountInput, opts ...request.Option) (*CreateGovCloudAccountOutput, error) { 1665 req, out := c.CreateGovCloudAccountRequest(input) 1666 req.SetContext(ctx) 1667 req.ApplyOptions(opts...) 1668 return out, req.Send() 1669} 1670 1671const opCreateOrganization = "CreateOrganization" 1672 1673// CreateOrganizationRequest generates a "aws/request.Request" representing the 1674// client's request for the CreateOrganization operation. The "output" return 1675// value will be populated with the request's response once the request completes 1676// successfully. 1677// 1678// Use "Send" method on the returned Request to send the API call to the service. 1679// the "output" return value is not valid until after Send returns without error. 1680// 1681// See CreateOrganization for more information on using the CreateOrganization 1682// API call, and error handling. 1683// 1684// This method is useful when you want to inject custom logic or configuration 1685// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1686// 1687// 1688// // Example sending a request using the CreateOrganizationRequest method. 1689// req, resp := client.CreateOrganizationRequest(params) 1690// 1691// err := req.Send() 1692// if err == nil { // resp is now filled 1693// fmt.Println(resp) 1694// } 1695// 1696// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganization 1697func (c *Organizations) CreateOrganizationRequest(input *CreateOrganizationInput) (req *request.Request, output *CreateOrganizationOutput) { 1698 op := &request.Operation{ 1699 Name: opCreateOrganization, 1700 HTTPMethod: "POST", 1701 HTTPPath: "/", 1702 } 1703 1704 if input == nil { 1705 input = &CreateOrganizationInput{} 1706 } 1707 1708 output = &CreateOrganizationOutput{} 1709 req = c.newRequest(op, input, output) 1710 return 1711} 1712 1713// CreateOrganization API operation for AWS Organizations. 1714// 1715// Creates an AWS organization. The account whose user is calling the CreateOrganization 1716// operation automatically becomes the management account (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#account) 1717// of the new organization. 1718// 1719// This operation must be called using credentials from the account that is 1720// to become the new organization's management account. The principal must also 1721// have the relevant IAM permissions. 1722// 1723// By default (or if you set the FeatureSet parameter to ALL), the new organization 1724// is created with all features enabled and service control policies automatically 1725// enabled in the root. If you instead choose to create the organization supporting 1726// only the consolidated billing features by setting the FeatureSet parameter 1727// to CONSOLIDATED_BILLING", no policy types are enabled by default, and you 1728// can't use organization policies 1729// 1730// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1731// with awserr.Error's Code and Message methods to get detailed information about 1732// the error. 1733// 1734// See the AWS API reference guide for AWS Organizations's 1735// API operation CreateOrganization for usage and error information. 1736// 1737// Returned Error Types: 1738// * AccessDeniedException 1739// You don't have permissions to perform the requested operation. The user or 1740// role that is making the request must have at least one IAM permissions policy 1741// attached that grants the required permissions. For more information, see 1742// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 1743// in the IAM User Guide. 1744// 1745// * AlreadyInOrganizationException 1746// This account is already a member of an organization. An account can belong 1747// to only one organization at a time. 1748// 1749// * ConcurrentModificationException 1750// The target of the operation is currently being modified by a different request. 1751// Try again later. 1752// 1753// * ConstraintViolationException 1754// Performing this operation violates a minimum or maximum value limit. For 1755// example, attempting to remove the last service control policy (SCP) from 1756// an OU or root, inviting or creating too many accounts to the organization, 1757// or attaching too many policies to an account, OU, or root. This exception 1758// includes a reason that contains additional information about the violated 1759// limit: 1760// 1761// Some of the reasons in the following list might not be applicable to this 1762// specific API or operation. 1763// 1764// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 1765// account from the organization. You can't remove the management account. 1766// Instead, after you remove all member accounts, delete the organization 1767// itself. 1768// 1769// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 1770// from the organization that doesn't yet have enough information to exist 1771// as a standalone account. This account requires you to first agree to the 1772// AWS Customer Agreement. Follow the steps at Removing a member account 1773// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 1774// the AWS Organizations User Guide. 1775// 1776// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 1777// an account from the organization that doesn't yet have enough information 1778// to exist as a standalone account. This account requires you to first complete 1779// phone verification. Follow the steps at Removing a member account from 1780// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 1781// in the AWS Organizations User Guide. 1782// 1783// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 1784// of accounts that you can create in one day. 1785// 1786// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 1787// the number of accounts in an organization. If you need more accounts, 1788// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 1789// request an increase in your limit. Or the number of invitations that you 1790// tried to send would cause you to exceed the limit of accounts in your 1791// organization. Send fewer invitations or contact AWS Support to request 1792// an increase in the number of accounts. Deleted and closed accounts still 1793// count toward your limit. If you get this exception when running a command 1794// immediately after creating the organization, wait one hour and try again. 1795// After an hour, if the command continues to fail with this error, contact 1796// AWS Support (https://console.aws.amazon.com/support/home#/). 1797// 1798// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 1799// register the management account of the organization as a delegated administrator 1800// for an AWS service integrated with Organizations. You can designate only 1801// a member account as a delegated administrator. 1802// 1803// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 1804// an account that is registered as a delegated administrator for a service 1805// integrated with your organization. To complete this operation, you must 1806// first deregister this account as a delegated administrator. 1807// 1808// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 1809// organization in the specified region, you must enable all features mode. 1810// 1811// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 1812// an AWS account as a delegated administrator for an AWS service that already 1813// has a delegated administrator. To complete this operation, you must first 1814// deregister any existing delegated administrators for this service. 1815// 1816// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 1817// valid for a limited period of time. You must resubmit the request and 1818// generate a new verfication code. 1819// 1820// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 1821// handshakes that you can send in one day. 1822// 1823// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 1824// in this organization, you first must migrate the organization's management 1825// account to the marketplace that corresponds to the management account's 1826// address. For example, accounts with India addresses must be associated 1827// with the AISPL marketplace. All accounts in an organization must be associated 1828// with the same marketplace. 1829// 1830// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 1831// in China. To create an organization, the master must have a valid business 1832// license. For more information, contact customer support. 1833// 1834// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 1835// must first provide a valid contact address and phone number for the management 1836// account. Then try the operation again. 1837// 1838// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 1839// management account must have an associated account in the AWS GovCloud 1840// (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 1841// in the AWS GovCloud User Guide. 1842// 1843// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 1844// with this management account, you first must associate a valid payment 1845// instrument, such as a credit card, with the account. Follow the steps 1846// at To leave an organization when all required account information has 1847// not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1848// in the AWS Organizations User Guide. 1849// 1850// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 1851// to register more delegated administrators than allowed for the service 1852// principal. 1853// 1854// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 1855// number of policies of a certain type that can be attached to an entity 1856// at one time. 1857// 1858// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 1859// on this resource. 1860// 1861// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 1862// with this member account, you first must associate a valid payment instrument, 1863// such as a credit card, with the account. Follow the steps at To leave 1864// an organization when all required account information has not yet been 1865// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1866// in the AWS Organizations User Guide. 1867// 1868// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 1869// policy from an entity that would cause the entity to have fewer than the 1870// minimum number of policies of a certain type required. 1871// 1872// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 1873// that requires the organization to be configured to support all features. 1874// An organization that supports only consolidated billing features can't 1875// perform this operation. 1876// 1877// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 1878// too many levels deep. 1879// 1880// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 1881// that you can have in an organization. 1882// 1883// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 1884// is larger than the maximum size. 1885// 1886// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 1887// policies that you can have in an organization. 1888// 1889// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 1890// tags that are not compliant with the tag policy requirements for this 1891// account. 1892// 1893// * InvalidInputException 1894// The requested operation failed because you provided invalid values for one 1895// or more of the request parameters. This exception includes a reason that 1896// contains additional information about the violated limit: 1897// 1898// Some of the reasons in the following list might not be applicable to this 1899// specific API or operation. 1900// 1901// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 1902// the same entity. 1903// 1904// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 1905// can't be modified. 1906// 1907// * INPUT_REQUIRED: You must include a value for all required parameters. 1908// 1909// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 1910// for the invited account owner. 1911// 1912// * INVALID_ENUM: You specified an invalid value. 1913// 1914// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 1915// 1916// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 1917// characters. 1918// 1919// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 1920// at least one invalid value. 1921// 1922// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 1923// from the response to a previous call of the operation. 1924// 1925// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 1926// organization, or email) as a party. 1927// 1928// * INVALID_PATTERN: You provided a value that doesn't match the required 1929// pattern. 1930// 1931// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 1932// match the required pattern. 1933// 1934// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 1935// name can't begin with the reserved prefix AWSServiceRoleFor. 1936// 1937// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 1938// Name (ARN) for the organization. 1939// 1940// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 1941// 1942// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 1943// tag. You can’t add, edit, or delete system tag keys because they're 1944// reserved for AWS use. System tags don’t count against your tags per 1945// resource limit. 1946// 1947// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 1948// for the operation. 1949// 1950// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 1951// than allowed. 1952// 1953// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 1954// value than allowed. 1955// 1956// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 1957// than allowed. 1958// 1959// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 1960// value than allowed. 1961// 1962// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 1963// between entities in the same root. 1964// 1965// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 1966// target entity. 1967// 1968// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 1969// isn't recognized. 1970// 1971// * ServiceException 1972// AWS Organizations can't complete your request because of an internal service 1973// error. Try again later. 1974// 1975// * TooManyRequestsException 1976// You have sent too many requests in too short a period of time. The quota 1977// helps protect against denial-of-service attacks. Try again later. 1978// 1979// For information about quotas that affect AWS Organizations, see Quotas for 1980// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 1981// the AWS Organizations User Guide. 1982// 1983// * AccessDeniedForDependencyException 1984// The operation that you attempted requires you to have the iam:CreateServiceLinkedRole 1985// for organizations.amazonaws.com permission so that AWS Organizations can 1986// create the required service-linked role. You don't have that permission. 1987// 1988// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganization 1989func (c *Organizations) CreateOrganization(input *CreateOrganizationInput) (*CreateOrganizationOutput, error) { 1990 req, out := c.CreateOrganizationRequest(input) 1991 return out, req.Send() 1992} 1993 1994// CreateOrganizationWithContext is the same as CreateOrganization with the addition of 1995// the ability to pass a context and additional request options. 1996// 1997// See CreateOrganization for details on how to use this API operation. 1998// 1999// The context must be non-nil and will be used for request cancellation. If 2000// the context is nil a panic will occur. In the future the SDK may create 2001// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2002// for more information on using Contexts. 2003func (c *Organizations) CreateOrganizationWithContext(ctx aws.Context, input *CreateOrganizationInput, opts ...request.Option) (*CreateOrganizationOutput, error) { 2004 req, out := c.CreateOrganizationRequest(input) 2005 req.SetContext(ctx) 2006 req.ApplyOptions(opts...) 2007 return out, req.Send() 2008} 2009 2010const opCreateOrganizationalUnit = "CreateOrganizationalUnit" 2011 2012// CreateOrganizationalUnitRequest generates a "aws/request.Request" representing the 2013// client's request for the CreateOrganizationalUnit operation. The "output" return 2014// value will be populated with the request's response once the request completes 2015// successfully. 2016// 2017// Use "Send" method on the returned Request to send the API call to the service. 2018// the "output" return value is not valid until after Send returns without error. 2019// 2020// See CreateOrganizationalUnit for more information on using the CreateOrganizationalUnit 2021// API call, and error handling. 2022// 2023// This method is useful when you want to inject custom logic or configuration 2024// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2025// 2026// 2027// // Example sending a request using the CreateOrganizationalUnitRequest method. 2028// req, resp := client.CreateOrganizationalUnitRequest(params) 2029// 2030// err := req.Send() 2031// if err == nil { // resp is now filled 2032// fmt.Println(resp) 2033// } 2034// 2035// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationalUnit 2036func (c *Organizations) CreateOrganizationalUnitRequest(input *CreateOrganizationalUnitInput) (req *request.Request, output *CreateOrganizationalUnitOutput) { 2037 op := &request.Operation{ 2038 Name: opCreateOrganizationalUnit, 2039 HTTPMethod: "POST", 2040 HTTPPath: "/", 2041 } 2042 2043 if input == nil { 2044 input = &CreateOrganizationalUnitInput{} 2045 } 2046 2047 output = &CreateOrganizationalUnitOutput{} 2048 req = c.newRequest(op, input, output) 2049 return 2050} 2051 2052// CreateOrganizationalUnit API operation for AWS Organizations. 2053// 2054// Creates an organizational unit (OU) within a root or parent OU. An OU is 2055// a container for accounts that enables you to organize your accounts to apply 2056// policies according to your business requirements. The number of levels deep 2057// that you can nest OUs is dependent upon the policy types enabled for that 2058// root. For service control policies, the limit is five. 2059// 2060// For more information about OUs, see Managing Organizational Units (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_ous.html) 2061// in the AWS Organizations User Guide. 2062// 2063// If the request includes tags, then the requester must have the organizations:TagResource 2064// permission. 2065// 2066// This operation can be called only from the organization's management account. 2067// 2068// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2069// with awserr.Error's Code and Message methods to get detailed information about 2070// the error. 2071// 2072// See the AWS API reference guide for AWS Organizations's 2073// API operation CreateOrganizationalUnit for usage and error information. 2074// 2075// Returned Error Types: 2076// * AccessDeniedException 2077// You don't have permissions to perform the requested operation. The user or 2078// role that is making the request must have at least one IAM permissions policy 2079// attached that grants the required permissions. For more information, see 2080// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 2081// in the IAM User Guide. 2082// 2083// * AWSOrganizationsNotInUseException 2084// Your account isn't a member of an organization. To make this request, you 2085// must use the credentials of an account that belongs to an organization. 2086// 2087// * ConcurrentModificationException 2088// The target of the operation is currently being modified by a different request. 2089// Try again later. 2090// 2091// * ConstraintViolationException 2092// Performing this operation violates a minimum or maximum value limit. For 2093// example, attempting to remove the last service control policy (SCP) from 2094// an OU or root, inviting or creating too many accounts to the organization, 2095// or attaching too many policies to an account, OU, or root. This exception 2096// includes a reason that contains additional information about the violated 2097// limit: 2098// 2099// Some of the reasons in the following list might not be applicable to this 2100// specific API or operation. 2101// 2102// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 2103// account from the organization. You can't remove the management account. 2104// Instead, after you remove all member accounts, delete the organization 2105// itself. 2106// 2107// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 2108// from the organization that doesn't yet have enough information to exist 2109// as a standalone account. This account requires you to first agree to the 2110// AWS Customer Agreement. Follow the steps at Removing a member account 2111// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 2112// the AWS Organizations User Guide. 2113// 2114// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 2115// an account from the organization that doesn't yet have enough information 2116// to exist as a standalone account. This account requires you to first complete 2117// phone verification. Follow the steps at Removing a member account from 2118// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 2119// in the AWS Organizations User Guide. 2120// 2121// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 2122// of accounts that you can create in one day. 2123// 2124// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 2125// the number of accounts in an organization. If you need more accounts, 2126// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 2127// request an increase in your limit. Or the number of invitations that you 2128// tried to send would cause you to exceed the limit of accounts in your 2129// organization. Send fewer invitations or contact AWS Support to request 2130// an increase in the number of accounts. Deleted and closed accounts still 2131// count toward your limit. If you get this exception when running a command 2132// immediately after creating the organization, wait one hour and try again. 2133// After an hour, if the command continues to fail with this error, contact 2134// AWS Support (https://console.aws.amazon.com/support/home#/). 2135// 2136// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 2137// register the management account of the organization as a delegated administrator 2138// for an AWS service integrated with Organizations. You can designate only 2139// a member account as a delegated administrator. 2140// 2141// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 2142// an account that is registered as a delegated administrator for a service 2143// integrated with your organization. To complete this operation, you must 2144// first deregister this account as a delegated administrator. 2145// 2146// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 2147// organization in the specified region, you must enable all features mode. 2148// 2149// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 2150// an AWS account as a delegated administrator for an AWS service that already 2151// has a delegated administrator. To complete this operation, you must first 2152// deregister any existing delegated administrators for this service. 2153// 2154// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 2155// valid for a limited period of time. You must resubmit the request and 2156// generate a new verfication code. 2157// 2158// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 2159// handshakes that you can send in one day. 2160// 2161// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 2162// in this organization, you first must migrate the organization's management 2163// account to the marketplace that corresponds to the management account's 2164// address. For example, accounts with India addresses must be associated 2165// with the AISPL marketplace. All accounts in an organization must be associated 2166// with the same marketplace. 2167// 2168// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 2169// in China. To create an organization, the master must have a valid business 2170// license. For more information, contact customer support. 2171// 2172// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 2173// must first provide a valid contact address and phone number for the management 2174// account. Then try the operation again. 2175// 2176// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 2177// management account must have an associated account in the AWS GovCloud 2178// (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 2179// in the AWS GovCloud User Guide. 2180// 2181// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 2182// with this management account, you first must associate a valid payment 2183// instrument, such as a credit card, with the account. Follow the steps 2184// at To leave an organization when all required account information has 2185// not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 2186// in the AWS Organizations User Guide. 2187// 2188// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 2189// to register more delegated administrators than allowed for the service 2190// principal. 2191// 2192// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 2193// number of policies of a certain type that can be attached to an entity 2194// at one time. 2195// 2196// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 2197// on this resource. 2198// 2199// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 2200// with this member account, you first must associate a valid payment instrument, 2201// such as a credit card, with the account. Follow the steps at To leave 2202// an organization when all required account information has not yet been 2203// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 2204// in the AWS Organizations User Guide. 2205// 2206// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 2207// policy from an entity that would cause the entity to have fewer than the 2208// minimum number of policies of a certain type required. 2209// 2210// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 2211// that requires the organization to be configured to support all features. 2212// An organization that supports only consolidated billing features can't 2213// perform this operation. 2214// 2215// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 2216// too many levels deep. 2217// 2218// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 2219// that you can have in an organization. 2220// 2221// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 2222// is larger than the maximum size. 2223// 2224// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 2225// policies that you can have in an organization. 2226// 2227// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 2228// tags that are not compliant with the tag policy requirements for this 2229// account. 2230// 2231// * DuplicateOrganizationalUnitException 2232// An OU with the same name already exists. 2233// 2234// * InvalidInputException 2235// The requested operation failed because you provided invalid values for one 2236// or more of the request parameters. This exception includes a reason that 2237// contains additional information about the violated limit: 2238// 2239// Some of the reasons in the following list might not be applicable to this 2240// specific API or operation. 2241// 2242// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 2243// the same entity. 2244// 2245// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 2246// can't be modified. 2247// 2248// * INPUT_REQUIRED: You must include a value for all required parameters. 2249// 2250// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 2251// for the invited account owner. 2252// 2253// * INVALID_ENUM: You specified an invalid value. 2254// 2255// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 2256// 2257// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 2258// characters. 2259// 2260// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 2261// at least one invalid value. 2262// 2263// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 2264// from the response to a previous call of the operation. 2265// 2266// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 2267// organization, or email) as a party. 2268// 2269// * INVALID_PATTERN: You provided a value that doesn't match the required 2270// pattern. 2271// 2272// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 2273// match the required pattern. 2274// 2275// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 2276// name can't begin with the reserved prefix AWSServiceRoleFor. 2277// 2278// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 2279// Name (ARN) for the organization. 2280// 2281// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 2282// 2283// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 2284// tag. You can’t add, edit, or delete system tag keys because they're 2285// reserved for AWS use. System tags don’t count against your tags per 2286// resource limit. 2287// 2288// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 2289// for the operation. 2290// 2291// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 2292// than allowed. 2293// 2294// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 2295// value than allowed. 2296// 2297// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 2298// than allowed. 2299// 2300// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 2301// value than allowed. 2302// 2303// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 2304// between entities in the same root. 2305// 2306// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 2307// target entity. 2308// 2309// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 2310// isn't recognized. 2311// 2312// * ParentNotFoundException 2313// We can't find a root or OU with the ParentId that you specified. 2314// 2315// * ServiceException 2316// AWS Organizations can't complete your request because of an internal service 2317// error. Try again later. 2318// 2319// * TooManyRequestsException 2320// You have sent too many requests in too short a period of time. The quota 2321// helps protect against denial-of-service attacks. Try again later. 2322// 2323// For information about quotas that affect AWS Organizations, see Quotas for 2324// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 2325// the AWS Organizations User Guide. 2326// 2327// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationalUnit 2328func (c *Organizations) CreateOrganizationalUnit(input *CreateOrganizationalUnitInput) (*CreateOrganizationalUnitOutput, error) { 2329 req, out := c.CreateOrganizationalUnitRequest(input) 2330 return out, req.Send() 2331} 2332 2333// CreateOrganizationalUnitWithContext is the same as CreateOrganizationalUnit with the addition of 2334// the ability to pass a context and additional request options. 2335// 2336// See CreateOrganizationalUnit for details on how to use this API operation. 2337// 2338// The context must be non-nil and will be used for request cancellation. If 2339// the context is nil a panic will occur. In the future the SDK may create 2340// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2341// for more information on using Contexts. 2342func (c *Organizations) CreateOrganizationalUnitWithContext(ctx aws.Context, input *CreateOrganizationalUnitInput, opts ...request.Option) (*CreateOrganizationalUnitOutput, error) { 2343 req, out := c.CreateOrganizationalUnitRequest(input) 2344 req.SetContext(ctx) 2345 req.ApplyOptions(opts...) 2346 return out, req.Send() 2347} 2348 2349const opCreatePolicy = "CreatePolicy" 2350 2351// CreatePolicyRequest generates a "aws/request.Request" representing the 2352// client's request for the CreatePolicy operation. The "output" return 2353// value will be populated with the request's response once the request completes 2354// successfully. 2355// 2356// Use "Send" method on the returned Request to send the API call to the service. 2357// the "output" return value is not valid until after Send returns without error. 2358// 2359// See CreatePolicy for more information on using the CreatePolicy 2360// API call, and error handling. 2361// 2362// This method is useful when you want to inject custom logic or configuration 2363// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2364// 2365// 2366// // Example sending a request using the CreatePolicyRequest method. 2367// req, resp := client.CreatePolicyRequest(params) 2368// 2369// err := req.Send() 2370// if err == nil { // resp is now filled 2371// fmt.Println(resp) 2372// } 2373// 2374// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicy 2375func (c *Organizations) CreatePolicyRequest(input *CreatePolicyInput) (req *request.Request, output *CreatePolicyOutput) { 2376 op := &request.Operation{ 2377 Name: opCreatePolicy, 2378 HTTPMethod: "POST", 2379 HTTPPath: "/", 2380 } 2381 2382 if input == nil { 2383 input = &CreatePolicyInput{} 2384 } 2385 2386 output = &CreatePolicyOutput{} 2387 req = c.newRequest(op, input, output) 2388 return 2389} 2390 2391// CreatePolicy API operation for AWS Organizations. 2392// 2393// Creates a policy of a specified type that you can attach to a root, an organizational 2394// unit (OU), or an individual AWS account. 2395// 2396// For more information about policies and their use, see Managing Organization 2397// Policies (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html). 2398// 2399// If the request includes tags, then the requester must have the organizations:TagResource 2400// permission. 2401// 2402// This operation can be called only from the organization's management account. 2403// 2404// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2405// with awserr.Error's Code and Message methods to get detailed information about 2406// the error. 2407// 2408// See the AWS API reference guide for AWS Organizations's 2409// API operation CreatePolicy for usage and error information. 2410// 2411// Returned Error Types: 2412// * AccessDeniedException 2413// You don't have permissions to perform the requested operation. The user or 2414// role that is making the request must have at least one IAM permissions policy 2415// attached that grants the required permissions. For more information, see 2416// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 2417// in the IAM User Guide. 2418// 2419// * AWSOrganizationsNotInUseException 2420// Your account isn't a member of an organization. To make this request, you 2421// must use the credentials of an account that belongs to an organization. 2422// 2423// * ConcurrentModificationException 2424// The target of the operation is currently being modified by a different request. 2425// Try again later. 2426// 2427// * ConstraintViolationException 2428// Performing this operation violates a minimum or maximum value limit. For 2429// example, attempting to remove the last service control policy (SCP) from 2430// an OU or root, inviting or creating too many accounts to the organization, 2431// or attaching too many policies to an account, OU, or root. This exception 2432// includes a reason that contains additional information about the violated 2433// limit: 2434// 2435// Some of the reasons in the following list might not be applicable to this 2436// specific API or operation. 2437// 2438// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 2439// account from the organization. You can't remove the management account. 2440// Instead, after you remove all member accounts, delete the organization 2441// itself. 2442// 2443// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 2444// from the organization that doesn't yet have enough information to exist 2445// as a standalone account. This account requires you to first agree to the 2446// AWS Customer Agreement. Follow the steps at Removing a member account 2447// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 2448// the AWS Organizations User Guide. 2449// 2450// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 2451// an account from the organization that doesn't yet have enough information 2452// to exist as a standalone account. This account requires you to first complete 2453// phone verification. Follow the steps at Removing a member account from 2454// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 2455// in the AWS Organizations User Guide. 2456// 2457// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 2458// of accounts that you can create in one day. 2459// 2460// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 2461// the number of accounts in an organization. If you need more accounts, 2462// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 2463// request an increase in your limit. Or the number of invitations that you 2464// tried to send would cause you to exceed the limit of accounts in your 2465// organization. Send fewer invitations or contact AWS Support to request 2466// an increase in the number of accounts. Deleted and closed accounts still 2467// count toward your limit. If you get this exception when running a command 2468// immediately after creating the organization, wait one hour and try again. 2469// After an hour, if the command continues to fail with this error, contact 2470// AWS Support (https://console.aws.amazon.com/support/home#/). 2471// 2472// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 2473// register the management account of the organization as a delegated administrator 2474// for an AWS service integrated with Organizations. You can designate only 2475// a member account as a delegated administrator. 2476// 2477// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 2478// an account that is registered as a delegated administrator for a service 2479// integrated with your organization. To complete this operation, you must 2480// first deregister this account as a delegated administrator. 2481// 2482// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 2483// organization in the specified region, you must enable all features mode. 2484// 2485// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 2486// an AWS account as a delegated administrator for an AWS service that already 2487// has a delegated administrator. To complete this operation, you must first 2488// deregister any existing delegated administrators for this service. 2489// 2490// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 2491// valid for a limited period of time. You must resubmit the request and 2492// generate a new verfication code. 2493// 2494// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 2495// handshakes that you can send in one day. 2496// 2497// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 2498// in this organization, you first must migrate the organization's management 2499// account to the marketplace that corresponds to the management account's 2500// address. For example, accounts with India addresses must be associated 2501// with the AISPL marketplace. All accounts in an organization must be associated 2502// with the same marketplace. 2503// 2504// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 2505// in China. To create an organization, the master must have a valid business 2506// license. For more information, contact customer support. 2507// 2508// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 2509// must first provide a valid contact address and phone number for the management 2510// account. Then try the operation again. 2511// 2512// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 2513// management account must have an associated account in the AWS GovCloud 2514// (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 2515// in the AWS GovCloud User Guide. 2516// 2517// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 2518// with this management account, you first must associate a valid payment 2519// instrument, such as a credit card, with the account. Follow the steps 2520// at To leave an organization when all required account information has 2521// not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 2522// in the AWS Organizations User Guide. 2523// 2524// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 2525// to register more delegated administrators than allowed for the service 2526// principal. 2527// 2528// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 2529// number of policies of a certain type that can be attached to an entity 2530// at one time. 2531// 2532// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 2533// on this resource. 2534// 2535// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 2536// with this member account, you first must associate a valid payment instrument, 2537// such as a credit card, with the account. Follow the steps at To leave 2538// an organization when all required account information has not yet been 2539// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 2540// in the AWS Organizations User Guide. 2541// 2542// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 2543// policy from an entity that would cause the entity to have fewer than the 2544// minimum number of policies of a certain type required. 2545// 2546// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 2547// that requires the organization to be configured to support all features. 2548// An organization that supports only consolidated billing features can't 2549// perform this operation. 2550// 2551// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 2552// too many levels deep. 2553// 2554// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 2555// that you can have in an organization. 2556// 2557// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 2558// is larger than the maximum size. 2559// 2560// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 2561// policies that you can have in an organization. 2562// 2563// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 2564// tags that are not compliant with the tag policy requirements for this 2565// account. 2566// 2567// * DuplicatePolicyException 2568// A policy with the same name already exists. 2569// 2570// * InvalidInputException 2571// The requested operation failed because you provided invalid values for one 2572// or more of the request parameters. This exception includes a reason that 2573// contains additional information about the violated limit: 2574// 2575// Some of the reasons in the following list might not be applicable to this 2576// specific API or operation. 2577// 2578// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 2579// the same entity. 2580// 2581// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 2582// can't be modified. 2583// 2584// * INPUT_REQUIRED: You must include a value for all required parameters. 2585// 2586// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 2587// for the invited account owner. 2588// 2589// * INVALID_ENUM: You specified an invalid value. 2590// 2591// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 2592// 2593// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 2594// characters. 2595// 2596// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 2597// at least one invalid value. 2598// 2599// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 2600// from the response to a previous call of the operation. 2601// 2602// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 2603// organization, or email) as a party. 2604// 2605// * INVALID_PATTERN: You provided a value that doesn't match the required 2606// pattern. 2607// 2608// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 2609// match the required pattern. 2610// 2611// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 2612// name can't begin with the reserved prefix AWSServiceRoleFor. 2613// 2614// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 2615// Name (ARN) for the organization. 2616// 2617// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 2618// 2619// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 2620// tag. You can’t add, edit, or delete system tag keys because they're 2621// reserved for AWS use. System tags don’t count against your tags per 2622// resource limit. 2623// 2624// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 2625// for the operation. 2626// 2627// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 2628// than allowed. 2629// 2630// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 2631// value than allowed. 2632// 2633// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 2634// than allowed. 2635// 2636// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 2637// value than allowed. 2638// 2639// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 2640// between entities in the same root. 2641// 2642// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 2643// target entity. 2644// 2645// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 2646// isn't recognized. 2647// 2648// * MalformedPolicyDocumentException 2649// The provided policy document doesn't meet the requirements of the specified 2650// policy type. For example, the syntax might be incorrect. For details about 2651// service control policy syntax, see Service Control Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html) 2652// in the AWS Organizations User Guide. 2653// 2654// * PolicyTypeNotAvailableForOrganizationException 2655// You can't use the specified policy type with the feature set currently enabled 2656// for this organization. For example, you can enable SCPs only after you enable 2657// all features in the organization. For more information, see Managing AWS 2658// Organizations Policies (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root)in 2659// the AWS Organizations User Guide. 2660// 2661// * ServiceException 2662// AWS Organizations can't complete your request because of an internal service 2663// error. Try again later. 2664// 2665// * TooManyRequestsException 2666// You have sent too many requests in too short a period of time. The quota 2667// helps protect against denial-of-service attacks. Try again later. 2668// 2669// For information about quotas that affect AWS Organizations, see Quotas for 2670// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 2671// the AWS Organizations User Guide. 2672// 2673// * UnsupportedAPIEndpointException 2674// This action isn't available in the current AWS Region. 2675// 2676// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicy 2677func (c *Organizations) CreatePolicy(input *CreatePolicyInput) (*CreatePolicyOutput, error) { 2678 req, out := c.CreatePolicyRequest(input) 2679 return out, req.Send() 2680} 2681 2682// CreatePolicyWithContext is the same as CreatePolicy with the addition of 2683// the ability to pass a context and additional request options. 2684// 2685// See CreatePolicy for details on how to use this API operation. 2686// 2687// The context must be non-nil and will be used for request cancellation. If 2688// the context is nil a panic will occur. In the future the SDK may create 2689// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2690// for more information on using Contexts. 2691func (c *Organizations) CreatePolicyWithContext(ctx aws.Context, input *CreatePolicyInput, opts ...request.Option) (*CreatePolicyOutput, error) { 2692 req, out := c.CreatePolicyRequest(input) 2693 req.SetContext(ctx) 2694 req.ApplyOptions(opts...) 2695 return out, req.Send() 2696} 2697 2698const opDeclineHandshake = "DeclineHandshake" 2699 2700// DeclineHandshakeRequest generates a "aws/request.Request" representing the 2701// client's request for the DeclineHandshake operation. The "output" return 2702// value will be populated with the request's response once the request completes 2703// successfully. 2704// 2705// Use "Send" method on the returned Request to send the API call to the service. 2706// the "output" return value is not valid until after Send returns without error. 2707// 2708// See DeclineHandshake for more information on using the DeclineHandshake 2709// API call, and error handling. 2710// 2711// This method is useful when you want to inject custom logic or configuration 2712// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2713// 2714// 2715// // Example sending a request using the DeclineHandshakeRequest method. 2716// req, resp := client.DeclineHandshakeRequest(params) 2717// 2718// err := req.Send() 2719// if err == nil { // resp is now filled 2720// fmt.Println(resp) 2721// } 2722// 2723// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeclineHandshake 2724func (c *Organizations) DeclineHandshakeRequest(input *DeclineHandshakeInput) (req *request.Request, output *DeclineHandshakeOutput) { 2725 op := &request.Operation{ 2726 Name: opDeclineHandshake, 2727 HTTPMethod: "POST", 2728 HTTPPath: "/", 2729 } 2730 2731 if input == nil { 2732 input = &DeclineHandshakeInput{} 2733 } 2734 2735 output = &DeclineHandshakeOutput{} 2736 req = c.newRequest(op, input, output) 2737 return 2738} 2739 2740// DeclineHandshake API operation for AWS Organizations. 2741// 2742// Declines a handshake request. This sets the handshake state to DECLINED and 2743// effectively deactivates the request. 2744// 2745// This operation can be called only from the account that received the handshake. 2746// The originator of the handshake can use CancelHandshake instead. The originator 2747// can't reactivate a declined request, but can reinitiate the process with 2748// a new handshake request. 2749// 2750// After you decline a handshake, it continues to appear in the results of relevant 2751// APIs for only 30 days. After that, it's deleted. 2752// 2753// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2754// with awserr.Error's Code and Message methods to get detailed information about 2755// the error. 2756// 2757// See the AWS API reference guide for AWS Organizations's 2758// API operation DeclineHandshake for usage and error information. 2759// 2760// Returned Error Types: 2761// * AccessDeniedException 2762// You don't have permissions to perform the requested operation. The user or 2763// role that is making the request must have at least one IAM permissions policy 2764// attached that grants the required permissions. For more information, see 2765// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 2766// in the IAM User Guide. 2767// 2768// * ConcurrentModificationException 2769// The target of the operation is currently being modified by a different request. 2770// Try again later. 2771// 2772// * HandshakeNotFoundException 2773// We can't find a handshake with the HandshakeId that you specified. 2774// 2775// * InvalidHandshakeTransitionException 2776// You can't perform the operation on the handshake in its current state. For 2777// example, you can't cancel a handshake that was already accepted or accept 2778// a handshake that was already declined. 2779// 2780// * HandshakeAlreadyInStateException 2781// The specified handshake is already in the requested state. For example, you 2782// can't accept a handshake that was already accepted. 2783// 2784// * InvalidInputException 2785// The requested operation failed because you provided invalid values for one 2786// or more of the request parameters. This exception includes a reason that 2787// contains additional information about the violated limit: 2788// 2789// Some of the reasons in the following list might not be applicable to this 2790// specific API or operation. 2791// 2792// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 2793// the same entity. 2794// 2795// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 2796// can't be modified. 2797// 2798// * INPUT_REQUIRED: You must include a value for all required parameters. 2799// 2800// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 2801// for the invited account owner. 2802// 2803// * INVALID_ENUM: You specified an invalid value. 2804// 2805// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 2806// 2807// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 2808// characters. 2809// 2810// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 2811// at least one invalid value. 2812// 2813// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 2814// from the response to a previous call of the operation. 2815// 2816// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 2817// organization, or email) as a party. 2818// 2819// * INVALID_PATTERN: You provided a value that doesn't match the required 2820// pattern. 2821// 2822// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 2823// match the required pattern. 2824// 2825// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 2826// name can't begin with the reserved prefix AWSServiceRoleFor. 2827// 2828// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 2829// Name (ARN) for the organization. 2830// 2831// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 2832// 2833// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 2834// tag. You can’t add, edit, or delete system tag keys because they're 2835// reserved for AWS use. System tags don’t count against your tags per 2836// resource limit. 2837// 2838// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 2839// for the operation. 2840// 2841// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 2842// than allowed. 2843// 2844// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 2845// value than allowed. 2846// 2847// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 2848// than allowed. 2849// 2850// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 2851// value than allowed. 2852// 2853// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 2854// between entities in the same root. 2855// 2856// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 2857// target entity. 2858// 2859// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 2860// isn't recognized. 2861// 2862// * ServiceException 2863// AWS Organizations can't complete your request because of an internal service 2864// error. Try again later. 2865// 2866// * TooManyRequestsException 2867// You have sent too many requests in too short a period of time. The quota 2868// helps protect against denial-of-service attacks. Try again later. 2869// 2870// For information about quotas that affect AWS Organizations, see Quotas for 2871// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 2872// the AWS Organizations User Guide. 2873// 2874// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeclineHandshake 2875func (c *Organizations) DeclineHandshake(input *DeclineHandshakeInput) (*DeclineHandshakeOutput, error) { 2876 req, out := c.DeclineHandshakeRequest(input) 2877 return out, req.Send() 2878} 2879 2880// DeclineHandshakeWithContext is the same as DeclineHandshake with the addition of 2881// the ability to pass a context and additional request options. 2882// 2883// See DeclineHandshake for details on how to use this API operation. 2884// 2885// The context must be non-nil and will be used for request cancellation. If 2886// the context is nil a panic will occur. In the future the SDK may create 2887// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2888// for more information on using Contexts. 2889func (c *Organizations) DeclineHandshakeWithContext(ctx aws.Context, input *DeclineHandshakeInput, opts ...request.Option) (*DeclineHandshakeOutput, error) { 2890 req, out := c.DeclineHandshakeRequest(input) 2891 req.SetContext(ctx) 2892 req.ApplyOptions(opts...) 2893 return out, req.Send() 2894} 2895 2896const opDeleteOrganization = "DeleteOrganization" 2897 2898// DeleteOrganizationRequest generates a "aws/request.Request" representing the 2899// client's request for the DeleteOrganization operation. The "output" return 2900// value will be populated with the request's response once the request completes 2901// successfully. 2902// 2903// Use "Send" method on the returned Request to send the API call to the service. 2904// the "output" return value is not valid until after Send returns without error. 2905// 2906// See DeleteOrganization for more information on using the DeleteOrganization 2907// API call, and error handling. 2908// 2909// This method is useful when you want to inject custom logic or configuration 2910// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2911// 2912// 2913// // Example sending a request using the DeleteOrganizationRequest method. 2914// req, resp := client.DeleteOrganizationRequest(params) 2915// 2916// err := req.Send() 2917// if err == nil { // resp is now filled 2918// fmt.Println(resp) 2919// } 2920// 2921// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganization 2922func (c *Organizations) DeleteOrganizationRequest(input *DeleteOrganizationInput) (req *request.Request, output *DeleteOrganizationOutput) { 2923 op := &request.Operation{ 2924 Name: opDeleteOrganization, 2925 HTTPMethod: "POST", 2926 HTTPPath: "/", 2927 } 2928 2929 if input == nil { 2930 input = &DeleteOrganizationInput{} 2931 } 2932 2933 output = &DeleteOrganizationOutput{} 2934 req = c.newRequest(op, input, output) 2935 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2936 return 2937} 2938 2939// DeleteOrganization API operation for AWS Organizations. 2940// 2941// Deletes the organization. You can delete an organization only by using credentials 2942// from the management account. The organization must be empty of member accounts. 2943// 2944// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2945// with awserr.Error's Code and Message methods to get detailed information about 2946// the error. 2947// 2948// See the AWS API reference guide for AWS Organizations's 2949// API operation DeleteOrganization for usage and error information. 2950// 2951// Returned Error Types: 2952// * AccessDeniedException 2953// You don't have permissions to perform the requested operation. The user or 2954// role that is making the request must have at least one IAM permissions policy 2955// attached that grants the required permissions. For more information, see 2956// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 2957// in the IAM User Guide. 2958// 2959// * AWSOrganizationsNotInUseException 2960// Your account isn't a member of an organization. To make this request, you 2961// must use the credentials of an account that belongs to an organization. 2962// 2963// * ConcurrentModificationException 2964// The target of the operation is currently being modified by a different request. 2965// Try again later. 2966// 2967// * InvalidInputException 2968// The requested operation failed because you provided invalid values for one 2969// or more of the request parameters. This exception includes a reason that 2970// contains additional information about the violated limit: 2971// 2972// Some of the reasons in the following list might not be applicable to this 2973// specific API or operation. 2974// 2975// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 2976// the same entity. 2977// 2978// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 2979// can't be modified. 2980// 2981// * INPUT_REQUIRED: You must include a value for all required parameters. 2982// 2983// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 2984// for the invited account owner. 2985// 2986// * INVALID_ENUM: You specified an invalid value. 2987// 2988// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 2989// 2990// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 2991// characters. 2992// 2993// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 2994// at least one invalid value. 2995// 2996// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 2997// from the response to a previous call of the operation. 2998// 2999// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 3000// organization, or email) as a party. 3001// 3002// * INVALID_PATTERN: You provided a value that doesn't match the required 3003// pattern. 3004// 3005// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 3006// match the required pattern. 3007// 3008// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 3009// name can't begin with the reserved prefix AWSServiceRoleFor. 3010// 3011// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 3012// Name (ARN) for the organization. 3013// 3014// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 3015// 3016// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 3017// tag. You can’t add, edit, or delete system tag keys because they're 3018// reserved for AWS use. System tags don’t count against your tags per 3019// resource limit. 3020// 3021// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 3022// for the operation. 3023// 3024// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 3025// than allowed. 3026// 3027// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 3028// value than allowed. 3029// 3030// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 3031// than allowed. 3032// 3033// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 3034// value than allowed. 3035// 3036// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 3037// between entities in the same root. 3038// 3039// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 3040// target entity. 3041// 3042// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 3043// isn't recognized. 3044// 3045// * OrganizationNotEmptyException 3046// The organization isn't empty. To delete an organization, you must first remove 3047// all accounts except the management account, delete all OUs, and delete all 3048// policies. 3049// 3050// * ServiceException 3051// AWS Organizations can't complete your request because of an internal service 3052// error. Try again later. 3053// 3054// * TooManyRequestsException 3055// You have sent too many requests in too short a period of time. The quota 3056// helps protect against denial-of-service attacks. Try again later. 3057// 3058// For information about quotas that affect AWS Organizations, see Quotas for 3059// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 3060// the AWS Organizations User Guide. 3061// 3062// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganization 3063func (c *Organizations) DeleteOrganization(input *DeleteOrganizationInput) (*DeleteOrganizationOutput, error) { 3064 req, out := c.DeleteOrganizationRequest(input) 3065 return out, req.Send() 3066} 3067 3068// DeleteOrganizationWithContext is the same as DeleteOrganization with the addition of 3069// the ability to pass a context and additional request options. 3070// 3071// See DeleteOrganization for details on how to use this API operation. 3072// 3073// The context must be non-nil and will be used for request cancellation. If 3074// the context is nil a panic will occur. In the future the SDK may create 3075// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3076// for more information on using Contexts. 3077func (c *Organizations) DeleteOrganizationWithContext(ctx aws.Context, input *DeleteOrganizationInput, opts ...request.Option) (*DeleteOrganizationOutput, error) { 3078 req, out := c.DeleteOrganizationRequest(input) 3079 req.SetContext(ctx) 3080 req.ApplyOptions(opts...) 3081 return out, req.Send() 3082} 3083 3084const opDeleteOrganizationalUnit = "DeleteOrganizationalUnit" 3085 3086// DeleteOrganizationalUnitRequest generates a "aws/request.Request" representing the 3087// client's request for the DeleteOrganizationalUnit operation. The "output" return 3088// value will be populated with the request's response once the request completes 3089// successfully. 3090// 3091// Use "Send" method on the returned Request to send the API call to the service. 3092// the "output" return value is not valid until after Send returns without error. 3093// 3094// See DeleteOrganizationalUnit for more information on using the DeleteOrganizationalUnit 3095// API call, and error handling. 3096// 3097// This method is useful when you want to inject custom logic or configuration 3098// into the SDK's request lifecycle. Such as custom headers, or retry logic. 3099// 3100// 3101// // Example sending a request using the DeleteOrganizationalUnitRequest method. 3102// req, resp := client.DeleteOrganizationalUnitRequest(params) 3103// 3104// err := req.Send() 3105// if err == nil { // resp is now filled 3106// fmt.Println(resp) 3107// } 3108// 3109// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganizationalUnit 3110func (c *Organizations) DeleteOrganizationalUnitRequest(input *DeleteOrganizationalUnitInput) (req *request.Request, output *DeleteOrganizationalUnitOutput) { 3111 op := &request.Operation{ 3112 Name: opDeleteOrganizationalUnit, 3113 HTTPMethod: "POST", 3114 HTTPPath: "/", 3115 } 3116 3117 if input == nil { 3118 input = &DeleteOrganizationalUnitInput{} 3119 } 3120 3121 output = &DeleteOrganizationalUnitOutput{} 3122 req = c.newRequest(op, input, output) 3123 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 3124 return 3125} 3126 3127// DeleteOrganizationalUnit API operation for AWS Organizations. 3128// 3129// Deletes an organizational unit (OU) from a root or another OU. You must first 3130// remove all accounts and child OUs from the OU that you want to delete. 3131// 3132// This operation can be called only from the organization's management account. 3133// 3134// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 3135// with awserr.Error's Code and Message methods to get detailed information about 3136// the error. 3137// 3138// See the AWS API reference guide for AWS Organizations's 3139// API operation DeleteOrganizationalUnit for usage and error information. 3140// 3141// Returned Error Types: 3142// * AccessDeniedException 3143// You don't have permissions to perform the requested operation. The user or 3144// role that is making the request must have at least one IAM permissions policy 3145// attached that grants the required permissions. For more information, see 3146// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 3147// in the IAM User Guide. 3148// 3149// * AWSOrganizationsNotInUseException 3150// Your account isn't a member of an organization. To make this request, you 3151// must use the credentials of an account that belongs to an organization. 3152// 3153// * ConcurrentModificationException 3154// The target of the operation is currently being modified by a different request. 3155// Try again later. 3156// 3157// * InvalidInputException 3158// The requested operation failed because you provided invalid values for one 3159// or more of the request parameters. This exception includes a reason that 3160// contains additional information about the violated limit: 3161// 3162// Some of the reasons in the following list might not be applicable to this 3163// specific API or operation. 3164// 3165// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 3166// the same entity. 3167// 3168// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 3169// can't be modified. 3170// 3171// * INPUT_REQUIRED: You must include a value for all required parameters. 3172// 3173// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 3174// for the invited account owner. 3175// 3176// * INVALID_ENUM: You specified an invalid value. 3177// 3178// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 3179// 3180// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 3181// characters. 3182// 3183// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 3184// at least one invalid value. 3185// 3186// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 3187// from the response to a previous call of the operation. 3188// 3189// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 3190// organization, or email) as a party. 3191// 3192// * INVALID_PATTERN: You provided a value that doesn't match the required 3193// pattern. 3194// 3195// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 3196// match the required pattern. 3197// 3198// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 3199// name can't begin with the reserved prefix AWSServiceRoleFor. 3200// 3201// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 3202// Name (ARN) for the organization. 3203// 3204// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 3205// 3206// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 3207// tag. You can’t add, edit, or delete system tag keys because they're 3208// reserved for AWS use. System tags don’t count against your tags per 3209// resource limit. 3210// 3211// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 3212// for the operation. 3213// 3214// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 3215// than allowed. 3216// 3217// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 3218// value than allowed. 3219// 3220// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 3221// than allowed. 3222// 3223// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 3224// value than allowed. 3225// 3226// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 3227// between entities in the same root. 3228// 3229// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 3230// target entity. 3231// 3232// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 3233// isn't recognized. 3234// 3235// * OrganizationalUnitNotEmptyException 3236// The specified OU is not empty. Move all accounts to another root or to other 3237// OUs, remove all child OUs, and try the operation again. 3238// 3239// * OrganizationalUnitNotFoundException 3240// We can't find an OU with the OrganizationalUnitId that you specified. 3241// 3242// * ServiceException 3243// AWS Organizations can't complete your request because of an internal service 3244// error. Try again later. 3245// 3246// * TooManyRequestsException 3247// You have sent too many requests in too short a period of time. The quota 3248// helps protect against denial-of-service attacks. Try again later. 3249// 3250// For information about quotas that affect AWS Organizations, see Quotas for 3251// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 3252// the AWS Organizations User Guide. 3253// 3254// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganizationalUnit 3255func (c *Organizations) DeleteOrganizationalUnit(input *DeleteOrganizationalUnitInput) (*DeleteOrganizationalUnitOutput, error) { 3256 req, out := c.DeleteOrganizationalUnitRequest(input) 3257 return out, req.Send() 3258} 3259 3260// DeleteOrganizationalUnitWithContext is the same as DeleteOrganizationalUnit with the addition of 3261// the ability to pass a context and additional request options. 3262// 3263// See DeleteOrganizationalUnit for details on how to use this API operation. 3264// 3265// The context must be non-nil and will be used for request cancellation. If 3266// the context is nil a panic will occur. In the future the SDK may create 3267// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3268// for more information on using Contexts. 3269func (c *Organizations) DeleteOrganizationalUnitWithContext(ctx aws.Context, input *DeleteOrganizationalUnitInput, opts ...request.Option) (*DeleteOrganizationalUnitOutput, error) { 3270 req, out := c.DeleteOrganizationalUnitRequest(input) 3271 req.SetContext(ctx) 3272 req.ApplyOptions(opts...) 3273 return out, req.Send() 3274} 3275 3276const opDeletePolicy = "DeletePolicy" 3277 3278// DeletePolicyRequest generates a "aws/request.Request" representing the 3279// client's request for the DeletePolicy operation. The "output" return 3280// value will be populated with the request's response once the request completes 3281// successfully. 3282// 3283// Use "Send" method on the returned Request to send the API call to the service. 3284// the "output" return value is not valid until after Send returns without error. 3285// 3286// See DeletePolicy for more information on using the DeletePolicy 3287// API call, and error handling. 3288// 3289// This method is useful when you want to inject custom logic or configuration 3290// into the SDK's request lifecycle. Such as custom headers, or retry logic. 3291// 3292// 3293// // Example sending a request using the DeletePolicyRequest method. 3294// req, resp := client.DeletePolicyRequest(params) 3295// 3296// err := req.Send() 3297// if err == nil { // resp is now filled 3298// fmt.Println(resp) 3299// } 3300// 3301// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeletePolicy 3302func (c *Organizations) DeletePolicyRequest(input *DeletePolicyInput) (req *request.Request, output *DeletePolicyOutput) { 3303 op := &request.Operation{ 3304 Name: opDeletePolicy, 3305 HTTPMethod: "POST", 3306 HTTPPath: "/", 3307 } 3308 3309 if input == nil { 3310 input = &DeletePolicyInput{} 3311 } 3312 3313 output = &DeletePolicyOutput{} 3314 req = c.newRequest(op, input, output) 3315 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 3316 return 3317} 3318 3319// DeletePolicy API operation for AWS Organizations. 3320// 3321// Deletes the specified policy from your organization. Before you perform this 3322// operation, you must first detach the policy from all organizational units 3323// (OUs), roots, and accounts. 3324// 3325// This operation can be called only from the organization's management account. 3326// 3327// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 3328// with awserr.Error's Code and Message methods to get detailed information about 3329// the error. 3330// 3331// See the AWS API reference guide for AWS Organizations's 3332// API operation DeletePolicy for usage and error information. 3333// 3334// Returned Error Types: 3335// * AccessDeniedException 3336// You don't have permissions to perform the requested operation. The user or 3337// role that is making the request must have at least one IAM permissions policy 3338// attached that grants the required permissions. For more information, see 3339// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 3340// in the IAM User Guide. 3341// 3342// * AWSOrganizationsNotInUseException 3343// Your account isn't a member of an organization. To make this request, you 3344// must use the credentials of an account that belongs to an organization. 3345// 3346// * ConcurrentModificationException 3347// The target of the operation is currently being modified by a different request. 3348// Try again later. 3349// 3350// * InvalidInputException 3351// The requested operation failed because you provided invalid values for one 3352// or more of the request parameters. This exception includes a reason that 3353// contains additional information about the violated limit: 3354// 3355// Some of the reasons in the following list might not be applicable to this 3356// specific API or operation. 3357// 3358// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 3359// the same entity. 3360// 3361// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 3362// can't be modified. 3363// 3364// * INPUT_REQUIRED: You must include a value for all required parameters. 3365// 3366// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 3367// for the invited account owner. 3368// 3369// * INVALID_ENUM: You specified an invalid value. 3370// 3371// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 3372// 3373// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 3374// characters. 3375// 3376// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 3377// at least one invalid value. 3378// 3379// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 3380// from the response to a previous call of the operation. 3381// 3382// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 3383// organization, or email) as a party. 3384// 3385// * INVALID_PATTERN: You provided a value that doesn't match the required 3386// pattern. 3387// 3388// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 3389// match the required pattern. 3390// 3391// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 3392// name can't begin with the reserved prefix AWSServiceRoleFor. 3393// 3394// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 3395// Name (ARN) for the organization. 3396// 3397// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 3398// 3399// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 3400// tag. You can’t add, edit, or delete system tag keys because they're 3401// reserved for AWS use. System tags don’t count against your tags per 3402// resource limit. 3403// 3404// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 3405// for the operation. 3406// 3407// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 3408// than allowed. 3409// 3410// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 3411// value than allowed. 3412// 3413// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 3414// than allowed. 3415// 3416// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 3417// value than allowed. 3418// 3419// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 3420// between entities in the same root. 3421// 3422// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 3423// target entity. 3424// 3425// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 3426// isn't recognized. 3427// 3428// * PolicyInUseException 3429// The policy is attached to one or more entities. You must detach it from all 3430// roots, OUs, and accounts before performing this operation. 3431// 3432// * PolicyNotFoundException 3433// We can't find a policy with the PolicyId that you specified. 3434// 3435// * ServiceException 3436// AWS Organizations can't complete your request because of an internal service 3437// error. Try again later. 3438// 3439// * TooManyRequestsException 3440// You have sent too many requests in too short a period of time. The quota 3441// helps protect against denial-of-service attacks. Try again later. 3442// 3443// For information about quotas that affect AWS Organizations, see Quotas for 3444// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 3445// the AWS Organizations User Guide. 3446// 3447// * UnsupportedAPIEndpointException 3448// This action isn't available in the current AWS Region. 3449// 3450// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeletePolicy 3451func (c *Organizations) DeletePolicy(input *DeletePolicyInput) (*DeletePolicyOutput, error) { 3452 req, out := c.DeletePolicyRequest(input) 3453 return out, req.Send() 3454} 3455 3456// DeletePolicyWithContext is the same as DeletePolicy with the addition of 3457// the ability to pass a context and additional request options. 3458// 3459// See DeletePolicy for details on how to use this API operation. 3460// 3461// The context must be non-nil and will be used for request cancellation. If 3462// the context is nil a panic will occur. In the future the SDK may create 3463// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3464// for more information on using Contexts. 3465func (c *Organizations) DeletePolicyWithContext(ctx aws.Context, input *DeletePolicyInput, opts ...request.Option) (*DeletePolicyOutput, error) { 3466 req, out := c.DeletePolicyRequest(input) 3467 req.SetContext(ctx) 3468 req.ApplyOptions(opts...) 3469 return out, req.Send() 3470} 3471 3472const opDeregisterDelegatedAdministrator = "DeregisterDelegatedAdministrator" 3473 3474// DeregisterDelegatedAdministratorRequest generates a "aws/request.Request" representing the 3475// client's request for the DeregisterDelegatedAdministrator operation. The "output" return 3476// value will be populated with the request's response once the request completes 3477// successfully. 3478// 3479// Use "Send" method on the returned Request to send the API call to the service. 3480// the "output" return value is not valid until after Send returns without error. 3481// 3482// See DeregisterDelegatedAdministrator for more information on using the DeregisterDelegatedAdministrator 3483// API call, and error handling. 3484// 3485// This method is useful when you want to inject custom logic or configuration 3486// into the SDK's request lifecycle. Such as custom headers, or retry logic. 3487// 3488// 3489// // Example sending a request using the DeregisterDelegatedAdministratorRequest method. 3490// req, resp := client.DeregisterDelegatedAdministratorRequest(params) 3491// 3492// err := req.Send() 3493// if err == nil { // resp is now filled 3494// fmt.Println(resp) 3495// } 3496// 3497// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeregisterDelegatedAdministrator 3498func (c *Organizations) DeregisterDelegatedAdministratorRequest(input *DeregisterDelegatedAdministratorInput) (req *request.Request, output *DeregisterDelegatedAdministratorOutput) { 3499 op := &request.Operation{ 3500 Name: opDeregisterDelegatedAdministrator, 3501 HTTPMethod: "POST", 3502 HTTPPath: "/", 3503 } 3504 3505 if input == nil { 3506 input = &DeregisterDelegatedAdministratorInput{} 3507 } 3508 3509 output = &DeregisterDelegatedAdministratorOutput{} 3510 req = c.newRequest(op, input, output) 3511 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 3512 return 3513} 3514 3515// DeregisterDelegatedAdministrator API operation for AWS Organizations. 3516// 3517// Removes the specified member AWS account as a delegated administrator for 3518// the specified AWS service. 3519// 3520// Deregistering a delegated administrator can have unintended impacts on the 3521// functionality of the enabled AWS service. See the documentation for the enabled 3522// service before you deregister a delegated administrator so that you understand 3523// any potential impacts. 3524// 3525// You can run this action only for AWS services that support this feature. 3526// For a current list of services that support it, see the column Supports Delegated 3527// Administrator in the table at AWS Services that you can use with AWS Organizations 3528// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html) 3529// in the AWS Organizations User Guide. 3530// 3531// This operation can be called only from the organization's management account. 3532// 3533// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 3534// with awserr.Error's Code and Message methods to get detailed information about 3535// the error. 3536// 3537// See the AWS API reference guide for AWS Organizations's 3538// API operation DeregisterDelegatedAdministrator for usage and error information. 3539// 3540// Returned Error Types: 3541// * AccessDeniedException 3542// You don't have permissions to perform the requested operation. The user or 3543// role that is making the request must have at least one IAM permissions policy 3544// attached that grants the required permissions. For more information, see 3545// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 3546// in the IAM User Guide. 3547// 3548// * AccountNotFoundException 3549// We can't find an AWS account with the AccountId that you specified, or the 3550// account whose credentials you used to make this request isn't a member of 3551// an organization. 3552// 3553// * AccountNotRegisteredException 3554// The specified account is not a delegated administrator for this AWS service. 3555// 3556// * AWSOrganizationsNotInUseException 3557// Your account isn't a member of an organization. To make this request, you 3558// must use the credentials of an account that belongs to an organization. 3559// 3560// * ConcurrentModificationException 3561// The target of the operation is currently being modified by a different request. 3562// Try again later. 3563// 3564// * ConstraintViolationException 3565// Performing this operation violates a minimum or maximum value limit. For 3566// example, attempting to remove the last service control policy (SCP) from 3567// an OU or root, inviting or creating too many accounts to the organization, 3568// or attaching too many policies to an account, OU, or root. This exception 3569// includes a reason that contains additional information about the violated 3570// limit: 3571// 3572// Some of the reasons in the following list might not be applicable to this 3573// specific API or operation. 3574// 3575// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 3576// account from the organization. You can't remove the management account. 3577// Instead, after you remove all member accounts, delete the organization 3578// itself. 3579// 3580// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 3581// from the organization that doesn't yet have enough information to exist 3582// as a standalone account. This account requires you to first agree to the 3583// AWS Customer Agreement. Follow the steps at Removing a member account 3584// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 3585// the AWS Organizations User Guide. 3586// 3587// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 3588// an account from the organization that doesn't yet have enough information 3589// to exist as a standalone account. This account requires you to first complete 3590// phone verification. Follow the steps at Removing a member account from 3591// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 3592// in the AWS Organizations User Guide. 3593// 3594// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 3595// of accounts that you can create in one day. 3596// 3597// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 3598// the number of accounts in an organization. If you need more accounts, 3599// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 3600// request an increase in your limit. Or the number of invitations that you 3601// tried to send would cause you to exceed the limit of accounts in your 3602// organization. Send fewer invitations or contact AWS Support to request 3603// an increase in the number of accounts. Deleted and closed accounts still 3604// count toward your limit. If you get this exception when running a command 3605// immediately after creating the organization, wait one hour and try again. 3606// After an hour, if the command continues to fail with this error, contact 3607// AWS Support (https://console.aws.amazon.com/support/home#/). 3608// 3609// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 3610// register the management account of the organization as a delegated administrator 3611// for an AWS service integrated with Organizations. You can designate only 3612// a member account as a delegated administrator. 3613// 3614// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 3615// an account that is registered as a delegated administrator for a service 3616// integrated with your organization. To complete this operation, you must 3617// first deregister this account as a delegated administrator. 3618// 3619// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 3620// organization in the specified region, you must enable all features mode. 3621// 3622// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 3623// an AWS account as a delegated administrator for an AWS service that already 3624// has a delegated administrator. To complete this operation, you must first 3625// deregister any existing delegated administrators for this service. 3626// 3627// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 3628// valid for a limited period of time. You must resubmit the request and 3629// generate a new verfication code. 3630// 3631// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 3632// handshakes that you can send in one day. 3633// 3634// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 3635// in this organization, you first must migrate the organization's management 3636// account to the marketplace that corresponds to the management account's 3637// address. For example, accounts with India addresses must be associated 3638// with the AISPL marketplace. All accounts in an organization must be associated 3639// with the same marketplace. 3640// 3641// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 3642// in China. To create an organization, the master must have a valid business 3643// license. For more information, contact customer support. 3644// 3645// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 3646// must first provide a valid contact address and phone number for the management 3647// account. Then try the operation again. 3648// 3649// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 3650// management account must have an associated account in the AWS GovCloud 3651// (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 3652// in the AWS GovCloud User Guide. 3653// 3654// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 3655// with this management account, you first must associate a valid payment 3656// instrument, such as a credit card, with the account. Follow the steps 3657// at To leave an organization when all required account information has 3658// not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 3659// in the AWS Organizations User Guide. 3660// 3661// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 3662// to register more delegated administrators than allowed for the service 3663// principal. 3664// 3665// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 3666// number of policies of a certain type that can be attached to an entity 3667// at one time. 3668// 3669// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 3670// on this resource. 3671// 3672// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 3673// with this member account, you first must associate a valid payment instrument, 3674// such as a credit card, with the account. Follow the steps at To leave 3675// an organization when all required account information has not yet been 3676// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 3677// in the AWS Organizations User Guide. 3678// 3679// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 3680// policy from an entity that would cause the entity to have fewer than the 3681// minimum number of policies of a certain type required. 3682// 3683// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 3684// that requires the organization to be configured to support all features. 3685// An organization that supports only consolidated billing features can't 3686// perform this operation. 3687// 3688// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 3689// too many levels deep. 3690// 3691// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 3692// that you can have in an organization. 3693// 3694// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 3695// is larger than the maximum size. 3696// 3697// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 3698// policies that you can have in an organization. 3699// 3700// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 3701// tags that are not compliant with the tag policy requirements for this 3702// account. 3703// 3704// * InvalidInputException 3705// The requested operation failed because you provided invalid values for one 3706// or more of the request parameters. This exception includes a reason that 3707// contains additional information about the violated limit: 3708// 3709// Some of the reasons in the following list might not be applicable to this 3710// specific API or operation. 3711// 3712// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 3713// the same entity. 3714// 3715// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 3716// can't be modified. 3717// 3718// * INPUT_REQUIRED: You must include a value for all required parameters. 3719// 3720// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 3721// for the invited account owner. 3722// 3723// * INVALID_ENUM: You specified an invalid value. 3724// 3725// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 3726// 3727// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 3728// characters. 3729// 3730// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 3731// at least one invalid value. 3732// 3733// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 3734// from the response to a previous call of the operation. 3735// 3736// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 3737// organization, or email) as a party. 3738// 3739// * INVALID_PATTERN: You provided a value that doesn't match the required 3740// pattern. 3741// 3742// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 3743// match the required pattern. 3744// 3745// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 3746// name can't begin with the reserved prefix AWSServiceRoleFor. 3747// 3748// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 3749// Name (ARN) for the organization. 3750// 3751// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 3752// 3753// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 3754// tag. You can’t add, edit, or delete system tag keys because they're 3755// reserved for AWS use. System tags don’t count against your tags per 3756// resource limit. 3757// 3758// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 3759// for the operation. 3760// 3761// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 3762// than allowed. 3763// 3764// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 3765// value than allowed. 3766// 3767// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 3768// than allowed. 3769// 3770// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 3771// value than allowed. 3772// 3773// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 3774// between entities in the same root. 3775// 3776// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 3777// target entity. 3778// 3779// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 3780// isn't recognized. 3781// 3782// * TooManyRequestsException 3783// You have sent too many requests in too short a period of time. The quota 3784// helps protect against denial-of-service attacks. Try again later. 3785// 3786// For information about quotas that affect AWS Organizations, see Quotas for 3787// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 3788// the AWS Organizations User Guide. 3789// 3790// * ServiceException 3791// AWS Organizations can't complete your request because of an internal service 3792// error. Try again later. 3793// 3794// * UnsupportedAPIEndpointException 3795// This action isn't available in the current AWS Region. 3796// 3797// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeregisterDelegatedAdministrator 3798func (c *Organizations) DeregisterDelegatedAdministrator(input *DeregisterDelegatedAdministratorInput) (*DeregisterDelegatedAdministratorOutput, error) { 3799 req, out := c.DeregisterDelegatedAdministratorRequest(input) 3800 return out, req.Send() 3801} 3802 3803// DeregisterDelegatedAdministratorWithContext is the same as DeregisterDelegatedAdministrator with the addition of 3804// the ability to pass a context and additional request options. 3805// 3806// See DeregisterDelegatedAdministrator for details on how to use this API operation. 3807// 3808// The context must be non-nil and will be used for request cancellation. If 3809// the context is nil a panic will occur. In the future the SDK may create 3810// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3811// for more information on using Contexts. 3812func (c *Organizations) DeregisterDelegatedAdministratorWithContext(ctx aws.Context, input *DeregisterDelegatedAdministratorInput, opts ...request.Option) (*DeregisterDelegatedAdministratorOutput, error) { 3813 req, out := c.DeregisterDelegatedAdministratorRequest(input) 3814 req.SetContext(ctx) 3815 req.ApplyOptions(opts...) 3816 return out, req.Send() 3817} 3818 3819const opDescribeAccount = "DescribeAccount" 3820 3821// DescribeAccountRequest generates a "aws/request.Request" representing the 3822// client's request for the DescribeAccount operation. The "output" return 3823// value will be populated with the request's response once the request completes 3824// successfully. 3825// 3826// Use "Send" method on the returned Request to send the API call to the service. 3827// the "output" return value is not valid until after Send returns without error. 3828// 3829// See DescribeAccount for more information on using the DescribeAccount 3830// API call, and error handling. 3831// 3832// This method is useful when you want to inject custom logic or configuration 3833// into the SDK's request lifecycle. Such as custom headers, or retry logic. 3834// 3835// 3836// // Example sending a request using the DescribeAccountRequest method. 3837// req, resp := client.DescribeAccountRequest(params) 3838// 3839// err := req.Send() 3840// if err == nil { // resp is now filled 3841// fmt.Println(resp) 3842// } 3843// 3844// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeAccount 3845func (c *Organizations) DescribeAccountRequest(input *DescribeAccountInput) (req *request.Request, output *DescribeAccountOutput) { 3846 op := &request.Operation{ 3847 Name: opDescribeAccount, 3848 HTTPMethod: "POST", 3849 HTTPPath: "/", 3850 } 3851 3852 if input == nil { 3853 input = &DescribeAccountInput{} 3854 } 3855 3856 output = &DescribeAccountOutput{} 3857 req = c.newRequest(op, input, output) 3858 return 3859} 3860 3861// DescribeAccount API operation for AWS Organizations. 3862// 3863// Retrieves AWS Organizations-related information about the specified account. 3864// 3865// This operation can be called only from the organization's management account 3866// or by a member account that is a delegated administrator for an AWS service. 3867// 3868// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 3869// with awserr.Error's Code and Message methods to get detailed information about 3870// the error. 3871// 3872// See the AWS API reference guide for AWS Organizations's 3873// API operation DescribeAccount for usage and error information. 3874// 3875// Returned Error Types: 3876// * AccessDeniedException 3877// You don't have permissions to perform the requested operation. The user or 3878// role that is making the request must have at least one IAM permissions policy 3879// attached that grants the required permissions. For more information, see 3880// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 3881// in the IAM User Guide. 3882// 3883// * AccountNotFoundException 3884// We can't find an AWS account with the AccountId that you specified, or the 3885// account whose credentials you used to make this request isn't a member of 3886// an organization. 3887// 3888// * AWSOrganizationsNotInUseException 3889// Your account isn't a member of an organization. To make this request, you 3890// must use the credentials of an account that belongs to an organization. 3891// 3892// * InvalidInputException 3893// The requested operation failed because you provided invalid values for one 3894// or more of the request parameters. This exception includes a reason that 3895// contains additional information about the violated limit: 3896// 3897// Some of the reasons in the following list might not be applicable to this 3898// specific API or operation. 3899// 3900// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 3901// the same entity. 3902// 3903// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 3904// can't be modified. 3905// 3906// * INPUT_REQUIRED: You must include a value for all required parameters. 3907// 3908// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 3909// for the invited account owner. 3910// 3911// * INVALID_ENUM: You specified an invalid value. 3912// 3913// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 3914// 3915// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 3916// characters. 3917// 3918// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 3919// at least one invalid value. 3920// 3921// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 3922// from the response to a previous call of the operation. 3923// 3924// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 3925// organization, or email) as a party. 3926// 3927// * INVALID_PATTERN: You provided a value that doesn't match the required 3928// pattern. 3929// 3930// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 3931// match the required pattern. 3932// 3933// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 3934// name can't begin with the reserved prefix AWSServiceRoleFor. 3935// 3936// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 3937// Name (ARN) for the organization. 3938// 3939// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 3940// 3941// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 3942// tag. You can’t add, edit, or delete system tag keys because they're 3943// reserved for AWS use. System tags don’t count against your tags per 3944// resource limit. 3945// 3946// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 3947// for the operation. 3948// 3949// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 3950// than allowed. 3951// 3952// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 3953// value than allowed. 3954// 3955// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 3956// than allowed. 3957// 3958// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 3959// value than allowed. 3960// 3961// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 3962// between entities in the same root. 3963// 3964// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 3965// target entity. 3966// 3967// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 3968// isn't recognized. 3969// 3970// * ServiceException 3971// AWS Organizations can't complete your request because of an internal service 3972// error. Try again later. 3973// 3974// * TooManyRequestsException 3975// You have sent too many requests in too short a period of time. The quota 3976// helps protect against denial-of-service attacks. Try again later. 3977// 3978// For information about quotas that affect AWS Organizations, see Quotas for 3979// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 3980// the AWS Organizations User Guide. 3981// 3982// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeAccount 3983func (c *Organizations) DescribeAccount(input *DescribeAccountInput) (*DescribeAccountOutput, error) { 3984 req, out := c.DescribeAccountRequest(input) 3985 return out, req.Send() 3986} 3987 3988// DescribeAccountWithContext is the same as DescribeAccount with the addition of 3989// the ability to pass a context and additional request options. 3990// 3991// See DescribeAccount for details on how to use this API operation. 3992// 3993// The context must be non-nil and will be used for request cancellation. If 3994// the context is nil a panic will occur. In the future the SDK may create 3995// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3996// for more information on using Contexts. 3997func (c *Organizations) DescribeAccountWithContext(ctx aws.Context, input *DescribeAccountInput, opts ...request.Option) (*DescribeAccountOutput, error) { 3998 req, out := c.DescribeAccountRequest(input) 3999 req.SetContext(ctx) 4000 req.ApplyOptions(opts...) 4001 return out, req.Send() 4002} 4003 4004const opDescribeCreateAccountStatus = "DescribeCreateAccountStatus" 4005 4006// DescribeCreateAccountStatusRequest generates a "aws/request.Request" representing the 4007// client's request for the DescribeCreateAccountStatus operation. The "output" return 4008// value will be populated with the request's response once the request completes 4009// successfully. 4010// 4011// Use "Send" method on the returned Request to send the API call to the service. 4012// the "output" return value is not valid until after Send returns without error. 4013// 4014// See DescribeCreateAccountStatus for more information on using the DescribeCreateAccountStatus 4015// API call, and error handling. 4016// 4017// This method is useful when you want to inject custom logic or configuration 4018// into the SDK's request lifecycle. Such as custom headers, or retry logic. 4019// 4020// 4021// // Example sending a request using the DescribeCreateAccountStatusRequest method. 4022// req, resp := client.DescribeCreateAccountStatusRequest(params) 4023// 4024// err := req.Send() 4025// if err == nil { // resp is now filled 4026// fmt.Println(resp) 4027// } 4028// 4029// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus 4030func (c *Organizations) DescribeCreateAccountStatusRequest(input *DescribeCreateAccountStatusInput) (req *request.Request, output *DescribeCreateAccountStatusOutput) { 4031 op := &request.Operation{ 4032 Name: opDescribeCreateAccountStatus, 4033 HTTPMethod: "POST", 4034 HTTPPath: "/", 4035 } 4036 4037 if input == nil { 4038 input = &DescribeCreateAccountStatusInput{} 4039 } 4040 4041 output = &DescribeCreateAccountStatusOutput{} 4042 req = c.newRequest(op, input, output) 4043 return 4044} 4045 4046// DescribeCreateAccountStatus API operation for AWS Organizations. 4047// 4048// Retrieves the current status of an asynchronous request to create an account. 4049// 4050// This operation can be called only from the organization's management account 4051// or by a member account that is a delegated administrator for an AWS service. 4052// 4053// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4054// with awserr.Error's Code and Message methods to get detailed information about 4055// the error. 4056// 4057// See the AWS API reference guide for AWS Organizations's 4058// API operation DescribeCreateAccountStatus for usage and error information. 4059// 4060// Returned Error Types: 4061// * AccessDeniedException 4062// You don't have permissions to perform the requested operation. The user or 4063// role that is making the request must have at least one IAM permissions policy 4064// attached that grants the required permissions. For more information, see 4065// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 4066// in the IAM User Guide. 4067// 4068// * AWSOrganizationsNotInUseException 4069// Your account isn't a member of an organization. To make this request, you 4070// must use the credentials of an account that belongs to an organization. 4071// 4072// * CreateAccountStatusNotFoundException 4073// We can't find an create account request with the CreateAccountRequestId that 4074// you specified. 4075// 4076// * InvalidInputException 4077// The requested operation failed because you provided invalid values for one 4078// or more of the request parameters. This exception includes a reason that 4079// contains additional information about the violated limit: 4080// 4081// Some of the reasons in the following list might not be applicable to this 4082// specific API or operation. 4083// 4084// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 4085// the same entity. 4086// 4087// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 4088// can't be modified. 4089// 4090// * INPUT_REQUIRED: You must include a value for all required parameters. 4091// 4092// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 4093// for the invited account owner. 4094// 4095// * INVALID_ENUM: You specified an invalid value. 4096// 4097// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 4098// 4099// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 4100// characters. 4101// 4102// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 4103// at least one invalid value. 4104// 4105// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 4106// from the response to a previous call of the operation. 4107// 4108// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 4109// organization, or email) as a party. 4110// 4111// * INVALID_PATTERN: You provided a value that doesn't match the required 4112// pattern. 4113// 4114// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 4115// match the required pattern. 4116// 4117// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 4118// name can't begin with the reserved prefix AWSServiceRoleFor. 4119// 4120// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 4121// Name (ARN) for the organization. 4122// 4123// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 4124// 4125// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 4126// tag. You can’t add, edit, or delete system tag keys because they're 4127// reserved for AWS use. System tags don’t count against your tags per 4128// resource limit. 4129// 4130// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 4131// for the operation. 4132// 4133// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 4134// than allowed. 4135// 4136// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 4137// value than allowed. 4138// 4139// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 4140// than allowed. 4141// 4142// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 4143// value than allowed. 4144// 4145// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 4146// between entities in the same root. 4147// 4148// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 4149// target entity. 4150// 4151// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 4152// isn't recognized. 4153// 4154// * ServiceException 4155// AWS Organizations can't complete your request because of an internal service 4156// error. Try again later. 4157// 4158// * TooManyRequestsException 4159// You have sent too many requests in too short a period of time. The quota 4160// helps protect against denial-of-service attacks. Try again later. 4161// 4162// For information about quotas that affect AWS Organizations, see Quotas for 4163// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 4164// the AWS Organizations User Guide. 4165// 4166// * UnsupportedAPIEndpointException 4167// This action isn't available in the current AWS Region. 4168// 4169// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus 4170func (c *Organizations) DescribeCreateAccountStatus(input *DescribeCreateAccountStatusInput) (*DescribeCreateAccountStatusOutput, error) { 4171 req, out := c.DescribeCreateAccountStatusRequest(input) 4172 return out, req.Send() 4173} 4174 4175// DescribeCreateAccountStatusWithContext is the same as DescribeCreateAccountStatus with the addition of 4176// the ability to pass a context and additional request options. 4177// 4178// See DescribeCreateAccountStatus for details on how to use this API operation. 4179// 4180// The context must be non-nil and will be used for request cancellation. If 4181// the context is nil a panic will occur. In the future the SDK may create 4182// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 4183// for more information on using Contexts. 4184func (c *Organizations) DescribeCreateAccountStatusWithContext(ctx aws.Context, input *DescribeCreateAccountStatusInput, opts ...request.Option) (*DescribeCreateAccountStatusOutput, error) { 4185 req, out := c.DescribeCreateAccountStatusRequest(input) 4186 req.SetContext(ctx) 4187 req.ApplyOptions(opts...) 4188 return out, req.Send() 4189} 4190 4191const opDescribeEffectivePolicy = "DescribeEffectivePolicy" 4192 4193// DescribeEffectivePolicyRequest generates a "aws/request.Request" representing the 4194// client's request for the DescribeEffectivePolicy operation. The "output" return 4195// value will be populated with the request's response once the request completes 4196// successfully. 4197// 4198// Use "Send" method on the returned Request to send the API call to the service. 4199// the "output" return value is not valid until after Send returns without error. 4200// 4201// See DescribeEffectivePolicy for more information on using the DescribeEffectivePolicy 4202// API call, and error handling. 4203// 4204// This method is useful when you want to inject custom logic or configuration 4205// into the SDK's request lifecycle. Such as custom headers, or retry logic. 4206// 4207// 4208// // Example sending a request using the DescribeEffectivePolicyRequest method. 4209// req, resp := client.DescribeEffectivePolicyRequest(params) 4210// 4211// err := req.Send() 4212// if err == nil { // resp is now filled 4213// fmt.Println(resp) 4214// } 4215// 4216// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeEffectivePolicy 4217func (c *Organizations) DescribeEffectivePolicyRequest(input *DescribeEffectivePolicyInput) (req *request.Request, output *DescribeEffectivePolicyOutput) { 4218 op := &request.Operation{ 4219 Name: opDescribeEffectivePolicy, 4220 HTTPMethod: "POST", 4221 HTTPPath: "/", 4222 } 4223 4224 if input == nil { 4225 input = &DescribeEffectivePolicyInput{} 4226 } 4227 4228 output = &DescribeEffectivePolicyOutput{} 4229 req = c.newRequest(op, input, output) 4230 return 4231} 4232 4233// DescribeEffectivePolicy API operation for AWS Organizations. 4234// 4235// Returns the contents of the effective policy for specified policy type and 4236// account. The effective policy is the aggregation of any policies of the specified 4237// type that the account inherits, plus any policy of that type that is directly 4238// attached to the account. 4239// 4240// This operation applies only to policy types other than service control policies 4241// (SCPs). 4242// 4243// For more information about policy inheritance, see How Policy Inheritance 4244// Works (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies-inheritance.html) 4245// in the AWS Organizations User Guide. 4246// 4247// This operation can be called only from the organization's management account 4248// or by a member account that is a delegated administrator for an AWS service. 4249// 4250// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4251// with awserr.Error's Code and Message methods to get detailed information about 4252// the error. 4253// 4254// See the AWS API reference guide for AWS Organizations's 4255// API operation DescribeEffectivePolicy for usage and error information. 4256// 4257// Returned Error Types: 4258// * AccessDeniedException 4259// You don't have permissions to perform the requested operation. The user or 4260// role that is making the request must have at least one IAM permissions policy 4261// attached that grants the required permissions. For more information, see 4262// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 4263// in the IAM User Guide. 4264// 4265// * AWSOrganizationsNotInUseException 4266// Your account isn't a member of an organization. To make this request, you 4267// must use the credentials of an account that belongs to an organization. 4268// 4269// * ConstraintViolationException 4270// Performing this operation violates a minimum or maximum value limit. For 4271// example, attempting to remove the last service control policy (SCP) from 4272// an OU or root, inviting or creating too many accounts to the organization, 4273// or attaching too many policies to an account, OU, or root. This exception 4274// includes a reason that contains additional information about the violated 4275// limit: 4276// 4277// Some of the reasons in the following list might not be applicable to this 4278// specific API or operation. 4279// 4280// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 4281// account from the organization. You can't remove the management account. 4282// Instead, after you remove all member accounts, delete the organization 4283// itself. 4284// 4285// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 4286// from the organization that doesn't yet have enough information to exist 4287// as a standalone account. This account requires you to first agree to the 4288// AWS Customer Agreement. Follow the steps at Removing a member account 4289// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 4290// the AWS Organizations User Guide. 4291// 4292// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 4293// an account from the organization that doesn't yet have enough information 4294// to exist as a standalone account. This account requires you to first complete 4295// phone verification. Follow the steps at Removing a member account from 4296// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 4297// in the AWS Organizations User Guide. 4298// 4299// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 4300// of accounts that you can create in one day. 4301// 4302// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 4303// the number of accounts in an organization. If you need more accounts, 4304// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 4305// request an increase in your limit. Or the number of invitations that you 4306// tried to send would cause you to exceed the limit of accounts in your 4307// organization. Send fewer invitations or contact AWS Support to request 4308// an increase in the number of accounts. Deleted and closed accounts still 4309// count toward your limit. If you get this exception when running a command 4310// immediately after creating the organization, wait one hour and try again. 4311// After an hour, if the command continues to fail with this error, contact 4312// AWS Support (https://console.aws.amazon.com/support/home#/). 4313// 4314// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 4315// register the management account of the organization as a delegated administrator 4316// for an AWS service integrated with Organizations. You can designate only 4317// a member account as a delegated administrator. 4318// 4319// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 4320// an account that is registered as a delegated administrator for a service 4321// integrated with your organization. To complete this operation, you must 4322// first deregister this account as a delegated administrator. 4323// 4324// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 4325// organization in the specified region, you must enable all features mode. 4326// 4327// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 4328// an AWS account as a delegated administrator for an AWS service that already 4329// has a delegated administrator. To complete this operation, you must first 4330// deregister any existing delegated administrators for this service. 4331// 4332// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 4333// valid for a limited period of time. You must resubmit the request and 4334// generate a new verfication code. 4335// 4336// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 4337// handshakes that you can send in one day. 4338// 4339// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 4340// in this organization, you first must migrate the organization's management 4341// account to the marketplace that corresponds to the management account's 4342// address. For example, accounts with India addresses must be associated 4343// with the AISPL marketplace. All accounts in an organization must be associated 4344// with the same marketplace. 4345// 4346// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 4347// in China. To create an organization, the master must have a valid business 4348// license. For more information, contact customer support. 4349// 4350// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 4351// must first provide a valid contact address and phone number for the management 4352// account. Then try the operation again. 4353// 4354// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 4355// management account must have an associated account in the AWS GovCloud 4356// (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 4357// in the AWS GovCloud User Guide. 4358// 4359// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 4360// with this management account, you first must associate a valid payment 4361// instrument, such as a credit card, with the account. Follow the steps 4362// at To leave an organization when all required account information has 4363// not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 4364// in the AWS Organizations User Guide. 4365// 4366// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 4367// to register more delegated administrators than allowed for the service 4368// principal. 4369// 4370// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 4371// number of policies of a certain type that can be attached to an entity 4372// at one time. 4373// 4374// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 4375// on this resource. 4376// 4377// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 4378// with this member account, you first must associate a valid payment instrument, 4379// such as a credit card, with the account. Follow the steps at To leave 4380// an organization when all required account information has not yet been 4381// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 4382// in the AWS Organizations User Guide. 4383// 4384// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 4385// policy from an entity that would cause the entity to have fewer than the 4386// minimum number of policies of a certain type required. 4387// 4388// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 4389// that requires the organization to be configured to support all features. 4390// An organization that supports only consolidated billing features can't 4391// perform this operation. 4392// 4393// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 4394// too many levels deep. 4395// 4396// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 4397// that you can have in an organization. 4398// 4399// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 4400// is larger than the maximum size. 4401// 4402// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 4403// policies that you can have in an organization. 4404// 4405// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 4406// tags that are not compliant with the tag policy requirements for this 4407// account. 4408// 4409// * ServiceException 4410// AWS Organizations can't complete your request because of an internal service 4411// error. Try again later. 4412// 4413// * TooManyRequestsException 4414// You have sent too many requests in too short a period of time. The quota 4415// helps protect against denial-of-service attacks. Try again later. 4416// 4417// For information about quotas that affect AWS Organizations, see Quotas for 4418// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 4419// the AWS Organizations User Guide. 4420// 4421// * TargetNotFoundException 4422// We can't find a root, OU, account, or policy with the TargetId that you specified. 4423// 4424// * EffectivePolicyNotFoundException 4425// If you ran this action on the management account, this policy type is not 4426// enabled. If you ran the action on a member account, the account doesn't have 4427// an effective policy of this type. Contact the administrator of your organization 4428// about attaching a policy of this type to the account. 4429// 4430// * InvalidInputException 4431// The requested operation failed because you provided invalid values for one 4432// or more of the request parameters. This exception includes a reason that 4433// contains additional information about the violated limit: 4434// 4435// Some of the reasons in the following list might not be applicable to this 4436// specific API or operation. 4437// 4438// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 4439// the same entity. 4440// 4441// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 4442// can't be modified. 4443// 4444// * INPUT_REQUIRED: You must include a value for all required parameters. 4445// 4446// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 4447// for the invited account owner. 4448// 4449// * INVALID_ENUM: You specified an invalid value. 4450// 4451// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 4452// 4453// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 4454// characters. 4455// 4456// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 4457// at least one invalid value. 4458// 4459// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 4460// from the response to a previous call of the operation. 4461// 4462// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 4463// organization, or email) as a party. 4464// 4465// * INVALID_PATTERN: You provided a value that doesn't match the required 4466// pattern. 4467// 4468// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 4469// match the required pattern. 4470// 4471// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 4472// name can't begin with the reserved prefix AWSServiceRoleFor. 4473// 4474// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 4475// Name (ARN) for the organization. 4476// 4477// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 4478// 4479// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 4480// tag. You can’t add, edit, or delete system tag keys because they're 4481// reserved for AWS use. System tags don’t count against your tags per 4482// resource limit. 4483// 4484// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 4485// for the operation. 4486// 4487// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 4488// than allowed. 4489// 4490// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 4491// value than allowed. 4492// 4493// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 4494// than allowed. 4495// 4496// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 4497// value than allowed. 4498// 4499// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 4500// between entities in the same root. 4501// 4502// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 4503// target entity. 4504// 4505// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 4506// isn't recognized. 4507// 4508// * UnsupportedAPIEndpointException 4509// This action isn't available in the current AWS Region. 4510// 4511// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeEffectivePolicy 4512func (c *Organizations) DescribeEffectivePolicy(input *DescribeEffectivePolicyInput) (*DescribeEffectivePolicyOutput, error) { 4513 req, out := c.DescribeEffectivePolicyRequest(input) 4514 return out, req.Send() 4515} 4516 4517// DescribeEffectivePolicyWithContext is the same as DescribeEffectivePolicy with the addition of 4518// the ability to pass a context and additional request options. 4519// 4520// See DescribeEffectivePolicy for details on how to use this API operation. 4521// 4522// The context must be non-nil and will be used for request cancellation. If 4523// the context is nil a panic will occur. In the future the SDK may create 4524// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 4525// for more information on using Contexts. 4526func (c *Organizations) DescribeEffectivePolicyWithContext(ctx aws.Context, input *DescribeEffectivePolicyInput, opts ...request.Option) (*DescribeEffectivePolicyOutput, error) { 4527 req, out := c.DescribeEffectivePolicyRequest(input) 4528 req.SetContext(ctx) 4529 req.ApplyOptions(opts...) 4530 return out, req.Send() 4531} 4532 4533const opDescribeHandshake = "DescribeHandshake" 4534 4535// DescribeHandshakeRequest generates a "aws/request.Request" representing the 4536// client's request for the DescribeHandshake operation. The "output" return 4537// value will be populated with the request's response once the request completes 4538// successfully. 4539// 4540// Use "Send" method on the returned Request to send the API call to the service. 4541// the "output" return value is not valid until after Send returns without error. 4542// 4543// See DescribeHandshake for more information on using the DescribeHandshake 4544// API call, and error handling. 4545// 4546// This method is useful when you want to inject custom logic or configuration 4547// into the SDK's request lifecycle. Such as custom headers, or retry logic. 4548// 4549// 4550// // Example sending a request using the DescribeHandshakeRequest method. 4551// req, resp := client.DescribeHandshakeRequest(params) 4552// 4553// err := req.Send() 4554// if err == nil { // resp is now filled 4555// fmt.Println(resp) 4556// } 4557// 4558// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeHandshake 4559func (c *Organizations) DescribeHandshakeRequest(input *DescribeHandshakeInput) (req *request.Request, output *DescribeHandshakeOutput) { 4560 op := &request.Operation{ 4561 Name: opDescribeHandshake, 4562 HTTPMethod: "POST", 4563 HTTPPath: "/", 4564 } 4565 4566 if input == nil { 4567 input = &DescribeHandshakeInput{} 4568 } 4569 4570 output = &DescribeHandshakeOutput{} 4571 req = c.newRequest(op, input, output) 4572 return 4573} 4574 4575// DescribeHandshake API operation for AWS Organizations. 4576// 4577// Retrieves information about a previously requested handshake. The handshake 4578// ID comes from the response to the original InviteAccountToOrganization operation 4579// that generated the handshake. 4580// 4581// You can access handshakes that are ACCEPTED, DECLINED, or CANCELED for only 4582// 30 days after they change to that state. They're then deleted and no longer 4583// accessible. 4584// 4585// This operation can be called from any account in the organization. 4586// 4587// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4588// with awserr.Error's Code and Message methods to get detailed information about 4589// the error. 4590// 4591// See the AWS API reference guide for AWS Organizations's 4592// API operation DescribeHandshake for usage and error information. 4593// 4594// Returned Error Types: 4595// * AccessDeniedException 4596// You don't have permissions to perform the requested operation. The user or 4597// role that is making the request must have at least one IAM permissions policy 4598// attached that grants the required permissions. For more information, see 4599// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 4600// in the IAM User Guide. 4601// 4602// * ConcurrentModificationException 4603// The target of the operation is currently being modified by a different request. 4604// Try again later. 4605// 4606// * HandshakeNotFoundException 4607// We can't find a handshake with the HandshakeId that you specified. 4608// 4609// * InvalidInputException 4610// The requested operation failed because you provided invalid values for one 4611// or more of the request parameters. This exception includes a reason that 4612// contains additional information about the violated limit: 4613// 4614// Some of the reasons in the following list might not be applicable to this 4615// specific API or operation. 4616// 4617// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 4618// the same entity. 4619// 4620// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 4621// can't be modified. 4622// 4623// * INPUT_REQUIRED: You must include a value for all required parameters. 4624// 4625// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 4626// for the invited account owner. 4627// 4628// * INVALID_ENUM: You specified an invalid value. 4629// 4630// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 4631// 4632// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 4633// characters. 4634// 4635// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 4636// at least one invalid value. 4637// 4638// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 4639// from the response to a previous call of the operation. 4640// 4641// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 4642// organization, or email) as a party. 4643// 4644// * INVALID_PATTERN: You provided a value that doesn't match the required 4645// pattern. 4646// 4647// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 4648// match the required pattern. 4649// 4650// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 4651// name can't begin with the reserved prefix AWSServiceRoleFor. 4652// 4653// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 4654// Name (ARN) for the organization. 4655// 4656// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 4657// 4658// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 4659// tag. You can’t add, edit, or delete system tag keys because they're 4660// reserved for AWS use. System tags don’t count against your tags per 4661// resource limit. 4662// 4663// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 4664// for the operation. 4665// 4666// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 4667// than allowed. 4668// 4669// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 4670// value than allowed. 4671// 4672// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 4673// than allowed. 4674// 4675// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 4676// value than allowed. 4677// 4678// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 4679// between entities in the same root. 4680// 4681// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 4682// target entity. 4683// 4684// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 4685// isn't recognized. 4686// 4687// * ServiceException 4688// AWS Organizations can't complete your request because of an internal service 4689// error. Try again later. 4690// 4691// * TooManyRequestsException 4692// You have sent too many requests in too short a period of time. The quota 4693// helps protect against denial-of-service attacks. Try again later. 4694// 4695// For information about quotas that affect AWS Organizations, see Quotas for 4696// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 4697// the AWS Organizations User Guide. 4698// 4699// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeHandshake 4700func (c *Organizations) DescribeHandshake(input *DescribeHandshakeInput) (*DescribeHandshakeOutput, error) { 4701 req, out := c.DescribeHandshakeRequest(input) 4702 return out, req.Send() 4703} 4704 4705// DescribeHandshakeWithContext is the same as DescribeHandshake with the addition of 4706// the ability to pass a context and additional request options. 4707// 4708// See DescribeHandshake for details on how to use this API operation. 4709// 4710// The context must be non-nil and will be used for request cancellation. If 4711// the context is nil a panic will occur. In the future the SDK may create 4712// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 4713// for more information on using Contexts. 4714func (c *Organizations) DescribeHandshakeWithContext(ctx aws.Context, input *DescribeHandshakeInput, opts ...request.Option) (*DescribeHandshakeOutput, error) { 4715 req, out := c.DescribeHandshakeRequest(input) 4716 req.SetContext(ctx) 4717 req.ApplyOptions(opts...) 4718 return out, req.Send() 4719} 4720 4721const opDescribeOrganization = "DescribeOrganization" 4722 4723// DescribeOrganizationRequest generates a "aws/request.Request" representing the 4724// client's request for the DescribeOrganization operation. The "output" return 4725// value will be populated with the request's response once the request completes 4726// successfully. 4727// 4728// Use "Send" method on the returned Request to send the API call to the service. 4729// the "output" return value is not valid until after Send returns without error. 4730// 4731// See DescribeOrganization for more information on using the DescribeOrganization 4732// API call, and error handling. 4733// 4734// This method is useful when you want to inject custom logic or configuration 4735// into the SDK's request lifecycle. Such as custom headers, or retry logic. 4736// 4737// 4738// // Example sending a request using the DescribeOrganizationRequest method. 4739// req, resp := client.DescribeOrganizationRequest(params) 4740// 4741// err := req.Send() 4742// if err == nil { // resp is now filled 4743// fmt.Println(resp) 4744// } 4745// 4746// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganization 4747func (c *Organizations) DescribeOrganizationRequest(input *DescribeOrganizationInput) (req *request.Request, output *DescribeOrganizationOutput) { 4748 op := &request.Operation{ 4749 Name: opDescribeOrganization, 4750 HTTPMethod: "POST", 4751 HTTPPath: "/", 4752 } 4753 4754 if input == nil { 4755 input = &DescribeOrganizationInput{} 4756 } 4757 4758 output = &DescribeOrganizationOutput{} 4759 req = c.newRequest(op, input, output) 4760 return 4761} 4762 4763// DescribeOrganization API operation for AWS Organizations. 4764// 4765// Retrieves information about the organization that the user's account belongs 4766// to. 4767// 4768// This operation can be called from any account in the organization. 4769// 4770// Even if a policy type is shown as available in the organization, you can 4771// disable it separately at the root level with DisablePolicyType. Use ListRoots 4772// to see the status of policy types for a specified root. 4773// 4774// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4775// with awserr.Error's Code and Message methods to get detailed information about 4776// the error. 4777// 4778// See the AWS API reference guide for AWS Organizations's 4779// API operation DescribeOrganization for usage and error information. 4780// 4781// Returned Error Types: 4782// * AccessDeniedException 4783// You don't have permissions to perform the requested operation. The user or 4784// role that is making the request must have at least one IAM permissions policy 4785// attached that grants the required permissions. For more information, see 4786// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 4787// in the IAM User Guide. 4788// 4789// * AWSOrganizationsNotInUseException 4790// Your account isn't a member of an organization. To make this request, you 4791// must use the credentials of an account that belongs to an organization. 4792// 4793// * ConcurrentModificationException 4794// The target of the operation is currently being modified by a different request. 4795// Try again later. 4796// 4797// * ServiceException 4798// AWS Organizations can't complete your request because of an internal service 4799// error. Try again later. 4800// 4801// * TooManyRequestsException 4802// You have sent too many requests in too short a period of time. The quota 4803// helps protect against denial-of-service attacks. Try again later. 4804// 4805// For information about quotas that affect AWS Organizations, see Quotas for 4806// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 4807// the AWS Organizations User Guide. 4808// 4809// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganization 4810func (c *Organizations) DescribeOrganization(input *DescribeOrganizationInput) (*DescribeOrganizationOutput, error) { 4811 req, out := c.DescribeOrganizationRequest(input) 4812 return out, req.Send() 4813} 4814 4815// DescribeOrganizationWithContext is the same as DescribeOrganization with the addition of 4816// the ability to pass a context and additional request options. 4817// 4818// See DescribeOrganization for details on how to use this API operation. 4819// 4820// The context must be non-nil and will be used for request cancellation. If 4821// the context is nil a panic will occur. In the future the SDK may create 4822// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 4823// for more information on using Contexts. 4824func (c *Organizations) DescribeOrganizationWithContext(ctx aws.Context, input *DescribeOrganizationInput, opts ...request.Option) (*DescribeOrganizationOutput, error) { 4825 req, out := c.DescribeOrganizationRequest(input) 4826 req.SetContext(ctx) 4827 req.ApplyOptions(opts...) 4828 return out, req.Send() 4829} 4830 4831const opDescribeOrganizationalUnit = "DescribeOrganizationalUnit" 4832 4833// DescribeOrganizationalUnitRequest generates a "aws/request.Request" representing the 4834// client's request for the DescribeOrganizationalUnit operation. The "output" return 4835// value will be populated with the request's response once the request completes 4836// successfully. 4837// 4838// Use "Send" method on the returned Request to send the API call to the service. 4839// the "output" return value is not valid until after Send returns without error. 4840// 4841// See DescribeOrganizationalUnit for more information on using the DescribeOrganizationalUnit 4842// API call, and error handling. 4843// 4844// This method is useful when you want to inject custom logic or configuration 4845// into the SDK's request lifecycle. Such as custom headers, or retry logic. 4846// 4847// 4848// // Example sending a request using the DescribeOrganizationalUnitRequest method. 4849// req, resp := client.DescribeOrganizationalUnitRequest(params) 4850// 4851// err := req.Send() 4852// if err == nil { // resp is now filled 4853// fmt.Println(resp) 4854// } 4855// 4856// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationalUnit 4857func (c *Organizations) DescribeOrganizationalUnitRequest(input *DescribeOrganizationalUnitInput) (req *request.Request, output *DescribeOrganizationalUnitOutput) { 4858 op := &request.Operation{ 4859 Name: opDescribeOrganizationalUnit, 4860 HTTPMethod: "POST", 4861 HTTPPath: "/", 4862 } 4863 4864 if input == nil { 4865 input = &DescribeOrganizationalUnitInput{} 4866 } 4867 4868 output = &DescribeOrganizationalUnitOutput{} 4869 req = c.newRequest(op, input, output) 4870 return 4871} 4872 4873// DescribeOrganizationalUnit API operation for AWS Organizations. 4874// 4875// Retrieves information about an organizational unit (OU). 4876// 4877// This operation can be called only from the organization's management account 4878// or by a member account that is a delegated administrator for an AWS service. 4879// 4880// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4881// with awserr.Error's Code and Message methods to get detailed information about 4882// the error. 4883// 4884// See the AWS API reference guide for AWS Organizations's 4885// API operation DescribeOrganizationalUnit for usage and error information. 4886// 4887// Returned Error Types: 4888// * AccessDeniedException 4889// You don't have permissions to perform the requested operation. The user or 4890// role that is making the request must have at least one IAM permissions policy 4891// attached that grants the required permissions. For more information, see 4892// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 4893// in the IAM User Guide. 4894// 4895// * AWSOrganizationsNotInUseException 4896// Your account isn't a member of an organization. To make this request, you 4897// must use the credentials of an account that belongs to an organization. 4898// 4899// * InvalidInputException 4900// The requested operation failed because you provided invalid values for one 4901// or more of the request parameters. This exception includes a reason that 4902// contains additional information about the violated limit: 4903// 4904// Some of the reasons in the following list might not be applicable to this 4905// specific API or operation. 4906// 4907// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 4908// the same entity. 4909// 4910// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 4911// can't be modified. 4912// 4913// * INPUT_REQUIRED: You must include a value for all required parameters. 4914// 4915// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 4916// for the invited account owner. 4917// 4918// * INVALID_ENUM: You specified an invalid value. 4919// 4920// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 4921// 4922// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 4923// characters. 4924// 4925// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 4926// at least one invalid value. 4927// 4928// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 4929// from the response to a previous call of the operation. 4930// 4931// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 4932// organization, or email) as a party. 4933// 4934// * INVALID_PATTERN: You provided a value that doesn't match the required 4935// pattern. 4936// 4937// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 4938// match the required pattern. 4939// 4940// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 4941// name can't begin with the reserved prefix AWSServiceRoleFor. 4942// 4943// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 4944// Name (ARN) for the organization. 4945// 4946// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 4947// 4948// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 4949// tag. You can’t add, edit, or delete system tag keys because they're 4950// reserved for AWS use. System tags don’t count against your tags per 4951// resource limit. 4952// 4953// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 4954// for the operation. 4955// 4956// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 4957// than allowed. 4958// 4959// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 4960// value than allowed. 4961// 4962// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 4963// than allowed. 4964// 4965// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 4966// value than allowed. 4967// 4968// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 4969// between entities in the same root. 4970// 4971// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 4972// target entity. 4973// 4974// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 4975// isn't recognized. 4976// 4977// * OrganizationalUnitNotFoundException 4978// We can't find an OU with the OrganizationalUnitId that you specified. 4979// 4980// * ServiceException 4981// AWS Organizations can't complete your request because of an internal service 4982// error. Try again later. 4983// 4984// * TooManyRequestsException 4985// You have sent too many requests in too short a period of time. The quota 4986// helps protect against denial-of-service attacks. Try again later. 4987// 4988// For information about quotas that affect AWS Organizations, see Quotas for 4989// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 4990// the AWS Organizations User Guide. 4991// 4992// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationalUnit 4993func (c *Organizations) DescribeOrganizationalUnit(input *DescribeOrganizationalUnitInput) (*DescribeOrganizationalUnitOutput, error) { 4994 req, out := c.DescribeOrganizationalUnitRequest(input) 4995 return out, req.Send() 4996} 4997 4998// DescribeOrganizationalUnitWithContext is the same as DescribeOrganizationalUnit with the addition of 4999// the ability to pass a context and additional request options. 5000// 5001// See DescribeOrganizationalUnit for details on how to use this API operation. 5002// 5003// The context must be non-nil and will be used for request cancellation. If 5004// the context is nil a panic will occur. In the future the SDK may create 5005// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 5006// for more information on using Contexts. 5007func (c *Organizations) DescribeOrganizationalUnitWithContext(ctx aws.Context, input *DescribeOrganizationalUnitInput, opts ...request.Option) (*DescribeOrganizationalUnitOutput, error) { 5008 req, out := c.DescribeOrganizationalUnitRequest(input) 5009 req.SetContext(ctx) 5010 req.ApplyOptions(opts...) 5011 return out, req.Send() 5012} 5013 5014const opDescribePolicy = "DescribePolicy" 5015 5016// DescribePolicyRequest generates a "aws/request.Request" representing the 5017// client's request for the DescribePolicy operation. The "output" return 5018// value will be populated with the request's response once the request completes 5019// successfully. 5020// 5021// Use "Send" method on the returned Request to send the API call to the service. 5022// the "output" return value is not valid until after Send returns without error. 5023// 5024// See DescribePolicy for more information on using the DescribePolicy 5025// API call, and error handling. 5026// 5027// This method is useful when you want to inject custom logic or configuration 5028// into the SDK's request lifecycle. Such as custom headers, or retry logic. 5029// 5030// 5031// // Example sending a request using the DescribePolicyRequest method. 5032// req, resp := client.DescribePolicyRequest(params) 5033// 5034// err := req.Send() 5035// if err == nil { // resp is now filled 5036// fmt.Println(resp) 5037// } 5038// 5039// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribePolicy 5040func (c *Organizations) DescribePolicyRequest(input *DescribePolicyInput) (req *request.Request, output *DescribePolicyOutput) { 5041 op := &request.Operation{ 5042 Name: opDescribePolicy, 5043 HTTPMethod: "POST", 5044 HTTPPath: "/", 5045 } 5046 5047 if input == nil { 5048 input = &DescribePolicyInput{} 5049 } 5050 5051 output = &DescribePolicyOutput{} 5052 req = c.newRequest(op, input, output) 5053 return 5054} 5055 5056// DescribePolicy API operation for AWS Organizations. 5057// 5058// Retrieves information about a policy. 5059// 5060// This operation can be called only from the organization's management account 5061// or by a member account that is a delegated administrator for an AWS service. 5062// 5063// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 5064// with awserr.Error's Code and Message methods to get detailed information about 5065// the error. 5066// 5067// See the AWS API reference guide for AWS Organizations's 5068// API operation DescribePolicy for usage and error information. 5069// 5070// Returned Error Types: 5071// * AccessDeniedException 5072// You don't have permissions to perform the requested operation. The user or 5073// role that is making the request must have at least one IAM permissions policy 5074// attached that grants the required permissions. For more information, see 5075// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 5076// in the IAM User Guide. 5077// 5078// * AWSOrganizationsNotInUseException 5079// Your account isn't a member of an organization. To make this request, you 5080// must use the credentials of an account that belongs to an organization. 5081// 5082// * InvalidInputException 5083// The requested operation failed because you provided invalid values for one 5084// or more of the request parameters. This exception includes a reason that 5085// contains additional information about the violated limit: 5086// 5087// Some of the reasons in the following list might not be applicable to this 5088// specific API or operation. 5089// 5090// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 5091// the same entity. 5092// 5093// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 5094// can't be modified. 5095// 5096// * INPUT_REQUIRED: You must include a value for all required parameters. 5097// 5098// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 5099// for the invited account owner. 5100// 5101// * INVALID_ENUM: You specified an invalid value. 5102// 5103// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 5104// 5105// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 5106// characters. 5107// 5108// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 5109// at least one invalid value. 5110// 5111// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 5112// from the response to a previous call of the operation. 5113// 5114// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 5115// organization, or email) as a party. 5116// 5117// * INVALID_PATTERN: You provided a value that doesn't match the required 5118// pattern. 5119// 5120// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 5121// match the required pattern. 5122// 5123// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 5124// name can't begin with the reserved prefix AWSServiceRoleFor. 5125// 5126// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 5127// Name (ARN) for the organization. 5128// 5129// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 5130// 5131// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 5132// tag. You can’t add, edit, or delete system tag keys because they're 5133// reserved for AWS use. System tags don’t count against your tags per 5134// resource limit. 5135// 5136// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 5137// for the operation. 5138// 5139// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 5140// than allowed. 5141// 5142// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 5143// value than allowed. 5144// 5145// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 5146// than allowed. 5147// 5148// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 5149// value than allowed. 5150// 5151// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 5152// between entities in the same root. 5153// 5154// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 5155// target entity. 5156// 5157// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 5158// isn't recognized. 5159// 5160// * PolicyNotFoundException 5161// We can't find a policy with the PolicyId that you specified. 5162// 5163// * ServiceException 5164// AWS Organizations can't complete your request because of an internal service 5165// error. Try again later. 5166// 5167// * TooManyRequestsException 5168// You have sent too many requests in too short a period of time. The quota 5169// helps protect against denial-of-service attacks. Try again later. 5170// 5171// For information about quotas that affect AWS Organizations, see Quotas for 5172// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 5173// the AWS Organizations User Guide. 5174// 5175// * UnsupportedAPIEndpointException 5176// This action isn't available in the current AWS Region. 5177// 5178// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribePolicy 5179func (c *Organizations) DescribePolicy(input *DescribePolicyInput) (*DescribePolicyOutput, error) { 5180 req, out := c.DescribePolicyRequest(input) 5181 return out, req.Send() 5182} 5183 5184// DescribePolicyWithContext is the same as DescribePolicy with the addition of 5185// the ability to pass a context and additional request options. 5186// 5187// See DescribePolicy for details on how to use this API operation. 5188// 5189// The context must be non-nil and will be used for request cancellation. If 5190// the context is nil a panic will occur. In the future the SDK may create 5191// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 5192// for more information on using Contexts. 5193func (c *Organizations) DescribePolicyWithContext(ctx aws.Context, input *DescribePolicyInput, opts ...request.Option) (*DescribePolicyOutput, error) { 5194 req, out := c.DescribePolicyRequest(input) 5195 req.SetContext(ctx) 5196 req.ApplyOptions(opts...) 5197 return out, req.Send() 5198} 5199 5200const opDetachPolicy = "DetachPolicy" 5201 5202// DetachPolicyRequest generates a "aws/request.Request" representing the 5203// client's request for the DetachPolicy operation. The "output" return 5204// value will be populated with the request's response once the request completes 5205// successfully. 5206// 5207// Use "Send" method on the returned Request to send the API call to the service. 5208// the "output" return value is not valid until after Send returns without error. 5209// 5210// See DetachPolicy for more information on using the DetachPolicy 5211// API call, and error handling. 5212// 5213// This method is useful when you want to inject custom logic or configuration 5214// into the SDK's request lifecycle. Such as custom headers, or retry logic. 5215// 5216// 5217// // Example sending a request using the DetachPolicyRequest method. 5218// req, resp := client.DetachPolicyRequest(params) 5219// 5220// err := req.Send() 5221// if err == nil { // resp is now filled 5222// fmt.Println(resp) 5223// } 5224// 5225// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DetachPolicy 5226func (c *Organizations) DetachPolicyRequest(input *DetachPolicyInput) (req *request.Request, output *DetachPolicyOutput) { 5227 op := &request.Operation{ 5228 Name: opDetachPolicy, 5229 HTTPMethod: "POST", 5230 HTTPPath: "/", 5231 } 5232 5233 if input == nil { 5234 input = &DetachPolicyInput{} 5235 } 5236 5237 output = &DetachPolicyOutput{} 5238 req = c.newRequest(op, input, output) 5239 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 5240 return 5241} 5242 5243// DetachPolicy API operation for AWS Organizations. 5244// 5245// Detaches a policy from a target root, organizational unit (OU), or account. 5246// 5247// If the policy being detached is a service control policy (SCP), the changes 5248// to permissions for AWS Identity and Access Management (IAM) users and roles 5249// in affected accounts are immediate. 5250// 5251// Every root, OU, and account must have at least one SCP attached. If you want 5252// to replace the default FullAWSAccess policy with an SCP that limits the permissions 5253// that can be delegated, you must attach the replacement SCP before you can 5254// remove the default SCP. This is the authorization strategy of an "allow list 5255// (https://docs.aws.amazon.com/organizations/latest/userguide/SCP_strategies.html#orgs_policies_allowlist)". 5256// If you instead attach a second SCP and leave the FullAWSAccess SCP still 5257// attached, and specify "Effect": "Deny" in the second SCP to override the 5258// "Effect": "Allow" in the FullAWSAccess policy (or any other attached SCP), 5259// you're using the authorization strategy of a "deny list (https://docs.aws.amazon.com/organizations/latest/userguide/SCP_strategies.html#orgs_policies_denylist)". 5260// 5261// This operation can be called only from the organization's management account. 5262// 5263// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 5264// with awserr.Error's Code and Message methods to get detailed information about 5265// the error. 5266// 5267// See the AWS API reference guide for AWS Organizations's 5268// API operation DetachPolicy for usage and error information. 5269// 5270// Returned Error Types: 5271// * AccessDeniedException 5272// You don't have permissions to perform the requested operation. The user or 5273// role that is making the request must have at least one IAM permissions policy 5274// attached that grants the required permissions. For more information, see 5275// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 5276// in the IAM User Guide. 5277// 5278// * AWSOrganizationsNotInUseException 5279// Your account isn't a member of an organization. To make this request, you 5280// must use the credentials of an account that belongs to an organization. 5281// 5282// * ConcurrentModificationException 5283// The target of the operation is currently being modified by a different request. 5284// Try again later. 5285// 5286// * ConstraintViolationException 5287// Performing this operation violates a minimum or maximum value limit. For 5288// example, attempting to remove the last service control policy (SCP) from 5289// an OU or root, inviting or creating too many accounts to the organization, 5290// or attaching too many policies to an account, OU, or root. This exception 5291// includes a reason that contains additional information about the violated 5292// limit: 5293// 5294// Some of the reasons in the following list might not be applicable to this 5295// specific API or operation. 5296// 5297// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 5298// account from the organization. You can't remove the management account. 5299// Instead, after you remove all member accounts, delete the organization 5300// itself. 5301// 5302// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 5303// from the organization that doesn't yet have enough information to exist 5304// as a standalone account. This account requires you to first agree to the 5305// AWS Customer Agreement. Follow the steps at Removing a member account 5306// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 5307// the AWS Organizations User Guide. 5308// 5309// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 5310// an account from the organization that doesn't yet have enough information 5311// to exist as a standalone account. This account requires you to first complete 5312// phone verification. Follow the steps at Removing a member account from 5313// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 5314// in the AWS Organizations User Guide. 5315// 5316// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 5317// of accounts that you can create in one day. 5318// 5319// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 5320// the number of accounts in an organization. If you need more accounts, 5321// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 5322// request an increase in your limit. Or the number of invitations that you 5323// tried to send would cause you to exceed the limit of accounts in your 5324// organization. Send fewer invitations or contact AWS Support to request 5325// an increase in the number of accounts. Deleted and closed accounts still 5326// count toward your limit. If you get this exception when running a command 5327// immediately after creating the organization, wait one hour and try again. 5328// After an hour, if the command continues to fail with this error, contact 5329// AWS Support (https://console.aws.amazon.com/support/home#/). 5330// 5331// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 5332// register the management account of the organization as a delegated administrator 5333// for an AWS service integrated with Organizations. You can designate only 5334// a member account as a delegated administrator. 5335// 5336// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 5337// an account that is registered as a delegated administrator for a service 5338// integrated with your organization. To complete this operation, you must 5339// first deregister this account as a delegated administrator. 5340// 5341// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 5342// organization in the specified region, you must enable all features mode. 5343// 5344// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 5345// an AWS account as a delegated administrator for an AWS service that already 5346// has a delegated administrator. To complete this operation, you must first 5347// deregister any existing delegated administrators for this service. 5348// 5349// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 5350// valid for a limited period of time. You must resubmit the request and 5351// generate a new verfication code. 5352// 5353// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 5354// handshakes that you can send in one day. 5355// 5356// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 5357// in this organization, you first must migrate the organization's management 5358// account to the marketplace that corresponds to the management account's 5359// address. For example, accounts with India addresses must be associated 5360// with the AISPL marketplace. All accounts in an organization must be associated 5361// with the same marketplace. 5362// 5363// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 5364// in China. To create an organization, the master must have a valid business 5365// license. For more information, contact customer support. 5366// 5367// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 5368// must first provide a valid contact address and phone number for the management 5369// account. Then try the operation again. 5370// 5371// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 5372// management account must have an associated account in the AWS GovCloud 5373// (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 5374// in the AWS GovCloud User Guide. 5375// 5376// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 5377// with this management account, you first must associate a valid payment 5378// instrument, such as a credit card, with the account. Follow the steps 5379// at To leave an organization when all required account information has 5380// not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 5381// in the AWS Organizations User Guide. 5382// 5383// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 5384// to register more delegated administrators than allowed for the service 5385// principal. 5386// 5387// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 5388// number of policies of a certain type that can be attached to an entity 5389// at one time. 5390// 5391// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 5392// on this resource. 5393// 5394// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 5395// with this member account, you first must associate a valid payment instrument, 5396// such as a credit card, with the account. Follow the steps at To leave 5397// an organization when all required account information has not yet been 5398// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 5399// in the AWS Organizations User Guide. 5400// 5401// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 5402// policy from an entity that would cause the entity to have fewer than the 5403// minimum number of policies of a certain type required. 5404// 5405// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 5406// that requires the organization to be configured to support all features. 5407// An organization that supports only consolidated billing features can't 5408// perform this operation. 5409// 5410// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 5411// too many levels deep. 5412// 5413// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 5414// that you can have in an organization. 5415// 5416// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 5417// is larger than the maximum size. 5418// 5419// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 5420// policies that you can have in an organization. 5421// 5422// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 5423// tags that are not compliant with the tag policy requirements for this 5424// account. 5425// 5426// * InvalidInputException 5427// The requested operation failed because you provided invalid values for one 5428// or more of the request parameters. This exception includes a reason that 5429// contains additional information about the violated limit: 5430// 5431// Some of the reasons in the following list might not be applicable to this 5432// specific API or operation. 5433// 5434// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 5435// the same entity. 5436// 5437// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 5438// can't be modified. 5439// 5440// * INPUT_REQUIRED: You must include a value for all required parameters. 5441// 5442// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 5443// for the invited account owner. 5444// 5445// * INVALID_ENUM: You specified an invalid value. 5446// 5447// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 5448// 5449// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 5450// characters. 5451// 5452// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 5453// at least one invalid value. 5454// 5455// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 5456// from the response to a previous call of the operation. 5457// 5458// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 5459// organization, or email) as a party. 5460// 5461// * INVALID_PATTERN: You provided a value that doesn't match the required 5462// pattern. 5463// 5464// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 5465// match the required pattern. 5466// 5467// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 5468// name can't begin with the reserved prefix AWSServiceRoleFor. 5469// 5470// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 5471// Name (ARN) for the organization. 5472// 5473// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 5474// 5475// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 5476// tag. You can’t add, edit, or delete system tag keys because they're 5477// reserved for AWS use. System tags don’t count against your tags per 5478// resource limit. 5479// 5480// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 5481// for the operation. 5482// 5483// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 5484// than allowed. 5485// 5486// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 5487// value than allowed. 5488// 5489// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 5490// than allowed. 5491// 5492// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 5493// value than allowed. 5494// 5495// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 5496// between entities in the same root. 5497// 5498// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 5499// target entity. 5500// 5501// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 5502// isn't recognized. 5503// 5504// * PolicyNotAttachedException 5505// The policy isn't attached to the specified target in the specified root. 5506// 5507// * PolicyNotFoundException 5508// We can't find a policy with the PolicyId that you specified. 5509// 5510// * ServiceException 5511// AWS Organizations can't complete your request because of an internal service 5512// error. Try again later. 5513// 5514// * TargetNotFoundException 5515// We can't find a root, OU, account, or policy with the TargetId that you specified. 5516// 5517// * TooManyRequestsException 5518// You have sent too many requests in too short a period of time. The quota 5519// helps protect against denial-of-service attacks. Try again later. 5520// 5521// For information about quotas that affect AWS Organizations, see Quotas for 5522// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 5523// the AWS Organizations User Guide. 5524// 5525// * UnsupportedAPIEndpointException 5526// This action isn't available in the current AWS Region. 5527// 5528// * PolicyChangesInProgressException 5529// Changes to the effective policy are in progress, and its contents can't be 5530// returned. Try the operation again later. 5531// 5532// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DetachPolicy 5533func (c *Organizations) DetachPolicy(input *DetachPolicyInput) (*DetachPolicyOutput, error) { 5534 req, out := c.DetachPolicyRequest(input) 5535 return out, req.Send() 5536} 5537 5538// DetachPolicyWithContext is the same as DetachPolicy with the addition of 5539// the ability to pass a context and additional request options. 5540// 5541// See DetachPolicy for details on how to use this API operation. 5542// 5543// The context must be non-nil and will be used for request cancellation. If 5544// the context is nil a panic will occur. In the future the SDK may create 5545// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 5546// for more information on using Contexts. 5547func (c *Organizations) DetachPolicyWithContext(ctx aws.Context, input *DetachPolicyInput, opts ...request.Option) (*DetachPolicyOutput, error) { 5548 req, out := c.DetachPolicyRequest(input) 5549 req.SetContext(ctx) 5550 req.ApplyOptions(opts...) 5551 return out, req.Send() 5552} 5553 5554const opDisableAWSServiceAccess = "DisableAWSServiceAccess" 5555 5556// DisableAWSServiceAccessRequest generates a "aws/request.Request" representing the 5557// client's request for the DisableAWSServiceAccess operation. The "output" return 5558// value will be populated with the request's response once the request completes 5559// successfully. 5560// 5561// Use "Send" method on the returned Request to send the API call to the service. 5562// the "output" return value is not valid until after Send returns without error. 5563// 5564// See DisableAWSServiceAccess for more information on using the DisableAWSServiceAccess 5565// API call, and error handling. 5566// 5567// This method is useful when you want to inject custom logic or configuration 5568// into the SDK's request lifecycle. Such as custom headers, or retry logic. 5569// 5570// 5571// // Example sending a request using the DisableAWSServiceAccessRequest method. 5572// req, resp := client.DisableAWSServiceAccessRequest(params) 5573// 5574// err := req.Send() 5575// if err == nil { // resp is now filled 5576// fmt.Println(resp) 5577// } 5578// 5579// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisableAWSServiceAccess 5580func (c *Organizations) DisableAWSServiceAccessRequest(input *DisableAWSServiceAccessInput) (req *request.Request, output *DisableAWSServiceAccessOutput) { 5581 op := &request.Operation{ 5582 Name: opDisableAWSServiceAccess, 5583 HTTPMethod: "POST", 5584 HTTPPath: "/", 5585 } 5586 5587 if input == nil { 5588 input = &DisableAWSServiceAccessInput{} 5589 } 5590 5591 output = &DisableAWSServiceAccessOutput{} 5592 req = c.newRequest(op, input, output) 5593 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 5594 return 5595} 5596 5597// DisableAWSServiceAccess API operation for AWS Organizations. 5598// 5599// Disables the integration of an AWS service (the service that is specified 5600// by ServicePrincipal) with AWS Organizations. When you disable integration, 5601// the specified service no longer can create a service-linked role (http://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html) 5602// in new accounts in your organization. This means the service can't perform 5603// operations on your behalf on any new accounts in your organization. The service 5604// can still perform operations in older accounts until the service completes 5605// its clean-up from AWS Organizations. 5606// 5607// We strongly recommend that you don't use this command to disable integration 5608// between AWS Organizations and the specified AWS service. Instead, use the 5609// console or commands that are provided by the specified service. This lets 5610// the trusted service perform any required initialization when enabling trusted 5611// access, such as creating any required resources and any required clean up 5612// of resources when disabling trusted access. 5613// 5614// For information about how to disable trusted service access to your organization 5615// using the trusted service, see the Learn more link under the Supports Trusted 5616// Access column at AWS services that you can use with AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html). 5617// on this page. 5618// 5619// If you disable access by using this command, it causes the following actions 5620// to occur: 5621// 5622// * The service can no longer create a service-linked role in the accounts 5623// in your organization. This means that the service can't perform operations 5624// on your behalf on any new accounts in your organization. The service can 5625// still perform operations in older accounts until the service completes 5626// its clean-up from AWS Organizations. 5627// 5628// * The service can no longer perform tasks in the member accounts in the 5629// organization, unless those operations are explicitly permitted by the 5630// IAM policies that are attached to your roles. This includes any data aggregation 5631// from the member accounts to the management account, or to a delegated 5632// administrator account, where relevant. 5633// 5634// * Some services detect this and clean up any remaining data or resources 5635// related to the integration, while other services stop accessing the organization 5636// but leave any historical data and configuration in place to support a 5637// possible re-enabling of the integration. 5638// 5639// Using the other service's console or commands to disable the integration 5640// ensures that the other service is aware that it can clean up any resources 5641// that are required only for the integration. How the service cleans up its 5642// resources in the organization's accounts depends on that service. For more 5643// information, see the documentation for the other AWS service. 5644// 5645// After you perform the DisableAWSServiceAccess operation, the specified service 5646// can no longer perform operations in your organization's accounts 5647// 5648// For more information about integrating other services with AWS Organizations, 5649// including the list of services that work with Organizations, see Integrating 5650// AWS Organizations with Other AWS Services (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html) 5651// in the AWS Organizations User Guide. 5652// 5653// This operation can be called only from the organization's management account. 5654// 5655// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 5656// with awserr.Error's Code and Message methods to get detailed information about 5657// the error. 5658// 5659// See the AWS API reference guide for AWS Organizations's 5660// API operation DisableAWSServiceAccess for usage and error information. 5661// 5662// Returned Error Types: 5663// * AccessDeniedException 5664// You don't have permissions to perform the requested operation. The user or 5665// role that is making the request must have at least one IAM permissions policy 5666// attached that grants the required permissions. For more information, see 5667// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 5668// in the IAM User Guide. 5669// 5670// * AWSOrganizationsNotInUseException 5671// Your account isn't a member of an organization. To make this request, you 5672// must use the credentials of an account that belongs to an organization. 5673// 5674// * ConcurrentModificationException 5675// The target of the operation is currently being modified by a different request. 5676// Try again later. 5677// 5678// * ConstraintViolationException 5679// Performing this operation violates a minimum or maximum value limit. For 5680// example, attempting to remove the last service control policy (SCP) from 5681// an OU or root, inviting or creating too many accounts to the organization, 5682// or attaching too many policies to an account, OU, or root. This exception 5683// includes a reason that contains additional information about the violated 5684// limit: 5685// 5686// Some of the reasons in the following list might not be applicable to this 5687// specific API or operation. 5688// 5689// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 5690// account from the organization. You can't remove the management account. 5691// Instead, after you remove all member accounts, delete the organization 5692// itself. 5693// 5694// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 5695// from the organization that doesn't yet have enough information to exist 5696// as a standalone account. This account requires you to first agree to the 5697// AWS Customer Agreement. Follow the steps at Removing a member account 5698// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 5699// the AWS Organizations User Guide. 5700// 5701// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 5702// an account from the organization that doesn't yet have enough information 5703// to exist as a standalone account. This account requires you to first complete 5704// phone verification. Follow the steps at Removing a member account from 5705// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 5706// in the AWS Organizations User Guide. 5707// 5708// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 5709// of accounts that you can create in one day. 5710// 5711// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 5712// the number of accounts in an organization. If you need more accounts, 5713// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 5714// request an increase in your limit. Or the number of invitations that you 5715// tried to send would cause you to exceed the limit of accounts in your 5716// organization. Send fewer invitations or contact AWS Support to request 5717// an increase in the number of accounts. Deleted and closed accounts still 5718// count toward your limit. If you get this exception when running a command 5719// immediately after creating the organization, wait one hour and try again. 5720// After an hour, if the command continues to fail with this error, contact 5721// AWS Support (https://console.aws.amazon.com/support/home#/). 5722// 5723// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 5724// register the management account of the organization as a delegated administrator 5725// for an AWS service integrated with Organizations. You can designate only 5726// a member account as a delegated administrator. 5727// 5728// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 5729// an account that is registered as a delegated administrator for a service 5730// integrated with your organization. To complete this operation, you must 5731// first deregister this account as a delegated administrator. 5732// 5733// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 5734// organization in the specified region, you must enable all features mode. 5735// 5736// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 5737// an AWS account as a delegated administrator for an AWS service that already 5738// has a delegated administrator. To complete this operation, you must first 5739// deregister any existing delegated administrators for this service. 5740// 5741// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 5742// valid for a limited period of time. You must resubmit the request and 5743// generate a new verfication code. 5744// 5745// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 5746// handshakes that you can send in one day. 5747// 5748// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 5749// in this organization, you first must migrate the organization's management 5750// account to the marketplace that corresponds to the management account's 5751// address. For example, accounts with India addresses must be associated 5752// with the AISPL marketplace. All accounts in an organization must be associated 5753// with the same marketplace. 5754// 5755// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 5756// in China. To create an organization, the master must have a valid business 5757// license. For more information, contact customer support. 5758// 5759// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 5760// must first provide a valid contact address and phone number for the management 5761// account. Then try the operation again. 5762// 5763// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 5764// management account must have an associated account in the AWS GovCloud 5765// (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 5766// in the AWS GovCloud User Guide. 5767// 5768// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 5769// with this management account, you first must associate a valid payment 5770// instrument, such as a credit card, with the account. Follow the steps 5771// at To leave an organization when all required account information has 5772// not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 5773// in the AWS Organizations User Guide. 5774// 5775// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 5776// to register more delegated administrators than allowed for the service 5777// principal. 5778// 5779// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 5780// number of policies of a certain type that can be attached to an entity 5781// at one time. 5782// 5783// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 5784// on this resource. 5785// 5786// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 5787// with this member account, you first must associate a valid payment instrument, 5788// such as a credit card, with the account. Follow the steps at To leave 5789// an organization when all required account information has not yet been 5790// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 5791// in the AWS Organizations User Guide. 5792// 5793// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 5794// policy from an entity that would cause the entity to have fewer than the 5795// minimum number of policies of a certain type required. 5796// 5797// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 5798// that requires the organization to be configured to support all features. 5799// An organization that supports only consolidated billing features can't 5800// perform this operation. 5801// 5802// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 5803// too many levels deep. 5804// 5805// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 5806// that you can have in an organization. 5807// 5808// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 5809// is larger than the maximum size. 5810// 5811// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 5812// policies that you can have in an organization. 5813// 5814// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 5815// tags that are not compliant with the tag policy requirements for this 5816// account. 5817// 5818// * InvalidInputException 5819// The requested operation failed because you provided invalid values for one 5820// or more of the request parameters. This exception includes a reason that 5821// contains additional information about the violated limit: 5822// 5823// Some of the reasons in the following list might not be applicable to this 5824// specific API or operation. 5825// 5826// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 5827// the same entity. 5828// 5829// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 5830// can't be modified. 5831// 5832// * INPUT_REQUIRED: You must include a value for all required parameters. 5833// 5834// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 5835// for the invited account owner. 5836// 5837// * INVALID_ENUM: You specified an invalid value. 5838// 5839// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 5840// 5841// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 5842// characters. 5843// 5844// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 5845// at least one invalid value. 5846// 5847// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 5848// from the response to a previous call of the operation. 5849// 5850// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 5851// organization, or email) as a party. 5852// 5853// * INVALID_PATTERN: You provided a value that doesn't match the required 5854// pattern. 5855// 5856// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 5857// match the required pattern. 5858// 5859// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 5860// name can't begin with the reserved prefix AWSServiceRoleFor. 5861// 5862// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 5863// Name (ARN) for the organization. 5864// 5865// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 5866// 5867// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 5868// tag. You can’t add, edit, or delete system tag keys because they're 5869// reserved for AWS use. System tags don’t count against your tags per 5870// resource limit. 5871// 5872// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 5873// for the operation. 5874// 5875// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 5876// than allowed. 5877// 5878// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 5879// value than allowed. 5880// 5881// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 5882// than allowed. 5883// 5884// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 5885// value than allowed. 5886// 5887// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 5888// between entities in the same root. 5889// 5890// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 5891// target entity. 5892// 5893// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 5894// isn't recognized. 5895// 5896// * ServiceException 5897// AWS Organizations can't complete your request because of an internal service 5898// error. Try again later. 5899// 5900// * TooManyRequestsException 5901// You have sent too many requests in too short a period of time. The quota 5902// helps protect against denial-of-service attacks. Try again later. 5903// 5904// For information about quotas that affect AWS Organizations, see Quotas for 5905// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 5906// the AWS Organizations User Guide. 5907// 5908// * UnsupportedAPIEndpointException 5909// This action isn't available in the current AWS Region. 5910// 5911// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisableAWSServiceAccess 5912func (c *Organizations) DisableAWSServiceAccess(input *DisableAWSServiceAccessInput) (*DisableAWSServiceAccessOutput, error) { 5913 req, out := c.DisableAWSServiceAccessRequest(input) 5914 return out, req.Send() 5915} 5916 5917// DisableAWSServiceAccessWithContext is the same as DisableAWSServiceAccess with the addition of 5918// the ability to pass a context and additional request options. 5919// 5920// See DisableAWSServiceAccess for details on how to use this API operation. 5921// 5922// The context must be non-nil and will be used for request cancellation. If 5923// the context is nil a panic will occur. In the future the SDK may create 5924// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 5925// for more information on using Contexts. 5926func (c *Organizations) DisableAWSServiceAccessWithContext(ctx aws.Context, input *DisableAWSServiceAccessInput, opts ...request.Option) (*DisableAWSServiceAccessOutput, error) { 5927 req, out := c.DisableAWSServiceAccessRequest(input) 5928 req.SetContext(ctx) 5929 req.ApplyOptions(opts...) 5930 return out, req.Send() 5931} 5932 5933const opDisablePolicyType = "DisablePolicyType" 5934 5935// DisablePolicyTypeRequest generates a "aws/request.Request" representing the 5936// client's request for the DisablePolicyType operation. The "output" return 5937// value will be populated with the request's response once the request completes 5938// successfully. 5939// 5940// Use "Send" method on the returned Request to send the API call to the service. 5941// the "output" return value is not valid until after Send returns without error. 5942// 5943// See DisablePolicyType for more information on using the DisablePolicyType 5944// API call, and error handling. 5945// 5946// This method is useful when you want to inject custom logic or configuration 5947// into the SDK's request lifecycle. Such as custom headers, or retry logic. 5948// 5949// 5950// // Example sending a request using the DisablePolicyTypeRequest method. 5951// req, resp := client.DisablePolicyTypeRequest(params) 5952// 5953// err := req.Send() 5954// if err == nil { // resp is now filled 5955// fmt.Println(resp) 5956// } 5957// 5958// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyType 5959func (c *Organizations) DisablePolicyTypeRequest(input *DisablePolicyTypeInput) (req *request.Request, output *DisablePolicyTypeOutput) { 5960 op := &request.Operation{ 5961 Name: opDisablePolicyType, 5962 HTTPMethod: "POST", 5963 HTTPPath: "/", 5964 } 5965 5966 if input == nil { 5967 input = &DisablePolicyTypeInput{} 5968 } 5969 5970 output = &DisablePolicyTypeOutput{} 5971 req = c.newRequest(op, input, output) 5972 return 5973} 5974 5975// DisablePolicyType API operation for AWS Organizations. 5976// 5977// Disables an organizational policy type in a root. A policy of a certain type 5978// can be attached to entities in a root only if that type is enabled in the 5979// root. After you perform this operation, you no longer can attach policies 5980// of the specified type to that root or to any organizational unit (OU) or 5981// account in that root. You can undo this by using the EnablePolicyType operation. 5982// 5983// This is an asynchronous request that AWS performs in the background. If you 5984// disable a policy type for a root, it still appears enabled for the organization 5985// if all features (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) 5986// are enabled for the organization. AWS recommends that you first use ListRoots 5987// to see the status of policy types for a specified root, and then use this 5988// operation. 5989// 5990// This operation can be called only from the organization's management account. 5991// 5992// To view the status of available policy types in the organization, use DescribeOrganization. 5993// 5994// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 5995// with awserr.Error's Code and Message methods to get detailed information about 5996// the error. 5997// 5998// See the AWS API reference guide for AWS Organizations's 5999// API operation DisablePolicyType for usage and error information. 6000// 6001// Returned Error Types: 6002// * AccessDeniedException 6003// You don't have permissions to perform the requested operation. The user or 6004// role that is making the request must have at least one IAM permissions policy 6005// attached that grants the required permissions. For more information, see 6006// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 6007// in the IAM User Guide. 6008// 6009// * AWSOrganizationsNotInUseException 6010// Your account isn't a member of an organization. To make this request, you 6011// must use the credentials of an account that belongs to an organization. 6012// 6013// * ConcurrentModificationException 6014// The target of the operation is currently being modified by a different request. 6015// Try again later. 6016// 6017// * ConstraintViolationException 6018// Performing this operation violates a minimum or maximum value limit. For 6019// example, attempting to remove the last service control policy (SCP) from 6020// an OU or root, inviting or creating too many accounts to the organization, 6021// or attaching too many policies to an account, OU, or root. This exception 6022// includes a reason that contains additional information about the violated 6023// limit: 6024// 6025// Some of the reasons in the following list might not be applicable to this 6026// specific API or operation. 6027// 6028// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 6029// account from the organization. You can't remove the management account. 6030// Instead, after you remove all member accounts, delete the organization 6031// itself. 6032// 6033// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 6034// from the organization that doesn't yet have enough information to exist 6035// as a standalone account. This account requires you to first agree to the 6036// AWS Customer Agreement. Follow the steps at Removing a member account 6037// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 6038// the AWS Organizations User Guide. 6039// 6040// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 6041// an account from the organization that doesn't yet have enough information 6042// to exist as a standalone account. This account requires you to first complete 6043// phone verification. Follow the steps at Removing a member account from 6044// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 6045// in the AWS Organizations User Guide. 6046// 6047// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 6048// of accounts that you can create in one day. 6049// 6050// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 6051// the number of accounts in an organization. If you need more accounts, 6052// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 6053// request an increase in your limit. Or the number of invitations that you 6054// tried to send would cause you to exceed the limit of accounts in your 6055// organization. Send fewer invitations or contact AWS Support to request 6056// an increase in the number of accounts. Deleted and closed accounts still 6057// count toward your limit. If you get this exception when running a command 6058// immediately after creating the organization, wait one hour and try again. 6059// After an hour, if the command continues to fail with this error, contact 6060// AWS Support (https://console.aws.amazon.com/support/home#/). 6061// 6062// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 6063// register the management account of the organization as a delegated administrator 6064// for an AWS service integrated with Organizations. You can designate only 6065// a member account as a delegated administrator. 6066// 6067// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 6068// an account that is registered as a delegated administrator for a service 6069// integrated with your organization. To complete this operation, you must 6070// first deregister this account as a delegated administrator. 6071// 6072// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 6073// organization in the specified region, you must enable all features mode. 6074// 6075// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 6076// an AWS account as a delegated administrator for an AWS service that already 6077// has a delegated administrator. To complete this operation, you must first 6078// deregister any existing delegated administrators for this service. 6079// 6080// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 6081// valid for a limited period of time. You must resubmit the request and 6082// generate a new verfication code. 6083// 6084// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 6085// handshakes that you can send in one day. 6086// 6087// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 6088// in this organization, you first must migrate the organization's management 6089// account to the marketplace that corresponds to the management account's 6090// address. For example, accounts with India addresses must be associated 6091// with the AISPL marketplace. All accounts in an organization must be associated 6092// with the same marketplace. 6093// 6094// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 6095// in China. To create an organization, the master must have a valid business 6096// license. For more information, contact customer support. 6097// 6098// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 6099// must first provide a valid contact address and phone number for the management 6100// account. Then try the operation again. 6101// 6102// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 6103// management account must have an associated account in the AWS GovCloud 6104// (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 6105// in the AWS GovCloud User Guide. 6106// 6107// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 6108// with this management account, you first must associate a valid payment 6109// instrument, such as a credit card, with the account. Follow the steps 6110// at To leave an organization when all required account information has 6111// not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 6112// in the AWS Organizations User Guide. 6113// 6114// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 6115// to register more delegated administrators than allowed for the service 6116// principal. 6117// 6118// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 6119// number of policies of a certain type that can be attached to an entity 6120// at one time. 6121// 6122// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 6123// on this resource. 6124// 6125// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 6126// with this member account, you first must associate a valid payment instrument, 6127// such as a credit card, with the account. Follow the steps at To leave 6128// an organization when all required account information has not yet been 6129// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 6130// in the AWS Organizations User Guide. 6131// 6132// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 6133// policy from an entity that would cause the entity to have fewer than the 6134// minimum number of policies of a certain type required. 6135// 6136// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 6137// that requires the organization to be configured to support all features. 6138// An organization that supports only consolidated billing features can't 6139// perform this operation. 6140// 6141// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 6142// too many levels deep. 6143// 6144// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 6145// that you can have in an organization. 6146// 6147// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 6148// is larger than the maximum size. 6149// 6150// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 6151// policies that you can have in an organization. 6152// 6153// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 6154// tags that are not compliant with the tag policy requirements for this 6155// account. 6156// 6157// * InvalidInputException 6158// The requested operation failed because you provided invalid values for one 6159// or more of the request parameters. This exception includes a reason that 6160// contains additional information about the violated limit: 6161// 6162// Some of the reasons in the following list might not be applicable to this 6163// specific API or operation. 6164// 6165// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 6166// the same entity. 6167// 6168// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 6169// can't be modified. 6170// 6171// * INPUT_REQUIRED: You must include a value for all required parameters. 6172// 6173// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 6174// for the invited account owner. 6175// 6176// * INVALID_ENUM: You specified an invalid value. 6177// 6178// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 6179// 6180// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 6181// characters. 6182// 6183// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 6184// at least one invalid value. 6185// 6186// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 6187// from the response to a previous call of the operation. 6188// 6189// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 6190// organization, or email) as a party. 6191// 6192// * INVALID_PATTERN: You provided a value that doesn't match the required 6193// pattern. 6194// 6195// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 6196// match the required pattern. 6197// 6198// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 6199// name can't begin with the reserved prefix AWSServiceRoleFor. 6200// 6201// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 6202// Name (ARN) for the organization. 6203// 6204// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 6205// 6206// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 6207// tag. You can’t add, edit, or delete system tag keys because they're 6208// reserved for AWS use. System tags don’t count against your tags per 6209// resource limit. 6210// 6211// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 6212// for the operation. 6213// 6214// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 6215// than allowed. 6216// 6217// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 6218// value than allowed. 6219// 6220// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 6221// than allowed. 6222// 6223// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 6224// value than allowed. 6225// 6226// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 6227// between entities in the same root. 6228// 6229// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 6230// target entity. 6231// 6232// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 6233// isn't recognized. 6234// 6235// * PolicyTypeNotEnabledException 6236// The specified policy type isn't currently enabled in this root. You can't 6237// attach policies of the specified type to entities in a root until you enable 6238// that type in the root. For more information, see Enabling All Features in 6239// Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) 6240// in the AWS Organizations User Guide. 6241// 6242// * RootNotFoundException 6243// We can't find a root with the RootId that you specified. 6244// 6245// * ServiceException 6246// AWS Organizations can't complete your request because of an internal service 6247// error. Try again later. 6248// 6249// * TooManyRequestsException 6250// You have sent too many requests in too short a period of time. The quota 6251// helps protect against denial-of-service attacks. Try again later. 6252// 6253// For information about quotas that affect AWS Organizations, see Quotas for 6254// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 6255// the AWS Organizations User Guide. 6256// 6257// * UnsupportedAPIEndpointException 6258// This action isn't available in the current AWS Region. 6259// 6260// * PolicyChangesInProgressException 6261// Changes to the effective policy are in progress, and its contents can't be 6262// returned. Try the operation again later. 6263// 6264// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyType 6265func (c *Organizations) DisablePolicyType(input *DisablePolicyTypeInput) (*DisablePolicyTypeOutput, error) { 6266 req, out := c.DisablePolicyTypeRequest(input) 6267 return out, req.Send() 6268} 6269 6270// DisablePolicyTypeWithContext is the same as DisablePolicyType with the addition of 6271// the ability to pass a context and additional request options. 6272// 6273// See DisablePolicyType for details on how to use this API operation. 6274// 6275// The context must be non-nil and will be used for request cancellation. If 6276// the context is nil a panic will occur. In the future the SDK may create 6277// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 6278// for more information on using Contexts. 6279func (c *Organizations) DisablePolicyTypeWithContext(ctx aws.Context, input *DisablePolicyTypeInput, opts ...request.Option) (*DisablePolicyTypeOutput, error) { 6280 req, out := c.DisablePolicyTypeRequest(input) 6281 req.SetContext(ctx) 6282 req.ApplyOptions(opts...) 6283 return out, req.Send() 6284} 6285 6286const opEnableAWSServiceAccess = "EnableAWSServiceAccess" 6287 6288// EnableAWSServiceAccessRequest generates a "aws/request.Request" representing the 6289// client's request for the EnableAWSServiceAccess operation. The "output" return 6290// value will be populated with the request's response once the request completes 6291// successfully. 6292// 6293// Use "Send" method on the returned Request to send the API call to the service. 6294// the "output" return value is not valid until after Send returns without error. 6295// 6296// See EnableAWSServiceAccess for more information on using the EnableAWSServiceAccess 6297// API call, and error handling. 6298// 6299// This method is useful when you want to inject custom logic or configuration 6300// into the SDK's request lifecycle. Such as custom headers, or retry logic. 6301// 6302// 6303// // Example sending a request using the EnableAWSServiceAccessRequest method. 6304// req, resp := client.EnableAWSServiceAccessRequest(params) 6305// 6306// err := req.Send() 6307// if err == nil { // resp is now filled 6308// fmt.Println(resp) 6309// } 6310// 6311// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAWSServiceAccess 6312func (c *Organizations) EnableAWSServiceAccessRequest(input *EnableAWSServiceAccessInput) (req *request.Request, output *EnableAWSServiceAccessOutput) { 6313 op := &request.Operation{ 6314 Name: opEnableAWSServiceAccess, 6315 HTTPMethod: "POST", 6316 HTTPPath: "/", 6317 } 6318 6319 if input == nil { 6320 input = &EnableAWSServiceAccessInput{} 6321 } 6322 6323 output = &EnableAWSServiceAccessOutput{} 6324 req = c.newRequest(op, input, output) 6325 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 6326 return 6327} 6328 6329// EnableAWSServiceAccess API operation for AWS Organizations. 6330// 6331// Enables the integration of an AWS service (the service that is specified 6332// by ServicePrincipal) with AWS Organizations. When you enable integration, 6333// you allow the specified service to create a service-linked role (http://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html) 6334// in all the accounts in your organization. This allows the service to perform 6335// operations on your behalf in your organization and its accounts. 6336// 6337// We recommend that you enable integration between AWS Organizations and the 6338// specified AWS service by using the console or commands that are provided 6339// by the specified service. Doing so ensures that the service is aware that 6340// it can create the resources that are required for the integration. How the 6341// service creates those resources in the organization's accounts depends on 6342// that service. For more information, see the documentation for the other AWS 6343// service. 6344// 6345// For more information about enabling services to integrate with AWS Organizations, 6346// see Integrating AWS Organizations with Other AWS Services (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html) 6347// in the AWS Organizations User Guide. 6348// 6349// This operation can be called only from the organization's management account 6350// and only if the organization has enabled all features (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html). 6351// 6352// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 6353// with awserr.Error's Code and Message methods to get detailed information about 6354// the error. 6355// 6356// See the AWS API reference guide for AWS Organizations's 6357// API operation EnableAWSServiceAccess for usage and error information. 6358// 6359// Returned Error Types: 6360// * AccessDeniedException 6361// You don't have permissions to perform the requested operation. The user or 6362// role that is making the request must have at least one IAM permissions policy 6363// attached that grants the required permissions. For more information, see 6364// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 6365// in the IAM User Guide. 6366// 6367// * AWSOrganizationsNotInUseException 6368// Your account isn't a member of an organization. To make this request, you 6369// must use the credentials of an account that belongs to an organization. 6370// 6371// * ConcurrentModificationException 6372// The target of the operation is currently being modified by a different request. 6373// Try again later. 6374// 6375// * ConstraintViolationException 6376// Performing this operation violates a minimum or maximum value limit. For 6377// example, attempting to remove the last service control policy (SCP) from 6378// an OU or root, inviting or creating too many accounts to the organization, 6379// or attaching too many policies to an account, OU, or root. This exception 6380// includes a reason that contains additional information about the violated 6381// limit: 6382// 6383// Some of the reasons in the following list might not be applicable to this 6384// specific API or operation. 6385// 6386// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 6387// account from the organization. You can't remove the management account. 6388// Instead, after you remove all member accounts, delete the organization 6389// itself. 6390// 6391// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 6392// from the organization that doesn't yet have enough information to exist 6393// as a standalone account. This account requires you to first agree to the 6394// AWS Customer Agreement. Follow the steps at Removing a member account 6395// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 6396// the AWS Organizations User Guide. 6397// 6398// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 6399// an account from the organization that doesn't yet have enough information 6400// to exist as a standalone account. This account requires you to first complete 6401// phone verification. Follow the steps at Removing a member account from 6402// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 6403// in the AWS Organizations User Guide. 6404// 6405// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 6406// of accounts that you can create in one day. 6407// 6408// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 6409// the number of accounts in an organization. If you need more accounts, 6410// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 6411// request an increase in your limit. Or the number of invitations that you 6412// tried to send would cause you to exceed the limit of accounts in your 6413// organization. Send fewer invitations or contact AWS Support to request 6414// an increase in the number of accounts. Deleted and closed accounts still 6415// count toward your limit. If you get this exception when running a command 6416// immediately after creating the organization, wait one hour and try again. 6417// After an hour, if the command continues to fail with this error, contact 6418// AWS Support (https://console.aws.amazon.com/support/home#/). 6419// 6420// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 6421// register the management account of the organization as a delegated administrator 6422// for an AWS service integrated with Organizations. You can designate only 6423// a member account as a delegated administrator. 6424// 6425// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 6426// an account that is registered as a delegated administrator for a service 6427// integrated with your organization. To complete this operation, you must 6428// first deregister this account as a delegated administrator. 6429// 6430// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 6431// organization in the specified region, you must enable all features mode. 6432// 6433// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 6434// an AWS account as a delegated administrator for an AWS service that already 6435// has a delegated administrator. To complete this operation, you must first 6436// deregister any existing delegated administrators for this service. 6437// 6438// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 6439// valid for a limited period of time. You must resubmit the request and 6440// generate a new verfication code. 6441// 6442// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 6443// handshakes that you can send in one day. 6444// 6445// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 6446// in this organization, you first must migrate the organization's management 6447// account to the marketplace that corresponds to the management account's 6448// address. For example, accounts with India addresses must be associated 6449// with the AISPL marketplace. All accounts in an organization must be associated 6450// with the same marketplace. 6451// 6452// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 6453// in China. To create an organization, the master must have a valid business 6454// license. For more information, contact customer support. 6455// 6456// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 6457// must first provide a valid contact address and phone number for the management 6458// account. Then try the operation again. 6459// 6460// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 6461// management account must have an associated account in the AWS GovCloud 6462// (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 6463// in the AWS GovCloud User Guide. 6464// 6465// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 6466// with this management account, you first must associate a valid payment 6467// instrument, such as a credit card, with the account. Follow the steps 6468// at To leave an organization when all required account information has 6469// not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 6470// in the AWS Organizations User Guide. 6471// 6472// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 6473// to register more delegated administrators than allowed for the service 6474// principal. 6475// 6476// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 6477// number of policies of a certain type that can be attached to an entity 6478// at one time. 6479// 6480// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 6481// on this resource. 6482// 6483// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 6484// with this member account, you first must associate a valid payment instrument, 6485// such as a credit card, with the account. Follow the steps at To leave 6486// an organization when all required account information has not yet been 6487// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 6488// in the AWS Organizations User Guide. 6489// 6490// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 6491// policy from an entity that would cause the entity to have fewer than the 6492// minimum number of policies of a certain type required. 6493// 6494// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 6495// that requires the organization to be configured to support all features. 6496// An organization that supports only consolidated billing features can't 6497// perform this operation. 6498// 6499// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 6500// too many levels deep. 6501// 6502// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 6503// that you can have in an organization. 6504// 6505// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 6506// is larger than the maximum size. 6507// 6508// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 6509// policies that you can have in an organization. 6510// 6511// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 6512// tags that are not compliant with the tag policy requirements for this 6513// account. 6514// 6515// * InvalidInputException 6516// The requested operation failed because you provided invalid values for one 6517// or more of the request parameters. This exception includes a reason that 6518// contains additional information about the violated limit: 6519// 6520// Some of the reasons in the following list might not be applicable to this 6521// specific API or operation. 6522// 6523// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 6524// the same entity. 6525// 6526// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 6527// can't be modified. 6528// 6529// * INPUT_REQUIRED: You must include a value for all required parameters. 6530// 6531// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 6532// for the invited account owner. 6533// 6534// * INVALID_ENUM: You specified an invalid value. 6535// 6536// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 6537// 6538// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 6539// characters. 6540// 6541// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 6542// at least one invalid value. 6543// 6544// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 6545// from the response to a previous call of the operation. 6546// 6547// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 6548// organization, or email) as a party. 6549// 6550// * INVALID_PATTERN: You provided a value that doesn't match the required 6551// pattern. 6552// 6553// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 6554// match the required pattern. 6555// 6556// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 6557// name can't begin with the reserved prefix AWSServiceRoleFor. 6558// 6559// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 6560// Name (ARN) for the organization. 6561// 6562// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 6563// 6564// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 6565// tag. You can’t add, edit, or delete system tag keys because they're 6566// reserved for AWS use. System tags don’t count against your tags per 6567// resource limit. 6568// 6569// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 6570// for the operation. 6571// 6572// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 6573// than allowed. 6574// 6575// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 6576// value than allowed. 6577// 6578// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 6579// than allowed. 6580// 6581// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 6582// value than allowed. 6583// 6584// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 6585// between entities in the same root. 6586// 6587// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 6588// target entity. 6589// 6590// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 6591// isn't recognized. 6592// 6593// * ServiceException 6594// AWS Organizations can't complete your request because of an internal service 6595// error. Try again later. 6596// 6597// * TooManyRequestsException 6598// You have sent too many requests in too short a period of time. The quota 6599// helps protect against denial-of-service attacks. Try again later. 6600// 6601// For information about quotas that affect AWS Organizations, see Quotas for 6602// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 6603// the AWS Organizations User Guide. 6604// 6605// * UnsupportedAPIEndpointException 6606// This action isn't available in the current AWS Region. 6607// 6608// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAWSServiceAccess 6609func (c *Organizations) EnableAWSServiceAccess(input *EnableAWSServiceAccessInput) (*EnableAWSServiceAccessOutput, error) { 6610 req, out := c.EnableAWSServiceAccessRequest(input) 6611 return out, req.Send() 6612} 6613 6614// EnableAWSServiceAccessWithContext is the same as EnableAWSServiceAccess with the addition of 6615// the ability to pass a context and additional request options. 6616// 6617// See EnableAWSServiceAccess for details on how to use this API operation. 6618// 6619// The context must be non-nil and will be used for request cancellation. If 6620// the context is nil a panic will occur. In the future the SDK may create 6621// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 6622// for more information on using Contexts. 6623func (c *Organizations) EnableAWSServiceAccessWithContext(ctx aws.Context, input *EnableAWSServiceAccessInput, opts ...request.Option) (*EnableAWSServiceAccessOutput, error) { 6624 req, out := c.EnableAWSServiceAccessRequest(input) 6625 req.SetContext(ctx) 6626 req.ApplyOptions(opts...) 6627 return out, req.Send() 6628} 6629 6630const opEnableAllFeatures = "EnableAllFeatures" 6631 6632// EnableAllFeaturesRequest generates a "aws/request.Request" representing the 6633// client's request for the EnableAllFeatures operation. The "output" return 6634// value will be populated with the request's response once the request completes 6635// successfully. 6636// 6637// Use "Send" method on the returned Request to send the API call to the service. 6638// the "output" return value is not valid until after Send returns without error. 6639// 6640// See EnableAllFeatures for more information on using the EnableAllFeatures 6641// API call, and error handling. 6642// 6643// This method is useful when you want to inject custom logic or configuration 6644// into the SDK's request lifecycle. Such as custom headers, or retry logic. 6645// 6646// 6647// // Example sending a request using the EnableAllFeaturesRequest method. 6648// req, resp := client.EnableAllFeaturesRequest(params) 6649// 6650// err := req.Send() 6651// if err == nil { // resp is now filled 6652// fmt.Println(resp) 6653// } 6654// 6655// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAllFeatures 6656func (c *Organizations) EnableAllFeaturesRequest(input *EnableAllFeaturesInput) (req *request.Request, output *EnableAllFeaturesOutput) { 6657 op := &request.Operation{ 6658 Name: opEnableAllFeatures, 6659 HTTPMethod: "POST", 6660 HTTPPath: "/", 6661 } 6662 6663 if input == nil { 6664 input = &EnableAllFeaturesInput{} 6665 } 6666 6667 output = &EnableAllFeaturesOutput{} 6668 req = c.newRequest(op, input, output) 6669 return 6670} 6671 6672// EnableAllFeatures API operation for AWS Organizations. 6673// 6674// Enables all features in an organization. This enables the use of organization 6675// policies that can restrict the services and actions that can be called in 6676// each account. Until you enable all features, you have access only to consolidated 6677// billing, and you can't use any of the advanced account administration features 6678// that AWS Organizations supports. For more information, see Enabling All Features 6679// in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) 6680// in the AWS Organizations User Guide. 6681// 6682// This operation is required only for organizations that were created explicitly 6683// with only the consolidated billing features enabled. Calling this operation 6684// sends a handshake to every invited account in the organization. The feature 6685// set change can be finalized and the additional features enabled only after 6686// all administrators in the invited accounts approve the change by accepting 6687// the handshake. 6688// 6689// After you enable all features, you can separately enable or disable individual 6690// policy types in a root using EnablePolicyType and DisablePolicyType. To see 6691// the status of policy types in a root, use ListRoots. 6692// 6693// After all invited member accounts accept the handshake, you finalize the 6694// feature set change by accepting the handshake that contains "Action": "ENABLE_ALL_FEATURES". 6695// This completes the change. 6696// 6697// After you enable all features in your organization, the management account 6698// in the organization can apply policies on all member accounts. These policies 6699// can restrict what users and even administrators in those accounts can do. 6700// The management account can apply policies that prevent accounts from leaving 6701// the organization. Ensure that your account administrators are aware of this. 6702// 6703// This operation can be called only from the organization's management account. 6704// 6705// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 6706// with awserr.Error's Code and Message methods to get detailed information about 6707// the error. 6708// 6709// See the AWS API reference guide for AWS Organizations's 6710// API operation EnableAllFeatures for usage and error information. 6711// 6712// Returned Error Types: 6713// * AccessDeniedException 6714// You don't have permissions to perform the requested operation. The user or 6715// role that is making the request must have at least one IAM permissions policy 6716// attached that grants the required permissions. For more information, see 6717// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 6718// in the IAM User Guide. 6719// 6720// * AWSOrganizationsNotInUseException 6721// Your account isn't a member of an organization. To make this request, you 6722// must use the credentials of an account that belongs to an organization. 6723// 6724// * ConcurrentModificationException 6725// The target of the operation is currently being modified by a different request. 6726// Try again later. 6727// 6728// * HandshakeConstraintViolationException 6729// The requested operation would violate the constraint identified in the reason 6730// code. 6731// 6732// Some of the reasons in the following list might not be applicable to this 6733// specific API or operation: 6734// 6735// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 6736// the number of accounts in an organization. Note that deleted and closed 6737// accounts still count toward your limit. If you get this exception immediately 6738// after creating the organization, wait one hour and try again. If after 6739// an hour it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/). 6740// 6741// * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because 6742// the invited account is already a member of an organization. 6743// 6744// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 6745// handshakes that you can send in one day. 6746// 6747// * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations 6748// to join an organization while it's in the process of enabling all features. 6749// You can resume inviting accounts after you finalize the process when all 6750// accounts have agreed to the change. 6751// 6752// * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid 6753// because the organization has already enabled all features. 6754// 6755// * ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake 6756// request is invalid because the organization has already started the process 6757// to enable all features. 6758// 6759// * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because 6760// the account is from a different marketplace than the accounts in the organization. 6761// For example, accounts with India addresses must be associated with the 6762// AISPL marketplace. All accounts in an organization must be from the same 6763// marketplace. 6764// 6765// * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to 6766// change the membership of an account too quickly after its previous change. 6767// 6768// * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an 6769// account that doesn't have a payment instrument, such as a credit card, 6770// associated with it. 6771// 6772// * InvalidInputException 6773// The requested operation failed because you provided invalid values for one 6774// or more of the request parameters. This exception includes a reason that 6775// contains additional information about the violated limit: 6776// 6777// Some of the reasons in the following list might not be applicable to this 6778// specific API or operation. 6779// 6780// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 6781// the same entity. 6782// 6783// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 6784// can't be modified. 6785// 6786// * INPUT_REQUIRED: You must include a value for all required parameters. 6787// 6788// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 6789// for the invited account owner. 6790// 6791// * INVALID_ENUM: You specified an invalid value. 6792// 6793// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 6794// 6795// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 6796// characters. 6797// 6798// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 6799// at least one invalid value. 6800// 6801// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 6802// from the response to a previous call of the operation. 6803// 6804// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 6805// organization, or email) as a party. 6806// 6807// * INVALID_PATTERN: You provided a value that doesn't match the required 6808// pattern. 6809// 6810// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 6811// match the required pattern. 6812// 6813// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 6814// name can't begin with the reserved prefix AWSServiceRoleFor. 6815// 6816// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 6817// Name (ARN) for the organization. 6818// 6819// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 6820// 6821// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 6822// tag. You can’t add, edit, or delete system tag keys because they're 6823// reserved for AWS use. System tags don’t count against your tags per 6824// resource limit. 6825// 6826// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 6827// for the operation. 6828// 6829// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 6830// than allowed. 6831// 6832// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 6833// value than allowed. 6834// 6835// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 6836// than allowed. 6837// 6838// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 6839// value than allowed. 6840// 6841// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 6842// between entities in the same root. 6843// 6844// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 6845// target entity. 6846// 6847// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 6848// isn't recognized. 6849// 6850// * ServiceException 6851// AWS Organizations can't complete your request because of an internal service 6852// error. Try again later. 6853// 6854// * TooManyRequestsException 6855// You have sent too many requests in too short a period of time. The quota 6856// helps protect against denial-of-service attacks. Try again later. 6857// 6858// For information about quotas that affect AWS Organizations, see Quotas for 6859// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 6860// the AWS Organizations User Guide. 6861// 6862// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAllFeatures 6863func (c *Organizations) EnableAllFeatures(input *EnableAllFeaturesInput) (*EnableAllFeaturesOutput, error) { 6864 req, out := c.EnableAllFeaturesRequest(input) 6865 return out, req.Send() 6866} 6867 6868// EnableAllFeaturesWithContext is the same as EnableAllFeatures with the addition of 6869// the ability to pass a context and additional request options. 6870// 6871// See EnableAllFeatures for details on how to use this API operation. 6872// 6873// The context must be non-nil and will be used for request cancellation. If 6874// the context is nil a panic will occur. In the future the SDK may create 6875// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 6876// for more information on using Contexts. 6877func (c *Organizations) EnableAllFeaturesWithContext(ctx aws.Context, input *EnableAllFeaturesInput, opts ...request.Option) (*EnableAllFeaturesOutput, error) { 6878 req, out := c.EnableAllFeaturesRequest(input) 6879 req.SetContext(ctx) 6880 req.ApplyOptions(opts...) 6881 return out, req.Send() 6882} 6883 6884const opEnablePolicyType = "EnablePolicyType" 6885 6886// EnablePolicyTypeRequest generates a "aws/request.Request" representing the 6887// client's request for the EnablePolicyType operation. The "output" return 6888// value will be populated with the request's response once the request completes 6889// successfully. 6890// 6891// Use "Send" method on the returned Request to send the API call to the service. 6892// the "output" return value is not valid until after Send returns without error. 6893// 6894// See EnablePolicyType for more information on using the EnablePolicyType 6895// API call, and error handling. 6896// 6897// This method is useful when you want to inject custom logic or configuration 6898// into the SDK's request lifecycle. Such as custom headers, or retry logic. 6899// 6900// 6901// // Example sending a request using the EnablePolicyTypeRequest method. 6902// req, resp := client.EnablePolicyTypeRequest(params) 6903// 6904// err := req.Send() 6905// if err == nil { // resp is now filled 6906// fmt.Println(resp) 6907// } 6908// 6909// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyType 6910func (c *Organizations) EnablePolicyTypeRequest(input *EnablePolicyTypeInput) (req *request.Request, output *EnablePolicyTypeOutput) { 6911 op := &request.Operation{ 6912 Name: opEnablePolicyType, 6913 HTTPMethod: "POST", 6914 HTTPPath: "/", 6915 } 6916 6917 if input == nil { 6918 input = &EnablePolicyTypeInput{} 6919 } 6920 6921 output = &EnablePolicyTypeOutput{} 6922 req = c.newRequest(op, input, output) 6923 return 6924} 6925 6926// EnablePolicyType API operation for AWS Organizations. 6927// 6928// Enables a policy type in a root. After you enable a policy type in a root, 6929// you can attach policies of that type to the root, any organizational unit 6930// (OU), or account in that root. You can undo this by using the DisablePolicyType 6931// operation. 6932// 6933// This is an asynchronous request that AWS performs in the background. AWS 6934// recommends that you first use ListRoots to see the status of policy types 6935// for a specified root, and then use this operation. 6936// 6937// This operation can be called only from the organization's management account. 6938// 6939// You can enable a policy type in a root only if that policy type is available 6940// in the organization. To view the status of available policy types in the 6941// organization, use DescribeOrganization. 6942// 6943// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 6944// with awserr.Error's Code and Message methods to get detailed information about 6945// the error. 6946// 6947// See the AWS API reference guide for AWS Organizations's 6948// API operation EnablePolicyType for usage and error information. 6949// 6950// Returned Error Types: 6951// * AccessDeniedException 6952// You don't have permissions to perform the requested operation. The user or 6953// role that is making the request must have at least one IAM permissions policy 6954// attached that grants the required permissions. For more information, see 6955// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 6956// in the IAM User Guide. 6957// 6958// * AWSOrganizationsNotInUseException 6959// Your account isn't a member of an organization. To make this request, you 6960// must use the credentials of an account that belongs to an organization. 6961// 6962// * ConcurrentModificationException 6963// The target of the operation is currently being modified by a different request. 6964// Try again later. 6965// 6966// * ConstraintViolationException 6967// Performing this operation violates a minimum or maximum value limit. For 6968// example, attempting to remove the last service control policy (SCP) from 6969// an OU or root, inviting or creating too many accounts to the organization, 6970// or attaching too many policies to an account, OU, or root. This exception 6971// includes a reason that contains additional information about the violated 6972// limit: 6973// 6974// Some of the reasons in the following list might not be applicable to this 6975// specific API or operation. 6976// 6977// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 6978// account from the organization. You can't remove the management account. 6979// Instead, after you remove all member accounts, delete the organization 6980// itself. 6981// 6982// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 6983// from the organization that doesn't yet have enough information to exist 6984// as a standalone account. This account requires you to first agree to the 6985// AWS Customer Agreement. Follow the steps at Removing a member account 6986// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 6987// the AWS Organizations User Guide. 6988// 6989// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 6990// an account from the organization that doesn't yet have enough information 6991// to exist as a standalone account. This account requires you to first complete 6992// phone verification. Follow the steps at Removing a member account from 6993// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 6994// in the AWS Organizations User Guide. 6995// 6996// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 6997// of accounts that you can create in one day. 6998// 6999// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 7000// the number of accounts in an organization. If you need more accounts, 7001// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 7002// request an increase in your limit. Or the number of invitations that you 7003// tried to send would cause you to exceed the limit of accounts in your 7004// organization. Send fewer invitations or contact AWS Support to request 7005// an increase in the number of accounts. Deleted and closed accounts still 7006// count toward your limit. If you get this exception when running a command 7007// immediately after creating the organization, wait one hour and try again. 7008// After an hour, if the command continues to fail with this error, contact 7009// AWS Support (https://console.aws.amazon.com/support/home#/). 7010// 7011// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 7012// register the management account of the organization as a delegated administrator 7013// for an AWS service integrated with Organizations. You can designate only 7014// a member account as a delegated administrator. 7015// 7016// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 7017// an account that is registered as a delegated administrator for a service 7018// integrated with your organization. To complete this operation, you must 7019// first deregister this account as a delegated administrator. 7020// 7021// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 7022// organization in the specified region, you must enable all features mode. 7023// 7024// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 7025// an AWS account as a delegated administrator for an AWS service that already 7026// has a delegated administrator. To complete this operation, you must first 7027// deregister any existing delegated administrators for this service. 7028// 7029// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 7030// valid for a limited period of time. You must resubmit the request and 7031// generate a new verfication code. 7032// 7033// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 7034// handshakes that you can send in one day. 7035// 7036// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 7037// in this organization, you first must migrate the organization's management 7038// account to the marketplace that corresponds to the management account's 7039// address. For example, accounts with India addresses must be associated 7040// with the AISPL marketplace. All accounts in an organization must be associated 7041// with the same marketplace. 7042// 7043// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 7044// in China. To create an organization, the master must have a valid business 7045// license. For more information, contact customer support. 7046// 7047// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 7048// must first provide a valid contact address and phone number for the management 7049// account. Then try the operation again. 7050// 7051// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 7052// management account must have an associated account in the AWS GovCloud 7053// (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 7054// in the AWS GovCloud User Guide. 7055// 7056// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 7057// with this management account, you first must associate a valid payment 7058// instrument, such as a credit card, with the account. Follow the steps 7059// at To leave an organization when all required account information has 7060// not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 7061// in the AWS Organizations User Guide. 7062// 7063// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 7064// to register more delegated administrators than allowed for the service 7065// principal. 7066// 7067// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 7068// number of policies of a certain type that can be attached to an entity 7069// at one time. 7070// 7071// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 7072// on this resource. 7073// 7074// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 7075// with this member account, you first must associate a valid payment instrument, 7076// such as a credit card, with the account. Follow the steps at To leave 7077// an organization when all required account information has not yet been 7078// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 7079// in the AWS Organizations User Guide. 7080// 7081// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 7082// policy from an entity that would cause the entity to have fewer than the 7083// minimum number of policies of a certain type required. 7084// 7085// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 7086// that requires the organization to be configured to support all features. 7087// An organization that supports only consolidated billing features can't 7088// perform this operation. 7089// 7090// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 7091// too many levels deep. 7092// 7093// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 7094// that you can have in an organization. 7095// 7096// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 7097// is larger than the maximum size. 7098// 7099// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 7100// policies that you can have in an organization. 7101// 7102// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 7103// tags that are not compliant with the tag policy requirements for this 7104// account. 7105// 7106// * InvalidInputException 7107// The requested operation failed because you provided invalid values for one 7108// or more of the request parameters. This exception includes a reason that 7109// contains additional information about the violated limit: 7110// 7111// Some of the reasons in the following list might not be applicable to this 7112// specific API or operation. 7113// 7114// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 7115// the same entity. 7116// 7117// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 7118// can't be modified. 7119// 7120// * INPUT_REQUIRED: You must include a value for all required parameters. 7121// 7122// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 7123// for the invited account owner. 7124// 7125// * INVALID_ENUM: You specified an invalid value. 7126// 7127// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 7128// 7129// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 7130// characters. 7131// 7132// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 7133// at least one invalid value. 7134// 7135// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 7136// from the response to a previous call of the operation. 7137// 7138// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 7139// organization, or email) as a party. 7140// 7141// * INVALID_PATTERN: You provided a value that doesn't match the required 7142// pattern. 7143// 7144// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 7145// match the required pattern. 7146// 7147// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 7148// name can't begin with the reserved prefix AWSServiceRoleFor. 7149// 7150// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 7151// Name (ARN) for the organization. 7152// 7153// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 7154// 7155// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 7156// tag. You can’t add, edit, or delete system tag keys because they're 7157// reserved for AWS use. System tags don’t count against your tags per 7158// resource limit. 7159// 7160// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 7161// for the operation. 7162// 7163// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 7164// than allowed. 7165// 7166// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 7167// value than allowed. 7168// 7169// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 7170// than allowed. 7171// 7172// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 7173// value than allowed. 7174// 7175// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 7176// between entities in the same root. 7177// 7178// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 7179// target entity. 7180// 7181// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 7182// isn't recognized. 7183// 7184// * PolicyTypeAlreadyEnabledException 7185// The specified policy type is already enabled in the specified root. 7186// 7187// * RootNotFoundException 7188// We can't find a root with the RootId that you specified. 7189// 7190// * ServiceException 7191// AWS Organizations can't complete your request because of an internal service 7192// error. Try again later. 7193// 7194// * TooManyRequestsException 7195// You have sent too many requests in too short a period of time. The quota 7196// helps protect against denial-of-service attacks. Try again later. 7197// 7198// For information about quotas that affect AWS Organizations, see Quotas for 7199// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 7200// the AWS Organizations User Guide. 7201// 7202// * PolicyTypeNotAvailableForOrganizationException 7203// You can't use the specified policy type with the feature set currently enabled 7204// for this organization. For example, you can enable SCPs only after you enable 7205// all features in the organization. For more information, see Managing AWS 7206// Organizations Policies (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root)in 7207// the AWS Organizations User Guide. 7208// 7209// * UnsupportedAPIEndpointException 7210// This action isn't available in the current AWS Region. 7211// 7212// * PolicyChangesInProgressException 7213// Changes to the effective policy are in progress, and its contents can't be 7214// returned. Try the operation again later. 7215// 7216// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyType 7217func (c *Organizations) EnablePolicyType(input *EnablePolicyTypeInput) (*EnablePolicyTypeOutput, error) { 7218 req, out := c.EnablePolicyTypeRequest(input) 7219 return out, req.Send() 7220} 7221 7222// EnablePolicyTypeWithContext is the same as EnablePolicyType with the addition of 7223// the ability to pass a context and additional request options. 7224// 7225// See EnablePolicyType for details on how to use this API operation. 7226// 7227// The context must be non-nil and will be used for request cancellation. If 7228// the context is nil a panic will occur. In the future the SDK may create 7229// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 7230// for more information on using Contexts. 7231func (c *Organizations) EnablePolicyTypeWithContext(ctx aws.Context, input *EnablePolicyTypeInput, opts ...request.Option) (*EnablePolicyTypeOutput, error) { 7232 req, out := c.EnablePolicyTypeRequest(input) 7233 req.SetContext(ctx) 7234 req.ApplyOptions(opts...) 7235 return out, req.Send() 7236} 7237 7238const opInviteAccountToOrganization = "InviteAccountToOrganization" 7239 7240// InviteAccountToOrganizationRequest generates a "aws/request.Request" representing the 7241// client's request for the InviteAccountToOrganization operation. The "output" return 7242// value will be populated with the request's response once the request completes 7243// successfully. 7244// 7245// Use "Send" method on the returned Request to send the API call to the service. 7246// the "output" return value is not valid until after Send returns without error. 7247// 7248// See InviteAccountToOrganization for more information on using the InviteAccountToOrganization 7249// API call, and error handling. 7250// 7251// This method is useful when you want to inject custom logic or configuration 7252// into the SDK's request lifecycle. Such as custom headers, or retry logic. 7253// 7254// 7255// // Example sending a request using the InviteAccountToOrganizationRequest method. 7256// req, resp := client.InviteAccountToOrganizationRequest(params) 7257// 7258// err := req.Send() 7259// if err == nil { // resp is now filled 7260// fmt.Println(resp) 7261// } 7262// 7263// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/InviteAccountToOrganization 7264func (c *Organizations) InviteAccountToOrganizationRequest(input *InviteAccountToOrganizationInput) (req *request.Request, output *InviteAccountToOrganizationOutput) { 7265 op := &request.Operation{ 7266 Name: opInviteAccountToOrganization, 7267 HTTPMethod: "POST", 7268 HTTPPath: "/", 7269 } 7270 7271 if input == nil { 7272 input = &InviteAccountToOrganizationInput{} 7273 } 7274 7275 output = &InviteAccountToOrganizationOutput{} 7276 req = c.newRequest(op, input, output) 7277 return 7278} 7279 7280// InviteAccountToOrganization API operation for AWS Organizations. 7281// 7282// Sends an invitation to another account to join your organization as a member 7283// account. AWS Organizations sends email on your behalf to the email address 7284// that is associated with the other account's owner. The invitation is implemented 7285// as a Handshake whose details are in the response. 7286// 7287// * You can invite AWS accounts only from the same seller as the management 7288// account. For example, if your organization's management account was created 7289// by Amazon Internet Services Pvt. Ltd (AISPL), an AWS seller in India, 7290// you can invite only other AISPL accounts to your organization. You can't 7291// combine accounts from AISPL and AWS or from any other AWS seller. For 7292// more information, see Consolidated Billing in India (http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/useconsolidatedbilliing-India.html). 7293// 7294// * If you receive an exception that indicates that you exceeded your account 7295// limits for the organization or that the operation failed because your 7296// organization is still initializing, wait one hour and then try again. 7297// If the error persists after an hour, contact AWS Support (https://console.aws.amazon.com/support/home#/). 7298// 7299// If the request includes tags, then the requester must have the organizations:TagResource 7300// permission. 7301// 7302// This operation can be called only from the organization's management account. 7303// 7304// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 7305// with awserr.Error's Code and Message methods to get detailed information about 7306// the error. 7307// 7308// See the AWS API reference guide for AWS Organizations's 7309// API operation InviteAccountToOrganization for usage and error information. 7310// 7311// Returned Error Types: 7312// * AccessDeniedException 7313// You don't have permissions to perform the requested operation. The user or 7314// role that is making the request must have at least one IAM permissions policy 7315// attached that grants the required permissions. For more information, see 7316// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 7317// in the IAM User Guide. 7318// 7319// * AWSOrganizationsNotInUseException 7320// Your account isn't a member of an organization. To make this request, you 7321// must use the credentials of an account that belongs to an organization. 7322// 7323// * AccountOwnerNotVerifiedException 7324// You can't invite an existing account to your organization until you verify 7325// that you own the email address associated with the management account. For 7326// more information, see Email Address Verification (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_create.html#about-email-verification) 7327// in the AWS Organizations User Guide. 7328// 7329// * ConcurrentModificationException 7330// The target of the operation is currently being modified by a different request. 7331// Try again later. 7332// 7333// * HandshakeConstraintViolationException 7334// The requested operation would violate the constraint identified in the reason 7335// code. 7336// 7337// Some of the reasons in the following list might not be applicable to this 7338// specific API or operation: 7339// 7340// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 7341// the number of accounts in an organization. Note that deleted and closed 7342// accounts still count toward your limit. If you get this exception immediately 7343// after creating the organization, wait one hour and try again. If after 7344// an hour it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/). 7345// 7346// * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because 7347// the invited account is already a member of an organization. 7348// 7349// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 7350// handshakes that you can send in one day. 7351// 7352// * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations 7353// to join an organization while it's in the process of enabling all features. 7354// You can resume inviting accounts after you finalize the process when all 7355// accounts have agreed to the change. 7356// 7357// * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid 7358// because the organization has already enabled all features. 7359// 7360// * ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake 7361// request is invalid because the organization has already started the process 7362// to enable all features. 7363// 7364// * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because 7365// the account is from a different marketplace than the accounts in the organization. 7366// For example, accounts with India addresses must be associated with the 7367// AISPL marketplace. All accounts in an organization must be from the same 7368// marketplace. 7369// 7370// * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to 7371// change the membership of an account too quickly after its previous change. 7372// 7373// * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an 7374// account that doesn't have a payment instrument, such as a credit card, 7375// associated with it. 7376// 7377// * DuplicateHandshakeException 7378// A handshake with the same action and target already exists. For example, 7379// if you invited an account to join your organization, the invited account 7380// might already have a pending invitation from this organization. If you intend 7381// to resend an invitation to an account, ensure that existing handshakes that 7382// might be considered duplicates are canceled or declined. 7383// 7384// * ConstraintViolationException 7385// Performing this operation violates a minimum or maximum value limit. For 7386// example, attempting to remove the last service control policy (SCP) from 7387// an OU or root, inviting or creating too many accounts to the organization, 7388// or attaching too many policies to an account, OU, or root. This exception 7389// includes a reason that contains additional information about the violated 7390// limit: 7391// 7392// Some of the reasons in the following list might not be applicable to this 7393// specific API or operation. 7394// 7395// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 7396// account from the organization. You can't remove the management account. 7397// Instead, after you remove all member accounts, delete the organization 7398// itself. 7399// 7400// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 7401// from the organization that doesn't yet have enough information to exist 7402// as a standalone account. This account requires you to first agree to the 7403// AWS Customer Agreement. Follow the steps at Removing a member account 7404// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 7405// the AWS Organizations User Guide. 7406// 7407// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 7408// an account from the organization that doesn't yet have enough information 7409// to exist as a standalone account. This account requires you to first complete 7410// phone verification. Follow the steps at Removing a member account from 7411// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 7412// in the AWS Organizations User Guide. 7413// 7414// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 7415// of accounts that you can create in one day. 7416// 7417// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 7418// the number of accounts in an organization. If you need more accounts, 7419// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 7420// request an increase in your limit. Or the number of invitations that you 7421// tried to send would cause you to exceed the limit of accounts in your 7422// organization. Send fewer invitations or contact AWS Support to request 7423// an increase in the number of accounts. Deleted and closed accounts still 7424// count toward your limit. If you get this exception when running a command 7425// immediately after creating the organization, wait one hour and try again. 7426// After an hour, if the command continues to fail with this error, contact 7427// AWS Support (https://console.aws.amazon.com/support/home#/). 7428// 7429// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 7430// register the management account of the organization as a delegated administrator 7431// for an AWS service integrated with Organizations. You can designate only 7432// a member account as a delegated administrator. 7433// 7434// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 7435// an account that is registered as a delegated administrator for a service 7436// integrated with your organization. To complete this operation, you must 7437// first deregister this account as a delegated administrator. 7438// 7439// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 7440// organization in the specified region, you must enable all features mode. 7441// 7442// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 7443// an AWS account as a delegated administrator for an AWS service that already 7444// has a delegated administrator. To complete this operation, you must first 7445// deregister any existing delegated administrators for this service. 7446// 7447// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 7448// valid for a limited period of time. You must resubmit the request and 7449// generate a new verfication code. 7450// 7451// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 7452// handshakes that you can send in one day. 7453// 7454// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 7455// in this organization, you first must migrate the organization's management 7456// account to the marketplace that corresponds to the management account's 7457// address. For example, accounts with India addresses must be associated 7458// with the AISPL marketplace. All accounts in an organization must be associated 7459// with the same marketplace. 7460// 7461// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 7462// in China. To create an organization, the master must have a valid business 7463// license. For more information, contact customer support. 7464// 7465// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 7466// must first provide a valid contact address and phone number for the management 7467// account. Then try the operation again. 7468// 7469// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 7470// management account must have an associated account in the AWS GovCloud 7471// (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 7472// in the AWS GovCloud User Guide. 7473// 7474// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 7475// with this management account, you first must associate a valid payment 7476// instrument, such as a credit card, with the account. Follow the steps 7477// at To leave an organization when all required account information has 7478// not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 7479// in the AWS Organizations User Guide. 7480// 7481// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 7482// to register more delegated administrators than allowed for the service 7483// principal. 7484// 7485// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 7486// number of policies of a certain type that can be attached to an entity 7487// at one time. 7488// 7489// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 7490// on this resource. 7491// 7492// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 7493// with this member account, you first must associate a valid payment instrument, 7494// such as a credit card, with the account. Follow the steps at To leave 7495// an organization when all required account information has not yet been 7496// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 7497// in the AWS Organizations User Guide. 7498// 7499// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 7500// policy from an entity that would cause the entity to have fewer than the 7501// minimum number of policies of a certain type required. 7502// 7503// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 7504// that requires the organization to be configured to support all features. 7505// An organization that supports only consolidated billing features can't 7506// perform this operation. 7507// 7508// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 7509// too many levels deep. 7510// 7511// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 7512// that you can have in an organization. 7513// 7514// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 7515// is larger than the maximum size. 7516// 7517// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 7518// policies that you can have in an organization. 7519// 7520// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 7521// tags that are not compliant with the tag policy requirements for this 7522// account. 7523// 7524// * InvalidInputException 7525// The requested operation failed because you provided invalid values for one 7526// or more of the request parameters. This exception includes a reason that 7527// contains additional information about the violated limit: 7528// 7529// Some of the reasons in the following list might not be applicable to this 7530// specific API or operation. 7531// 7532// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 7533// the same entity. 7534// 7535// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 7536// can't be modified. 7537// 7538// * INPUT_REQUIRED: You must include a value for all required parameters. 7539// 7540// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 7541// for the invited account owner. 7542// 7543// * INVALID_ENUM: You specified an invalid value. 7544// 7545// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 7546// 7547// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 7548// characters. 7549// 7550// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 7551// at least one invalid value. 7552// 7553// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 7554// from the response to a previous call of the operation. 7555// 7556// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 7557// organization, or email) as a party. 7558// 7559// * INVALID_PATTERN: You provided a value that doesn't match the required 7560// pattern. 7561// 7562// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 7563// match the required pattern. 7564// 7565// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 7566// name can't begin with the reserved prefix AWSServiceRoleFor. 7567// 7568// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 7569// Name (ARN) for the organization. 7570// 7571// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 7572// 7573// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 7574// tag. You can’t add, edit, or delete system tag keys because they're 7575// reserved for AWS use. System tags don’t count against your tags per 7576// resource limit. 7577// 7578// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 7579// for the operation. 7580// 7581// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 7582// than allowed. 7583// 7584// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 7585// value than allowed. 7586// 7587// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 7588// than allowed. 7589// 7590// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 7591// value than allowed. 7592// 7593// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 7594// between entities in the same root. 7595// 7596// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 7597// target entity. 7598// 7599// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 7600// isn't recognized. 7601// 7602// * FinalizingOrganizationException 7603// AWS Organizations couldn't perform the operation because your organization 7604// hasn't finished initializing. This can take up to an hour. Try again later. 7605// If after one hour you continue to receive this error, contact AWS Support 7606// (https://console.aws.amazon.com/support/home#/). 7607// 7608// * ServiceException 7609// AWS Organizations can't complete your request because of an internal service 7610// error. Try again later. 7611// 7612// * TooManyRequestsException 7613// You have sent too many requests in too short a period of time. The quota 7614// helps protect against denial-of-service attacks. Try again later. 7615// 7616// For information about quotas that affect AWS Organizations, see Quotas for 7617// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 7618// the AWS Organizations User Guide. 7619// 7620// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/InviteAccountToOrganization 7621func (c *Organizations) InviteAccountToOrganization(input *InviteAccountToOrganizationInput) (*InviteAccountToOrganizationOutput, error) { 7622 req, out := c.InviteAccountToOrganizationRequest(input) 7623 return out, req.Send() 7624} 7625 7626// InviteAccountToOrganizationWithContext is the same as InviteAccountToOrganization with the addition of 7627// the ability to pass a context and additional request options. 7628// 7629// See InviteAccountToOrganization for details on how to use this API operation. 7630// 7631// The context must be non-nil and will be used for request cancellation. If 7632// the context is nil a panic will occur. In the future the SDK may create 7633// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 7634// for more information on using Contexts. 7635func (c *Organizations) InviteAccountToOrganizationWithContext(ctx aws.Context, input *InviteAccountToOrganizationInput, opts ...request.Option) (*InviteAccountToOrganizationOutput, error) { 7636 req, out := c.InviteAccountToOrganizationRequest(input) 7637 req.SetContext(ctx) 7638 req.ApplyOptions(opts...) 7639 return out, req.Send() 7640} 7641 7642const opLeaveOrganization = "LeaveOrganization" 7643 7644// LeaveOrganizationRequest generates a "aws/request.Request" representing the 7645// client's request for the LeaveOrganization operation. The "output" return 7646// value will be populated with the request's response once the request completes 7647// successfully. 7648// 7649// Use "Send" method on the returned Request to send the API call to the service. 7650// the "output" return value is not valid until after Send returns without error. 7651// 7652// See LeaveOrganization for more information on using the LeaveOrganization 7653// API call, and error handling. 7654// 7655// This method is useful when you want to inject custom logic or configuration 7656// into the SDK's request lifecycle. Such as custom headers, or retry logic. 7657// 7658// 7659// // Example sending a request using the LeaveOrganizationRequest method. 7660// req, resp := client.LeaveOrganizationRequest(params) 7661// 7662// err := req.Send() 7663// if err == nil { // resp is now filled 7664// fmt.Println(resp) 7665// } 7666// 7667// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/LeaveOrganization 7668func (c *Organizations) LeaveOrganizationRequest(input *LeaveOrganizationInput) (req *request.Request, output *LeaveOrganizationOutput) { 7669 op := &request.Operation{ 7670 Name: opLeaveOrganization, 7671 HTTPMethod: "POST", 7672 HTTPPath: "/", 7673 } 7674 7675 if input == nil { 7676 input = &LeaveOrganizationInput{} 7677 } 7678 7679 output = &LeaveOrganizationOutput{} 7680 req = c.newRequest(op, input, output) 7681 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 7682 return 7683} 7684 7685// LeaveOrganization API operation for AWS Organizations. 7686// 7687// Removes a member account from its parent organization. This version of the 7688// operation is performed by the account that wants to leave. To remove a member 7689// account as a user in the management account, use RemoveAccountFromOrganization 7690// instead. 7691// 7692// This operation can be called only from a member account in the organization. 7693// 7694// * The management account in an organization with all features enabled 7695// can set service control policies (SCPs) that can restrict what administrators 7696// of member accounts can do. This includes preventing them from successfully 7697// calling LeaveOrganization and leaving the organization. 7698// 7699// * You can leave an organization as a member account only if the account 7700// is configured with the information required to operate as a standalone 7701// account. When you create an account in an organization using the AWS Organizations 7702// console, API, or CLI commands, the information required of standalone 7703// accounts is not automatically collected. For each account that you want 7704// to make standalone, you must perform the following steps. If any of the 7705// steps are already completed for this account, that step doesn't appear. 7706// Choose a support plan Provide and verify the required contact information 7707// Provide a current payment method AWS uses the payment method to charge 7708// for any billable (not free tier) AWS activity that occurs while the account 7709// isn't attached to an organization. Follow the steps at To leave an organization 7710// when all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 7711// in the AWS Organizations User Guide. 7712// 7713// * The account that you want to leave must not be a delegated administrator 7714// account for any AWS service enabled for your organization. If the account 7715// is a delegated administrator, you must first change the delegated administrator 7716// account to another account that is remaining in the organization. 7717// 7718// * You can leave an organization only after you enable IAM user access 7719// to billing in your account. For more information, see Activating Access 7720// to the Billing and Cost Management Console (http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate) 7721// in the AWS Billing and Cost Management User Guide. 7722// 7723// * After the account leaves the organization, all tags that were attached 7724// to the account object in the organization are deleted. AWS accounts outside 7725// of an organization do not support tags. 7726// 7727// * A newly created account has a waiting period before it can be removed 7728// from its organization. If you get an error that indicates that a wait 7729// period is required, then try again in a few days. 7730// 7731// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 7732// with awserr.Error's Code and Message methods to get detailed information about 7733// the error. 7734// 7735// See the AWS API reference guide for AWS Organizations's 7736// API operation LeaveOrganization for usage and error information. 7737// 7738// Returned Error Types: 7739// * AccessDeniedException 7740// You don't have permissions to perform the requested operation. The user or 7741// role that is making the request must have at least one IAM permissions policy 7742// attached that grants the required permissions. For more information, see 7743// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 7744// in the IAM User Guide. 7745// 7746// * AccountNotFoundException 7747// We can't find an AWS account with the AccountId that you specified, or the 7748// account whose credentials you used to make this request isn't a member of 7749// an organization. 7750// 7751// * AWSOrganizationsNotInUseException 7752// Your account isn't a member of an organization. To make this request, you 7753// must use the credentials of an account that belongs to an organization. 7754// 7755// * ConcurrentModificationException 7756// The target of the operation is currently being modified by a different request. 7757// Try again later. 7758// 7759// * ConstraintViolationException 7760// Performing this operation violates a minimum or maximum value limit. For 7761// example, attempting to remove the last service control policy (SCP) from 7762// an OU or root, inviting or creating too many accounts to the organization, 7763// or attaching too many policies to an account, OU, or root. This exception 7764// includes a reason that contains additional information about the violated 7765// limit: 7766// 7767// Some of the reasons in the following list might not be applicable to this 7768// specific API or operation. 7769// 7770// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 7771// account from the organization. You can't remove the management account. 7772// Instead, after you remove all member accounts, delete the organization 7773// itself. 7774// 7775// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 7776// from the organization that doesn't yet have enough information to exist 7777// as a standalone account. This account requires you to first agree to the 7778// AWS Customer Agreement. Follow the steps at Removing a member account 7779// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 7780// the AWS Organizations User Guide. 7781// 7782// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 7783// an account from the organization that doesn't yet have enough information 7784// to exist as a standalone account. This account requires you to first complete 7785// phone verification. Follow the steps at Removing a member account from 7786// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 7787// in the AWS Organizations User Guide. 7788// 7789// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 7790// of accounts that you can create in one day. 7791// 7792// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 7793// the number of accounts in an organization. If you need more accounts, 7794// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 7795// request an increase in your limit. Or the number of invitations that you 7796// tried to send would cause you to exceed the limit of accounts in your 7797// organization. Send fewer invitations or contact AWS Support to request 7798// an increase in the number of accounts. Deleted and closed accounts still 7799// count toward your limit. If you get this exception when running a command 7800// immediately after creating the organization, wait one hour and try again. 7801// After an hour, if the command continues to fail with this error, contact 7802// AWS Support (https://console.aws.amazon.com/support/home#/). 7803// 7804// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 7805// register the management account of the organization as a delegated administrator 7806// for an AWS service integrated with Organizations. You can designate only 7807// a member account as a delegated administrator. 7808// 7809// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 7810// an account that is registered as a delegated administrator for a service 7811// integrated with your organization. To complete this operation, you must 7812// first deregister this account as a delegated administrator. 7813// 7814// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 7815// organization in the specified region, you must enable all features mode. 7816// 7817// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 7818// an AWS account as a delegated administrator for an AWS service that already 7819// has a delegated administrator. To complete this operation, you must first 7820// deregister any existing delegated administrators for this service. 7821// 7822// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 7823// valid for a limited period of time. You must resubmit the request and 7824// generate a new verfication code. 7825// 7826// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 7827// handshakes that you can send in one day. 7828// 7829// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 7830// in this organization, you first must migrate the organization's management 7831// account to the marketplace that corresponds to the management account's 7832// address. For example, accounts with India addresses must be associated 7833// with the AISPL marketplace. All accounts in an organization must be associated 7834// with the same marketplace. 7835// 7836// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 7837// in China. To create an organization, the master must have a valid business 7838// license. For more information, contact customer support. 7839// 7840// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 7841// must first provide a valid contact address and phone number for the management 7842// account. Then try the operation again. 7843// 7844// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 7845// management account must have an associated account in the AWS GovCloud 7846// (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 7847// in the AWS GovCloud User Guide. 7848// 7849// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 7850// with this management account, you first must associate a valid payment 7851// instrument, such as a credit card, with the account. Follow the steps 7852// at To leave an organization when all required account information has 7853// not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 7854// in the AWS Organizations User Guide. 7855// 7856// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 7857// to register more delegated administrators than allowed for the service 7858// principal. 7859// 7860// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 7861// number of policies of a certain type that can be attached to an entity 7862// at one time. 7863// 7864// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 7865// on this resource. 7866// 7867// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 7868// with this member account, you first must associate a valid payment instrument, 7869// such as a credit card, with the account. Follow the steps at To leave 7870// an organization when all required account information has not yet been 7871// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 7872// in the AWS Organizations User Guide. 7873// 7874// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 7875// policy from an entity that would cause the entity to have fewer than the 7876// minimum number of policies of a certain type required. 7877// 7878// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 7879// that requires the organization to be configured to support all features. 7880// An organization that supports only consolidated billing features can't 7881// perform this operation. 7882// 7883// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 7884// too many levels deep. 7885// 7886// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 7887// that you can have in an organization. 7888// 7889// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 7890// is larger than the maximum size. 7891// 7892// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 7893// policies that you can have in an organization. 7894// 7895// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 7896// tags that are not compliant with the tag policy requirements for this 7897// account. 7898// 7899// * InvalidInputException 7900// The requested operation failed because you provided invalid values for one 7901// or more of the request parameters. This exception includes a reason that 7902// contains additional information about the violated limit: 7903// 7904// Some of the reasons in the following list might not be applicable to this 7905// specific API or operation. 7906// 7907// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 7908// the same entity. 7909// 7910// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 7911// can't be modified. 7912// 7913// * INPUT_REQUIRED: You must include a value for all required parameters. 7914// 7915// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 7916// for the invited account owner. 7917// 7918// * INVALID_ENUM: You specified an invalid value. 7919// 7920// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 7921// 7922// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 7923// characters. 7924// 7925// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 7926// at least one invalid value. 7927// 7928// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 7929// from the response to a previous call of the operation. 7930// 7931// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 7932// organization, or email) as a party. 7933// 7934// * INVALID_PATTERN: You provided a value that doesn't match the required 7935// pattern. 7936// 7937// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 7938// match the required pattern. 7939// 7940// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 7941// name can't begin with the reserved prefix AWSServiceRoleFor. 7942// 7943// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 7944// Name (ARN) for the organization. 7945// 7946// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 7947// 7948// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 7949// tag. You can’t add, edit, or delete system tag keys because they're 7950// reserved for AWS use. System tags don’t count against your tags per 7951// resource limit. 7952// 7953// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 7954// for the operation. 7955// 7956// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 7957// than allowed. 7958// 7959// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 7960// value than allowed. 7961// 7962// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 7963// than allowed. 7964// 7965// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 7966// value than allowed. 7967// 7968// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 7969// between entities in the same root. 7970// 7971// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 7972// target entity. 7973// 7974// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 7975// isn't recognized. 7976// 7977// * MasterCannotLeaveOrganizationException 7978// You can't remove a management account from an organization. If you want the 7979// management account to become a member account in another organization, you 7980// must first delete the current organization of the management account. 7981// 7982// * ServiceException 7983// AWS Organizations can't complete your request because of an internal service 7984// error. Try again later. 7985// 7986// * TooManyRequestsException 7987// You have sent too many requests in too short a period of time. The quota 7988// helps protect against denial-of-service attacks. Try again later. 7989// 7990// For information about quotas that affect AWS Organizations, see Quotas for 7991// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 7992// the AWS Organizations User Guide. 7993// 7994// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/LeaveOrganization 7995func (c *Organizations) LeaveOrganization(input *LeaveOrganizationInput) (*LeaveOrganizationOutput, error) { 7996 req, out := c.LeaveOrganizationRequest(input) 7997 return out, req.Send() 7998} 7999 8000// LeaveOrganizationWithContext is the same as LeaveOrganization with the addition of 8001// the ability to pass a context and additional request options. 8002// 8003// See LeaveOrganization for details on how to use this API operation. 8004// 8005// The context must be non-nil and will be used for request cancellation. If 8006// the context is nil a panic will occur. In the future the SDK may create 8007// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8008// for more information on using Contexts. 8009func (c *Organizations) LeaveOrganizationWithContext(ctx aws.Context, input *LeaveOrganizationInput, opts ...request.Option) (*LeaveOrganizationOutput, error) { 8010 req, out := c.LeaveOrganizationRequest(input) 8011 req.SetContext(ctx) 8012 req.ApplyOptions(opts...) 8013 return out, req.Send() 8014} 8015 8016const opListAWSServiceAccessForOrganization = "ListAWSServiceAccessForOrganization" 8017 8018// ListAWSServiceAccessForOrganizationRequest generates a "aws/request.Request" representing the 8019// client's request for the ListAWSServiceAccessForOrganization operation. The "output" return 8020// value will be populated with the request's response once the request completes 8021// successfully. 8022// 8023// Use "Send" method on the returned Request to send the API call to the service. 8024// the "output" return value is not valid until after Send returns without error. 8025// 8026// See ListAWSServiceAccessForOrganization for more information on using the ListAWSServiceAccessForOrganization 8027// API call, and error handling. 8028// 8029// This method is useful when you want to inject custom logic or configuration 8030// into the SDK's request lifecycle. Such as custom headers, or retry logic. 8031// 8032// 8033// // Example sending a request using the ListAWSServiceAccessForOrganizationRequest method. 8034// req, resp := client.ListAWSServiceAccessForOrganizationRequest(params) 8035// 8036// err := req.Send() 8037// if err == nil { // resp is now filled 8038// fmt.Println(resp) 8039// } 8040// 8041// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAWSServiceAccessForOrganization 8042func (c *Organizations) ListAWSServiceAccessForOrganizationRequest(input *ListAWSServiceAccessForOrganizationInput) (req *request.Request, output *ListAWSServiceAccessForOrganizationOutput) { 8043 op := &request.Operation{ 8044 Name: opListAWSServiceAccessForOrganization, 8045 HTTPMethod: "POST", 8046 HTTPPath: "/", 8047 Paginator: &request.Paginator{ 8048 InputTokens: []string{"NextToken"}, 8049 OutputTokens: []string{"NextToken"}, 8050 LimitToken: "MaxResults", 8051 TruncationToken: "", 8052 }, 8053 } 8054 8055 if input == nil { 8056 input = &ListAWSServiceAccessForOrganizationInput{} 8057 } 8058 8059 output = &ListAWSServiceAccessForOrganizationOutput{} 8060 req = c.newRequest(op, input, output) 8061 return 8062} 8063 8064// ListAWSServiceAccessForOrganization API operation for AWS Organizations. 8065// 8066// Returns a list of the AWS services that you enabled to integrate with your 8067// organization. After a service on this list creates the resources that it 8068// requires for the integration, it can perform operations on your organization 8069// and its accounts. 8070// 8071// For more information about integrating other services with AWS Organizations, 8072// including the list of services that currently work with Organizations, see 8073// Integrating AWS Organizations with Other AWS Services (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html) 8074// in the AWS Organizations User Guide. 8075// 8076// This operation can be called only from the organization's management account 8077// or by a member account that is a delegated administrator for an AWS service. 8078// 8079// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 8080// with awserr.Error's Code and Message methods to get detailed information about 8081// the error. 8082// 8083// See the AWS API reference guide for AWS Organizations's 8084// API operation ListAWSServiceAccessForOrganization for usage and error information. 8085// 8086// Returned Error Types: 8087// * AccessDeniedException 8088// You don't have permissions to perform the requested operation. The user or 8089// role that is making the request must have at least one IAM permissions policy 8090// attached that grants the required permissions. For more information, see 8091// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 8092// in the IAM User Guide. 8093// 8094// * AWSOrganizationsNotInUseException 8095// Your account isn't a member of an organization. To make this request, you 8096// must use the credentials of an account that belongs to an organization. 8097// 8098// * ConstraintViolationException 8099// Performing this operation violates a minimum or maximum value limit. For 8100// example, attempting to remove the last service control policy (SCP) from 8101// an OU or root, inviting or creating too many accounts to the organization, 8102// or attaching too many policies to an account, OU, or root. This exception 8103// includes a reason that contains additional information about the violated 8104// limit: 8105// 8106// Some of the reasons in the following list might not be applicable to this 8107// specific API or operation. 8108// 8109// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 8110// account from the organization. You can't remove the management account. 8111// Instead, after you remove all member accounts, delete the organization 8112// itself. 8113// 8114// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 8115// from the organization that doesn't yet have enough information to exist 8116// as a standalone account. This account requires you to first agree to the 8117// AWS Customer Agreement. Follow the steps at Removing a member account 8118// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 8119// the AWS Organizations User Guide. 8120// 8121// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 8122// an account from the organization that doesn't yet have enough information 8123// to exist as a standalone account. This account requires you to first complete 8124// phone verification. Follow the steps at Removing a member account from 8125// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 8126// in the AWS Organizations User Guide. 8127// 8128// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 8129// of accounts that you can create in one day. 8130// 8131// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 8132// the number of accounts in an organization. If you need more accounts, 8133// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 8134// request an increase in your limit. Or the number of invitations that you 8135// tried to send would cause you to exceed the limit of accounts in your 8136// organization. Send fewer invitations or contact AWS Support to request 8137// an increase in the number of accounts. Deleted and closed accounts still 8138// count toward your limit. If you get this exception when running a command 8139// immediately after creating the organization, wait one hour and try again. 8140// After an hour, if the command continues to fail with this error, contact 8141// AWS Support (https://console.aws.amazon.com/support/home#/). 8142// 8143// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 8144// register the management account of the organization as a delegated administrator 8145// for an AWS service integrated with Organizations. You can designate only 8146// a member account as a delegated administrator. 8147// 8148// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 8149// an account that is registered as a delegated administrator for a service 8150// integrated with your organization. To complete this operation, you must 8151// first deregister this account as a delegated administrator. 8152// 8153// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 8154// organization in the specified region, you must enable all features mode. 8155// 8156// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 8157// an AWS account as a delegated administrator for an AWS service that already 8158// has a delegated administrator. To complete this operation, you must first 8159// deregister any existing delegated administrators for this service. 8160// 8161// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 8162// valid for a limited period of time. You must resubmit the request and 8163// generate a new verfication code. 8164// 8165// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 8166// handshakes that you can send in one day. 8167// 8168// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 8169// in this organization, you first must migrate the organization's management 8170// account to the marketplace that corresponds to the management account's 8171// address. For example, accounts with India addresses must be associated 8172// with the AISPL marketplace. All accounts in an organization must be associated 8173// with the same marketplace. 8174// 8175// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 8176// in China. To create an organization, the master must have a valid business 8177// license. For more information, contact customer support. 8178// 8179// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 8180// must first provide a valid contact address and phone number for the management 8181// account. Then try the operation again. 8182// 8183// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 8184// management account must have an associated account in the AWS GovCloud 8185// (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 8186// in the AWS GovCloud User Guide. 8187// 8188// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 8189// with this management account, you first must associate a valid payment 8190// instrument, such as a credit card, with the account. Follow the steps 8191// at To leave an organization when all required account information has 8192// not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 8193// in the AWS Organizations User Guide. 8194// 8195// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 8196// to register more delegated administrators than allowed for the service 8197// principal. 8198// 8199// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 8200// number of policies of a certain type that can be attached to an entity 8201// at one time. 8202// 8203// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 8204// on this resource. 8205// 8206// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 8207// with this member account, you first must associate a valid payment instrument, 8208// such as a credit card, with the account. Follow the steps at To leave 8209// an organization when all required account information has not yet been 8210// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 8211// in the AWS Organizations User Guide. 8212// 8213// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 8214// policy from an entity that would cause the entity to have fewer than the 8215// minimum number of policies of a certain type required. 8216// 8217// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 8218// that requires the organization to be configured to support all features. 8219// An organization that supports only consolidated billing features can't 8220// perform this operation. 8221// 8222// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 8223// too many levels deep. 8224// 8225// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 8226// that you can have in an organization. 8227// 8228// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 8229// is larger than the maximum size. 8230// 8231// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 8232// policies that you can have in an organization. 8233// 8234// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 8235// tags that are not compliant with the tag policy requirements for this 8236// account. 8237// 8238// * InvalidInputException 8239// The requested operation failed because you provided invalid values for one 8240// or more of the request parameters. This exception includes a reason that 8241// contains additional information about the violated limit: 8242// 8243// Some of the reasons in the following list might not be applicable to this 8244// specific API or operation. 8245// 8246// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 8247// the same entity. 8248// 8249// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 8250// can't be modified. 8251// 8252// * INPUT_REQUIRED: You must include a value for all required parameters. 8253// 8254// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 8255// for the invited account owner. 8256// 8257// * INVALID_ENUM: You specified an invalid value. 8258// 8259// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 8260// 8261// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 8262// characters. 8263// 8264// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 8265// at least one invalid value. 8266// 8267// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 8268// from the response to a previous call of the operation. 8269// 8270// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 8271// organization, or email) as a party. 8272// 8273// * INVALID_PATTERN: You provided a value that doesn't match the required 8274// pattern. 8275// 8276// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 8277// match the required pattern. 8278// 8279// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 8280// name can't begin with the reserved prefix AWSServiceRoleFor. 8281// 8282// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 8283// Name (ARN) for the organization. 8284// 8285// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 8286// 8287// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 8288// tag. You can’t add, edit, or delete system tag keys because they're 8289// reserved for AWS use. System tags don’t count against your tags per 8290// resource limit. 8291// 8292// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 8293// for the operation. 8294// 8295// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 8296// than allowed. 8297// 8298// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 8299// value than allowed. 8300// 8301// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 8302// than allowed. 8303// 8304// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 8305// value than allowed. 8306// 8307// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 8308// between entities in the same root. 8309// 8310// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 8311// target entity. 8312// 8313// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 8314// isn't recognized. 8315// 8316// * ServiceException 8317// AWS Organizations can't complete your request because of an internal service 8318// error. Try again later. 8319// 8320// * TooManyRequestsException 8321// You have sent too many requests in too short a period of time. The quota 8322// helps protect against denial-of-service attacks. Try again later. 8323// 8324// For information about quotas that affect AWS Organizations, see Quotas for 8325// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 8326// the AWS Organizations User Guide. 8327// 8328// * UnsupportedAPIEndpointException 8329// This action isn't available in the current AWS Region. 8330// 8331// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAWSServiceAccessForOrganization 8332func (c *Organizations) ListAWSServiceAccessForOrganization(input *ListAWSServiceAccessForOrganizationInput) (*ListAWSServiceAccessForOrganizationOutput, error) { 8333 req, out := c.ListAWSServiceAccessForOrganizationRequest(input) 8334 return out, req.Send() 8335} 8336 8337// ListAWSServiceAccessForOrganizationWithContext is the same as ListAWSServiceAccessForOrganization with the addition of 8338// the ability to pass a context and additional request options. 8339// 8340// See ListAWSServiceAccessForOrganization for details on how to use this API operation. 8341// 8342// The context must be non-nil and will be used for request cancellation. If 8343// the context is nil a panic will occur. In the future the SDK may create 8344// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8345// for more information on using Contexts. 8346func (c *Organizations) ListAWSServiceAccessForOrganizationWithContext(ctx aws.Context, input *ListAWSServiceAccessForOrganizationInput, opts ...request.Option) (*ListAWSServiceAccessForOrganizationOutput, error) { 8347 req, out := c.ListAWSServiceAccessForOrganizationRequest(input) 8348 req.SetContext(ctx) 8349 req.ApplyOptions(opts...) 8350 return out, req.Send() 8351} 8352 8353// ListAWSServiceAccessForOrganizationPages iterates over the pages of a ListAWSServiceAccessForOrganization operation, 8354// calling the "fn" function with the response data for each page. To stop 8355// iterating, return false from the fn function. 8356// 8357// See ListAWSServiceAccessForOrganization method for more information on how to use this operation. 8358// 8359// Note: This operation can generate multiple requests to a service. 8360// 8361// // Example iterating over at most 3 pages of a ListAWSServiceAccessForOrganization operation. 8362// pageNum := 0 8363// err := client.ListAWSServiceAccessForOrganizationPages(params, 8364// func(page *organizations.ListAWSServiceAccessForOrganizationOutput, lastPage bool) bool { 8365// pageNum++ 8366// fmt.Println(page) 8367// return pageNum <= 3 8368// }) 8369// 8370func (c *Organizations) ListAWSServiceAccessForOrganizationPages(input *ListAWSServiceAccessForOrganizationInput, fn func(*ListAWSServiceAccessForOrganizationOutput, bool) bool) error { 8371 return c.ListAWSServiceAccessForOrganizationPagesWithContext(aws.BackgroundContext(), input, fn) 8372} 8373 8374// ListAWSServiceAccessForOrganizationPagesWithContext same as ListAWSServiceAccessForOrganizationPages except 8375// it takes a Context and allows setting request options on the pages. 8376// 8377// The context must be non-nil and will be used for request cancellation. If 8378// the context is nil a panic will occur. In the future the SDK may create 8379// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8380// for more information on using Contexts. 8381func (c *Organizations) ListAWSServiceAccessForOrganizationPagesWithContext(ctx aws.Context, input *ListAWSServiceAccessForOrganizationInput, fn func(*ListAWSServiceAccessForOrganizationOutput, bool) bool, opts ...request.Option) error { 8382 p := request.Pagination{ 8383 NewRequest: func() (*request.Request, error) { 8384 var inCpy *ListAWSServiceAccessForOrganizationInput 8385 if input != nil { 8386 tmp := *input 8387 inCpy = &tmp 8388 } 8389 req, _ := c.ListAWSServiceAccessForOrganizationRequest(inCpy) 8390 req.SetContext(ctx) 8391 req.ApplyOptions(opts...) 8392 return req, nil 8393 }, 8394 } 8395 8396 for p.Next() { 8397 if !fn(p.Page().(*ListAWSServiceAccessForOrganizationOutput), !p.HasNextPage()) { 8398 break 8399 } 8400 } 8401 8402 return p.Err() 8403} 8404 8405const opListAccounts = "ListAccounts" 8406 8407// ListAccountsRequest generates a "aws/request.Request" representing the 8408// client's request for the ListAccounts operation. The "output" return 8409// value will be populated with the request's response once the request completes 8410// successfully. 8411// 8412// Use "Send" method on the returned Request to send the API call to the service. 8413// the "output" return value is not valid until after Send returns without error. 8414// 8415// See ListAccounts for more information on using the ListAccounts 8416// API call, and error handling. 8417// 8418// This method is useful when you want to inject custom logic or configuration 8419// into the SDK's request lifecycle. Such as custom headers, or retry logic. 8420// 8421// 8422// // Example sending a request using the ListAccountsRequest method. 8423// req, resp := client.ListAccountsRequest(params) 8424// 8425// err := req.Send() 8426// if err == nil { // resp is now filled 8427// fmt.Println(resp) 8428// } 8429// 8430// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccounts 8431func (c *Organizations) ListAccountsRequest(input *ListAccountsInput) (req *request.Request, output *ListAccountsOutput) { 8432 op := &request.Operation{ 8433 Name: opListAccounts, 8434 HTTPMethod: "POST", 8435 HTTPPath: "/", 8436 Paginator: &request.Paginator{ 8437 InputTokens: []string{"NextToken"}, 8438 OutputTokens: []string{"NextToken"}, 8439 LimitToken: "MaxResults", 8440 TruncationToken: "", 8441 }, 8442 } 8443 8444 if input == nil { 8445 input = &ListAccountsInput{} 8446 } 8447 8448 output = &ListAccountsOutput{} 8449 req = c.newRequest(op, input, output) 8450 return 8451} 8452 8453// ListAccounts API operation for AWS Organizations. 8454// 8455// Lists all the accounts in the organization. To request only the accounts 8456// in a specified root or organizational unit (OU), use the ListAccountsForParent 8457// operation instead. 8458// 8459// Always check the NextToken response parameter for a null value when calling 8460// a List* operation. These operations can occasionally return an empty set 8461// of results even when there are more results available. The NextToken response 8462// parameter value is null only when there are no more results to display. 8463// 8464// This operation can be called only from the organization's management account 8465// or by a member account that is a delegated administrator for an AWS service. 8466// 8467// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 8468// with awserr.Error's Code and Message methods to get detailed information about 8469// the error. 8470// 8471// See the AWS API reference guide for AWS Organizations's 8472// API operation ListAccounts for usage and error information. 8473// 8474// Returned Error Types: 8475// * AccessDeniedException 8476// You don't have permissions to perform the requested operation. The user or 8477// role that is making the request must have at least one IAM permissions policy 8478// attached that grants the required permissions. For more information, see 8479// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 8480// in the IAM User Guide. 8481// 8482// * AWSOrganizationsNotInUseException 8483// Your account isn't a member of an organization. To make this request, you 8484// must use the credentials of an account that belongs to an organization. 8485// 8486// * InvalidInputException 8487// The requested operation failed because you provided invalid values for one 8488// or more of the request parameters. This exception includes a reason that 8489// contains additional information about the violated limit: 8490// 8491// Some of the reasons in the following list might not be applicable to this 8492// specific API or operation. 8493// 8494// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 8495// the same entity. 8496// 8497// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 8498// can't be modified. 8499// 8500// * INPUT_REQUIRED: You must include a value for all required parameters. 8501// 8502// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 8503// for the invited account owner. 8504// 8505// * INVALID_ENUM: You specified an invalid value. 8506// 8507// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 8508// 8509// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 8510// characters. 8511// 8512// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 8513// at least one invalid value. 8514// 8515// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 8516// from the response to a previous call of the operation. 8517// 8518// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 8519// organization, or email) as a party. 8520// 8521// * INVALID_PATTERN: You provided a value that doesn't match the required 8522// pattern. 8523// 8524// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 8525// match the required pattern. 8526// 8527// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 8528// name can't begin with the reserved prefix AWSServiceRoleFor. 8529// 8530// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 8531// Name (ARN) for the organization. 8532// 8533// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 8534// 8535// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 8536// tag. You can’t add, edit, or delete system tag keys because they're 8537// reserved for AWS use. System tags don’t count against your tags per 8538// resource limit. 8539// 8540// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 8541// for the operation. 8542// 8543// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 8544// than allowed. 8545// 8546// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 8547// value than allowed. 8548// 8549// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 8550// than allowed. 8551// 8552// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 8553// value than allowed. 8554// 8555// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 8556// between entities in the same root. 8557// 8558// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 8559// target entity. 8560// 8561// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 8562// isn't recognized. 8563// 8564// * ServiceException 8565// AWS Organizations can't complete your request because of an internal service 8566// error. Try again later. 8567// 8568// * TooManyRequestsException 8569// You have sent too many requests in too short a period of time. The quota 8570// helps protect against denial-of-service attacks. Try again later. 8571// 8572// For information about quotas that affect AWS Organizations, see Quotas for 8573// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 8574// the AWS Organizations User Guide. 8575// 8576// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccounts 8577func (c *Organizations) ListAccounts(input *ListAccountsInput) (*ListAccountsOutput, error) { 8578 req, out := c.ListAccountsRequest(input) 8579 return out, req.Send() 8580} 8581 8582// ListAccountsWithContext is the same as ListAccounts with the addition of 8583// the ability to pass a context and additional request options. 8584// 8585// See ListAccounts for details on how to use this API operation. 8586// 8587// The context must be non-nil and will be used for request cancellation. If 8588// the context is nil a panic will occur. In the future the SDK may create 8589// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8590// for more information on using Contexts. 8591func (c *Organizations) ListAccountsWithContext(ctx aws.Context, input *ListAccountsInput, opts ...request.Option) (*ListAccountsOutput, error) { 8592 req, out := c.ListAccountsRequest(input) 8593 req.SetContext(ctx) 8594 req.ApplyOptions(opts...) 8595 return out, req.Send() 8596} 8597 8598// ListAccountsPages iterates over the pages of a ListAccounts operation, 8599// calling the "fn" function with the response data for each page. To stop 8600// iterating, return false from the fn function. 8601// 8602// See ListAccounts method for more information on how to use this operation. 8603// 8604// Note: This operation can generate multiple requests to a service. 8605// 8606// // Example iterating over at most 3 pages of a ListAccounts operation. 8607// pageNum := 0 8608// err := client.ListAccountsPages(params, 8609// func(page *organizations.ListAccountsOutput, lastPage bool) bool { 8610// pageNum++ 8611// fmt.Println(page) 8612// return pageNum <= 3 8613// }) 8614// 8615func (c *Organizations) ListAccountsPages(input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool) error { 8616 return c.ListAccountsPagesWithContext(aws.BackgroundContext(), input, fn) 8617} 8618 8619// ListAccountsPagesWithContext same as ListAccountsPages except 8620// it takes a Context and allows setting request options on the pages. 8621// 8622// The context must be non-nil and will be used for request cancellation. If 8623// the context is nil a panic will occur. In the future the SDK may create 8624// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8625// for more information on using Contexts. 8626func (c *Organizations) ListAccountsPagesWithContext(ctx aws.Context, input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool, opts ...request.Option) error { 8627 p := request.Pagination{ 8628 NewRequest: func() (*request.Request, error) { 8629 var inCpy *ListAccountsInput 8630 if input != nil { 8631 tmp := *input 8632 inCpy = &tmp 8633 } 8634 req, _ := c.ListAccountsRequest(inCpy) 8635 req.SetContext(ctx) 8636 req.ApplyOptions(opts...) 8637 return req, nil 8638 }, 8639 } 8640 8641 for p.Next() { 8642 if !fn(p.Page().(*ListAccountsOutput), !p.HasNextPage()) { 8643 break 8644 } 8645 } 8646 8647 return p.Err() 8648} 8649 8650const opListAccountsForParent = "ListAccountsForParent" 8651 8652// ListAccountsForParentRequest generates a "aws/request.Request" representing the 8653// client's request for the ListAccountsForParent operation. The "output" return 8654// value will be populated with the request's response once the request completes 8655// successfully. 8656// 8657// Use "Send" method on the returned Request to send the API call to the service. 8658// the "output" return value is not valid until after Send returns without error. 8659// 8660// See ListAccountsForParent for more information on using the ListAccountsForParent 8661// API call, and error handling. 8662// 8663// This method is useful when you want to inject custom logic or configuration 8664// into the SDK's request lifecycle. Such as custom headers, or retry logic. 8665// 8666// 8667// // Example sending a request using the ListAccountsForParentRequest method. 8668// req, resp := client.ListAccountsForParentRequest(params) 8669// 8670// err := req.Send() 8671// if err == nil { // resp is now filled 8672// fmt.Println(resp) 8673// } 8674// 8675// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccountsForParent 8676func (c *Organizations) ListAccountsForParentRequest(input *ListAccountsForParentInput) (req *request.Request, output *ListAccountsForParentOutput) { 8677 op := &request.Operation{ 8678 Name: opListAccountsForParent, 8679 HTTPMethod: "POST", 8680 HTTPPath: "/", 8681 Paginator: &request.Paginator{ 8682 InputTokens: []string{"NextToken"}, 8683 OutputTokens: []string{"NextToken"}, 8684 LimitToken: "MaxResults", 8685 TruncationToken: "", 8686 }, 8687 } 8688 8689 if input == nil { 8690 input = &ListAccountsForParentInput{} 8691 } 8692 8693 output = &ListAccountsForParentOutput{} 8694 req = c.newRequest(op, input, output) 8695 return 8696} 8697 8698// ListAccountsForParent API operation for AWS Organizations. 8699// 8700// Lists the accounts in an organization that are contained by the specified 8701// target root or organizational unit (OU). If you specify the root, you get 8702// a list of all the accounts that aren't in any OU. If you specify an OU, you 8703// get a list of all the accounts in only that OU and not in any child OUs. 8704// To get a list of all accounts in the organization, use the ListAccounts operation. 8705// 8706// Always check the NextToken response parameter for a null value when calling 8707// a List* operation. These operations can occasionally return an empty set 8708// of results even when there are more results available. The NextToken response 8709// parameter value is null only when there are no more results to display. 8710// 8711// This operation can be called only from the organization's management account 8712// or by a member account that is a delegated administrator for an AWS service. 8713// 8714// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 8715// with awserr.Error's Code and Message methods to get detailed information about 8716// the error. 8717// 8718// See the AWS API reference guide for AWS Organizations's 8719// API operation ListAccountsForParent for usage and error information. 8720// 8721// Returned Error Types: 8722// * AccessDeniedException 8723// You don't have permissions to perform the requested operation. The user or 8724// role that is making the request must have at least one IAM permissions policy 8725// attached that grants the required permissions. For more information, see 8726// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 8727// in the IAM User Guide. 8728// 8729// * AWSOrganizationsNotInUseException 8730// Your account isn't a member of an organization. To make this request, you 8731// must use the credentials of an account that belongs to an organization. 8732// 8733// * InvalidInputException 8734// The requested operation failed because you provided invalid values for one 8735// or more of the request parameters. This exception includes a reason that 8736// contains additional information about the violated limit: 8737// 8738// Some of the reasons in the following list might not be applicable to this 8739// specific API or operation. 8740// 8741// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 8742// the same entity. 8743// 8744// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 8745// can't be modified. 8746// 8747// * INPUT_REQUIRED: You must include a value for all required parameters. 8748// 8749// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 8750// for the invited account owner. 8751// 8752// * INVALID_ENUM: You specified an invalid value. 8753// 8754// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 8755// 8756// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 8757// characters. 8758// 8759// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 8760// at least one invalid value. 8761// 8762// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 8763// from the response to a previous call of the operation. 8764// 8765// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 8766// organization, or email) as a party. 8767// 8768// * INVALID_PATTERN: You provided a value that doesn't match the required 8769// pattern. 8770// 8771// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 8772// match the required pattern. 8773// 8774// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 8775// name can't begin with the reserved prefix AWSServiceRoleFor. 8776// 8777// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 8778// Name (ARN) for the organization. 8779// 8780// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 8781// 8782// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 8783// tag. You can’t add, edit, or delete system tag keys because they're 8784// reserved for AWS use. System tags don’t count against your tags per 8785// resource limit. 8786// 8787// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 8788// for the operation. 8789// 8790// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 8791// than allowed. 8792// 8793// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 8794// value than allowed. 8795// 8796// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 8797// than allowed. 8798// 8799// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 8800// value than allowed. 8801// 8802// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 8803// between entities in the same root. 8804// 8805// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 8806// target entity. 8807// 8808// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 8809// isn't recognized. 8810// 8811// * ParentNotFoundException 8812// We can't find a root or OU with the ParentId that you specified. 8813// 8814// * ServiceException 8815// AWS Organizations can't complete your request because of an internal service 8816// error. Try again later. 8817// 8818// * TooManyRequestsException 8819// You have sent too many requests in too short a period of time. The quota 8820// helps protect against denial-of-service attacks. Try again later. 8821// 8822// For information about quotas that affect AWS Organizations, see Quotas for 8823// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 8824// the AWS Organizations User Guide. 8825// 8826// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccountsForParent 8827func (c *Organizations) ListAccountsForParent(input *ListAccountsForParentInput) (*ListAccountsForParentOutput, error) { 8828 req, out := c.ListAccountsForParentRequest(input) 8829 return out, req.Send() 8830} 8831 8832// ListAccountsForParentWithContext is the same as ListAccountsForParent with the addition of 8833// the ability to pass a context and additional request options. 8834// 8835// See ListAccountsForParent for details on how to use this API operation. 8836// 8837// The context must be non-nil and will be used for request cancellation. If 8838// the context is nil a panic will occur. In the future the SDK may create 8839// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8840// for more information on using Contexts. 8841func (c *Organizations) ListAccountsForParentWithContext(ctx aws.Context, input *ListAccountsForParentInput, opts ...request.Option) (*ListAccountsForParentOutput, error) { 8842 req, out := c.ListAccountsForParentRequest(input) 8843 req.SetContext(ctx) 8844 req.ApplyOptions(opts...) 8845 return out, req.Send() 8846} 8847 8848// ListAccountsForParentPages iterates over the pages of a ListAccountsForParent operation, 8849// calling the "fn" function with the response data for each page. To stop 8850// iterating, return false from the fn function. 8851// 8852// See ListAccountsForParent method for more information on how to use this operation. 8853// 8854// Note: This operation can generate multiple requests to a service. 8855// 8856// // Example iterating over at most 3 pages of a ListAccountsForParent operation. 8857// pageNum := 0 8858// err := client.ListAccountsForParentPages(params, 8859// func(page *organizations.ListAccountsForParentOutput, lastPage bool) bool { 8860// pageNum++ 8861// fmt.Println(page) 8862// return pageNum <= 3 8863// }) 8864// 8865func (c *Organizations) ListAccountsForParentPages(input *ListAccountsForParentInput, fn func(*ListAccountsForParentOutput, bool) bool) error { 8866 return c.ListAccountsForParentPagesWithContext(aws.BackgroundContext(), input, fn) 8867} 8868 8869// ListAccountsForParentPagesWithContext same as ListAccountsForParentPages except 8870// it takes a Context and allows setting request options on the pages. 8871// 8872// The context must be non-nil and will be used for request cancellation. If 8873// the context is nil a panic will occur. In the future the SDK may create 8874// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8875// for more information on using Contexts. 8876func (c *Organizations) ListAccountsForParentPagesWithContext(ctx aws.Context, input *ListAccountsForParentInput, fn func(*ListAccountsForParentOutput, bool) bool, opts ...request.Option) error { 8877 p := request.Pagination{ 8878 NewRequest: func() (*request.Request, error) { 8879 var inCpy *ListAccountsForParentInput 8880 if input != nil { 8881 tmp := *input 8882 inCpy = &tmp 8883 } 8884 req, _ := c.ListAccountsForParentRequest(inCpy) 8885 req.SetContext(ctx) 8886 req.ApplyOptions(opts...) 8887 return req, nil 8888 }, 8889 } 8890 8891 for p.Next() { 8892 if !fn(p.Page().(*ListAccountsForParentOutput), !p.HasNextPage()) { 8893 break 8894 } 8895 } 8896 8897 return p.Err() 8898} 8899 8900const opListChildren = "ListChildren" 8901 8902// ListChildrenRequest generates a "aws/request.Request" representing the 8903// client's request for the ListChildren operation. The "output" return 8904// value will be populated with the request's response once the request completes 8905// successfully. 8906// 8907// Use "Send" method on the returned Request to send the API call to the service. 8908// the "output" return value is not valid until after Send returns without error. 8909// 8910// See ListChildren for more information on using the ListChildren 8911// API call, and error handling. 8912// 8913// This method is useful when you want to inject custom logic or configuration 8914// into the SDK's request lifecycle. Such as custom headers, or retry logic. 8915// 8916// 8917// // Example sending a request using the ListChildrenRequest method. 8918// req, resp := client.ListChildrenRequest(params) 8919// 8920// err := req.Send() 8921// if err == nil { // resp is now filled 8922// fmt.Println(resp) 8923// } 8924// 8925// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListChildren 8926func (c *Organizations) ListChildrenRequest(input *ListChildrenInput) (req *request.Request, output *ListChildrenOutput) { 8927 op := &request.Operation{ 8928 Name: opListChildren, 8929 HTTPMethod: "POST", 8930 HTTPPath: "/", 8931 Paginator: &request.Paginator{ 8932 InputTokens: []string{"NextToken"}, 8933 OutputTokens: []string{"NextToken"}, 8934 LimitToken: "MaxResults", 8935 TruncationToken: "", 8936 }, 8937 } 8938 8939 if input == nil { 8940 input = &ListChildrenInput{} 8941 } 8942 8943 output = &ListChildrenOutput{} 8944 req = c.newRequest(op, input, output) 8945 return 8946} 8947 8948// ListChildren API operation for AWS Organizations. 8949// 8950// Lists all of the organizational units (OUs) or accounts that are contained 8951// in the specified parent OU or root. This operation, along with ListParents 8952// enables you to traverse the tree structure that makes up this root. 8953// 8954// Always check the NextToken response parameter for a null value when calling 8955// a List* operation. These operations can occasionally return an empty set 8956// of results even when there are more results available. The NextToken response 8957// parameter value is null only when there are no more results to display. 8958// 8959// This operation can be called only from the organization's management account 8960// or by a member account that is a delegated administrator for an AWS service. 8961// 8962// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 8963// with awserr.Error's Code and Message methods to get detailed information about 8964// the error. 8965// 8966// See the AWS API reference guide for AWS Organizations's 8967// API operation ListChildren for usage and error information. 8968// 8969// Returned Error Types: 8970// * AccessDeniedException 8971// You don't have permissions to perform the requested operation. The user or 8972// role that is making the request must have at least one IAM permissions policy 8973// attached that grants the required permissions. For more information, see 8974// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 8975// in the IAM User Guide. 8976// 8977// * AWSOrganizationsNotInUseException 8978// Your account isn't a member of an organization. To make this request, you 8979// must use the credentials of an account that belongs to an organization. 8980// 8981// * InvalidInputException 8982// The requested operation failed because you provided invalid values for one 8983// or more of the request parameters. This exception includes a reason that 8984// contains additional information about the violated limit: 8985// 8986// Some of the reasons in the following list might not be applicable to this 8987// specific API or operation. 8988// 8989// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 8990// the same entity. 8991// 8992// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 8993// can't be modified. 8994// 8995// * INPUT_REQUIRED: You must include a value for all required parameters. 8996// 8997// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 8998// for the invited account owner. 8999// 9000// * INVALID_ENUM: You specified an invalid value. 9001// 9002// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 9003// 9004// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 9005// characters. 9006// 9007// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 9008// at least one invalid value. 9009// 9010// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 9011// from the response to a previous call of the operation. 9012// 9013// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 9014// organization, or email) as a party. 9015// 9016// * INVALID_PATTERN: You provided a value that doesn't match the required 9017// pattern. 9018// 9019// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 9020// match the required pattern. 9021// 9022// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 9023// name can't begin with the reserved prefix AWSServiceRoleFor. 9024// 9025// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 9026// Name (ARN) for the organization. 9027// 9028// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 9029// 9030// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 9031// tag. You can’t add, edit, or delete system tag keys because they're 9032// reserved for AWS use. System tags don’t count against your tags per 9033// resource limit. 9034// 9035// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 9036// for the operation. 9037// 9038// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 9039// than allowed. 9040// 9041// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 9042// value than allowed. 9043// 9044// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 9045// than allowed. 9046// 9047// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 9048// value than allowed. 9049// 9050// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 9051// between entities in the same root. 9052// 9053// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 9054// target entity. 9055// 9056// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 9057// isn't recognized. 9058// 9059// * ParentNotFoundException 9060// We can't find a root or OU with the ParentId that you specified. 9061// 9062// * ServiceException 9063// AWS Organizations can't complete your request because of an internal service 9064// error. Try again later. 9065// 9066// * TooManyRequestsException 9067// You have sent too many requests in too short a period of time. The quota 9068// helps protect against denial-of-service attacks. Try again later. 9069// 9070// For information about quotas that affect AWS Organizations, see Quotas for 9071// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 9072// the AWS Organizations User Guide. 9073// 9074// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListChildren 9075func (c *Organizations) ListChildren(input *ListChildrenInput) (*ListChildrenOutput, error) { 9076 req, out := c.ListChildrenRequest(input) 9077 return out, req.Send() 9078} 9079 9080// ListChildrenWithContext is the same as ListChildren with the addition of 9081// the ability to pass a context and additional request options. 9082// 9083// See ListChildren for details on how to use this API operation. 9084// 9085// The context must be non-nil and will be used for request cancellation. If 9086// the context is nil a panic will occur. In the future the SDK may create 9087// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9088// for more information on using Contexts. 9089func (c *Organizations) ListChildrenWithContext(ctx aws.Context, input *ListChildrenInput, opts ...request.Option) (*ListChildrenOutput, error) { 9090 req, out := c.ListChildrenRequest(input) 9091 req.SetContext(ctx) 9092 req.ApplyOptions(opts...) 9093 return out, req.Send() 9094} 9095 9096// ListChildrenPages iterates over the pages of a ListChildren operation, 9097// calling the "fn" function with the response data for each page. To stop 9098// iterating, return false from the fn function. 9099// 9100// See ListChildren method for more information on how to use this operation. 9101// 9102// Note: This operation can generate multiple requests to a service. 9103// 9104// // Example iterating over at most 3 pages of a ListChildren operation. 9105// pageNum := 0 9106// err := client.ListChildrenPages(params, 9107// func(page *organizations.ListChildrenOutput, lastPage bool) bool { 9108// pageNum++ 9109// fmt.Println(page) 9110// return pageNum <= 3 9111// }) 9112// 9113func (c *Organizations) ListChildrenPages(input *ListChildrenInput, fn func(*ListChildrenOutput, bool) bool) error { 9114 return c.ListChildrenPagesWithContext(aws.BackgroundContext(), input, fn) 9115} 9116 9117// ListChildrenPagesWithContext same as ListChildrenPages except 9118// it takes a Context and allows setting request options on the pages. 9119// 9120// The context must be non-nil and will be used for request cancellation. If 9121// the context is nil a panic will occur. In the future the SDK may create 9122// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9123// for more information on using Contexts. 9124func (c *Organizations) ListChildrenPagesWithContext(ctx aws.Context, input *ListChildrenInput, fn func(*ListChildrenOutput, bool) bool, opts ...request.Option) error { 9125 p := request.Pagination{ 9126 NewRequest: func() (*request.Request, error) { 9127 var inCpy *ListChildrenInput 9128 if input != nil { 9129 tmp := *input 9130 inCpy = &tmp 9131 } 9132 req, _ := c.ListChildrenRequest(inCpy) 9133 req.SetContext(ctx) 9134 req.ApplyOptions(opts...) 9135 return req, nil 9136 }, 9137 } 9138 9139 for p.Next() { 9140 if !fn(p.Page().(*ListChildrenOutput), !p.HasNextPage()) { 9141 break 9142 } 9143 } 9144 9145 return p.Err() 9146} 9147 9148const opListCreateAccountStatus = "ListCreateAccountStatus" 9149 9150// ListCreateAccountStatusRequest generates a "aws/request.Request" representing the 9151// client's request for the ListCreateAccountStatus operation. The "output" return 9152// value will be populated with the request's response once the request completes 9153// successfully. 9154// 9155// Use "Send" method on the returned Request to send the API call to the service. 9156// the "output" return value is not valid until after Send returns without error. 9157// 9158// See ListCreateAccountStatus for more information on using the ListCreateAccountStatus 9159// API call, and error handling. 9160// 9161// This method is useful when you want to inject custom logic or configuration 9162// into the SDK's request lifecycle. Such as custom headers, or retry logic. 9163// 9164// 9165// // Example sending a request using the ListCreateAccountStatusRequest method. 9166// req, resp := client.ListCreateAccountStatusRequest(params) 9167// 9168// err := req.Send() 9169// if err == nil { // resp is now filled 9170// fmt.Println(resp) 9171// } 9172// 9173// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus 9174func (c *Organizations) ListCreateAccountStatusRequest(input *ListCreateAccountStatusInput) (req *request.Request, output *ListCreateAccountStatusOutput) { 9175 op := &request.Operation{ 9176 Name: opListCreateAccountStatus, 9177 HTTPMethod: "POST", 9178 HTTPPath: "/", 9179 Paginator: &request.Paginator{ 9180 InputTokens: []string{"NextToken"}, 9181 OutputTokens: []string{"NextToken"}, 9182 LimitToken: "MaxResults", 9183 TruncationToken: "", 9184 }, 9185 } 9186 9187 if input == nil { 9188 input = &ListCreateAccountStatusInput{} 9189 } 9190 9191 output = &ListCreateAccountStatusOutput{} 9192 req = c.newRequest(op, input, output) 9193 return 9194} 9195 9196// ListCreateAccountStatus API operation for AWS Organizations. 9197// 9198// Lists the account creation requests that match the specified status that 9199// is currently being tracked for the organization. 9200// 9201// Always check the NextToken response parameter for a null value when calling 9202// a List* operation. These operations can occasionally return an empty set 9203// of results even when there are more results available. The NextToken response 9204// parameter value is null only when there are no more results to display. 9205// 9206// This operation can be called only from the organization's management account 9207// or by a member account that is a delegated administrator for an AWS service. 9208// 9209// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 9210// with awserr.Error's Code and Message methods to get detailed information about 9211// the error. 9212// 9213// See the AWS API reference guide for AWS Organizations's 9214// API operation ListCreateAccountStatus for usage and error information. 9215// 9216// Returned Error Types: 9217// * AccessDeniedException 9218// You don't have permissions to perform the requested operation. The user or 9219// role that is making the request must have at least one IAM permissions policy 9220// attached that grants the required permissions. For more information, see 9221// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 9222// in the IAM User Guide. 9223// 9224// * AWSOrganizationsNotInUseException 9225// Your account isn't a member of an organization. To make this request, you 9226// must use the credentials of an account that belongs to an organization. 9227// 9228// * InvalidInputException 9229// The requested operation failed because you provided invalid values for one 9230// or more of the request parameters. This exception includes a reason that 9231// contains additional information about the violated limit: 9232// 9233// Some of the reasons in the following list might not be applicable to this 9234// specific API or operation. 9235// 9236// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 9237// the same entity. 9238// 9239// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 9240// can't be modified. 9241// 9242// * INPUT_REQUIRED: You must include a value for all required parameters. 9243// 9244// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 9245// for the invited account owner. 9246// 9247// * INVALID_ENUM: You specified an invalid value. 9248// 9249// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 9250// 9251// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 9252// characters. 9253// 9254// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 9255// at least one invalid value. 9256// 9257// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 9258// from the response to a previous call of the operation. 9259// 9260// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 9261// organization, or email) as a party. 9262// 9263// * INVALID_PATTERN: You provided a value that doesn't match the required 9264// pattern. 9265// 9266// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 9267// match the required pattern. 9268// 9269// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 9270// name can't begin with the reserved prefix AWSServiceRoleFor. 9271// 9272// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 9273// Name (ARN) for the organization. 9274// 9275// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 9276// 9277// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 9278// tag. You can’t add, edit, or delete system tag keys because they're 9279// reserved for AWS use. System tags don’t count against your tags per 9280// resource limit. 9281// 9282// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 9283// for the operation. 9284// 9285// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 9286// than allowed. 9287// 9288// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 9289// value than allowed. 9290// 9291// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 9292// than allowed. 9293// 9294// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 9295// value than allowed. 9296// 9297// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 9298// between entities in the same root. 9299// 9300// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 9301// target entity. 9302// 9303// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 9304// isn't recognized. 9305// 9306// * ServiceException 9307// AWS Organizations can't complete your request because of an internal service 9308// error. Try again later. 9309// 9310// * TooManyRequestsException 9311// You have sent too many requests in too short a period of time. The quota 9312// helps protect against denial-of-service attacks. Try again later. 9313// 9314// For information about quotas that affect AWS Organizations, see Quotas for 9315// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 9316// the AWS Organizations User Guide. 9317// 9318// * UnsupportedAPIEndpointException 9319// This action isn't available in the current AWS Region. 9320// 9321// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus 9322func (c *Organizations) ListCreateAccountStatus(input *ListCreateAccountStatusInput) (*ListCreateAccountStatusOutput, error) { 9323 req, out := c.ListCreateAccountStatusRequest(input) 9324 return out, req.Send() 9325} 9326 9327// ListCreateAccountStatusWithContext is the same as ListCreateAccountStatus with the addition of 9328// the ability to pass a context and additional request options. 9329// 9330// See ListCreateAccountStatus for details on how to use this API operation. 9331// 9332// The context must be non-nil and will be used for request cancellation. If 9333// the context is nil a panic will occur. In the future the SDK may create 9334// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9335// for more information on using Contexts. 9336func (c *Organizations) ListCreateAccountStatusWithContext(ctx aws.Context, input *ListCreateAccountStatusInput, opts ...request.Option) (*ListCreateAccountStatusOutput, error) { 9337 req, out := c.ListCreateAccountStatusRequest(input) 9338 req.SetContext(ctx) 9339 req.ApplyOptions(opts...) 9340 return out, req.Send() 9341} 9342 9343// ListCreateAccountStatusPages iterates over the pages of a ListCreateAccountStatus operation, 9344// calling the "fn" function with the response data for each page. To stop 9345// iterating, return false from the fn function. 9346// 9347// See ListCreateAccountStatus method for more information on how to use this operation. 9348// 9349// Note: This operation can generate multiple requests to a service. 9350// 9351// // Example iterating over at most 3 pages of a ListCreateAccountStatus operation. 9352// pageNum := 0 9353// err := client.ListCreateAccountStatusPages(params, 9354// func(page *organizations.ListCreateAccountStatusOutput, lastPage bool) bool { 9355// pageNum++ 9356// fmt.Println(page) 9357// return pageNum <= 3 9358// }) 9359// 9360func (c *Organizations) ListCreateAccountStatusPages(input *ListCreateAccountStatusInput, fn func(*ListCreateAccountStatusOutput, bool) bool) error { 9361 return c.ListCreateAccountStatusPagesWithContext(aws.BackgroundContext(), input, fn) 9362} 9363 9364// ListCreateAccountStatusPagesWithContext same as ListCreateAccountStatusPages except 9365// it takes a Context and allows setting request options on the pages. 9366// 9367// The context must be non-nil and will be used for request cancellation. If 9368// the context is nil a panic will occur. In the future the SDK may create 9369// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9370// for more information on using Contexts. 9371func (c *Organizations) ListCreateAccountStatusPagesWithContext(ctx aws.Context, input *ListCreateAccountStatusInput, fn func(*ListCreateAccountStatusOutput, bool) bool, opts ...request.Option) error { 9372 p := request.Pagination{ 9373 NewRequest: func() (*request.Request, error) { 9374 var inCpy *ListCreateAccountStatusInput 9375 if input != nil { 9376 tmp := *input 9377 inCpy = &tmp 9378 } 9379 req, _ := c.ListCreateAccountStatusRequest(inCpy) 9380 req.SetContext(ctx) 9381 req.ApplyOptions(opts...) 9382 return req, nil 9383 }, 9384 } 9385 9386 for p.Next() { 9387 if !fn(p.Page().(*ListCreateAccountStatusOutput), !p.HasNextPage()) { 9388 break 9389 } 9390 } 9391 9392 return p.Err() 9393} 9394 9395const opListDelegatedAdministrators = "ListDelegatedAdministrators" 9396 9397// ListDelegatedAdministratorsRequest generates a "aws/request.Request" representing the 9398// client's request for the ListDelegatedAdministrators operation. The "output" return 9399// value will be populated with the request's response once the request completes 9400// successfully. 9401// 9402// Use "Send" method on the returned Request to send the API call to the service. 9403// the "output" return value is not valid until after Send returns without error. 9404// 9405// See ListDelegatedAdministrators for more information on using the ListDelegatedAdministrators 9406// API call, and error handling. 9407// 9408// This method is useful when you want to inject custom logic or configuration 9409// into the SDK's request lifecycle. Such as custom headers, or retry logic. 9410// 9411// 9412// // Example sending a request using the ListDelegatedAdministratorsRequest method. 9413// req, resp := client.ListDelegatedAdministratorsRequest(params) 9414// 9415// err := req.Send() 9416// if err == nil { // resp is now filled 9417// fmt.Println(resp) 9418// } 9419// 9420// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListDelegatedAdministrators 9421func (c *Organizations) ListDelegatedAdministratorsRequest(input *ListDelegatedAdministratorsInput) (req *request.Request, output *ListDelegatedAdministratorsOutput) { 9422 op := &request.Operation{ 9423 Name: opListDelegatedAdministrators, 9424 HTTPMethod: "POST", 9425 HTTPPath: "/", 9426 Paginator: &request.Paginator{ 9427 InputTokens: []string{"NextToken"}, 9428 OutputTokens: []string{"NextToken"}, 9429 LimitToken: "MaxResults", 9430 TruncationToken: "", 9431 }, 9432 } 9433 9434 if input == nil { 9435 input = &ListDelegatedAdministratorsInput{} 9436 } 9437 9438 output = &ListDelegatedAdministratorsOutput{} 9439 req = c.newRequest(op, input, output) 9440 return 9441} 9442 9443// ListDelegatedAdministrators API operation for AWS Organizations. 9444// 9445// Lists the AWS accounts that are designated as delegated administrators in 9446// this organization. 9447// 9448// This operation can be called only from the organization's management account 9449// or by a member account that is a delegated administrator for an AWS service. 9450// 9451// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 9452// with awserr.Error's Code and Message methods to get detailed information about 9453// the error. 9454// 9455// See the AWS API reference guide for AWS Organizations's 9456// API operation ListDelegatedAdministrators for usage and error information. 9457// 9458// Returned Error Types: 9459// * AccessDeniedException 9460// You don't have permissions to perform the requested operation. The user or 9461// role that is making the request must have at least one IAM permissions policy 9462// attached that grants the required permissions. For more information, see 9463// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 9464// in the IAM User Guide. 9465// 9466// * AWSOrganizationsNotInUseException 9467// Your account isn't a member of an organization. To make this request, you 9468// must use the credentials of an account that belongs to an organization. 9469// 9470// * ConstraintViolationException 9471// Performing this operation violates a minimum or maximum value limit. For 9472// example, attempting to remove the last service control policy (SCP) from 9473// an OU or root, inviting or creating too many accounts to the organization, 9474// or attaching too many policies to an account, OU, or root. This exception 9475// includes a reason that contains additional information about the violated 9476// limit: 9477// 9478// Some of the reasons in the following list might not be applicable to this 9479// specific API or operation. 9480// 9481// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 9482// account from the organization. You can't remove the management account. 9483// Instead, after you remove all member accounts, delete the organization 9484// itself. 9485// 9486// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 9487// from the organization that doesn't yet have enough information to exist 9488// as a standalone account. This account requires you to first agree to the 9489// AWS Customer Agreement. Follow the steps at Removing a member account 9490// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 9491// the AWS Organizations User Guide. 9492// 9493// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 9494// an account from the organization that doesn't yet have enough information 9495// to exist as a standalone account. This account requires you to first complete 9496// phone verification. Follow the steps at Removing a member account from 9497// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 9498// in the AWS Organizations User Guide. 9499// 9500// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 9501// of accounts that you can create in one day. 9502// 9503// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 9504// the number of accounts in an organization. If you need more accounts, 9505// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 9506// request an increase in your limit. Or the number of invitations that you 9507// tried to send would cause you to exceed the limit of accounts in your 9508// organization. Send fewer invitations or contact AWS Support to request 9509// an increase in the number of accounts. Deleted and closed accounts still 9510// count toward your limit. If you get this exception when running a command 9511// immediately after creating the organization, wait one hour and try again. 9512// After an hour, if the command continues to fail with this error, contact 9513// AWS Support (https://console.aws.amazon.com/support/home#/). 9514// 9515// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 9516// register the management account of the organization as a delegated administrator 9517// for an AWS service integrated with Organizations. You can designate only 9518// a member account as a delegated administrator. 9519// 9520// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 9521// an account that is registered as a delegated administrator for a service 9522// integrated with your organization. To complete this operation, you must 9523// first deregister this account as a delegated administrator. 9524// 9525// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 9526// organization in the specified region, you must enable all features mode. 9527// 9528// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 9529// an AWS account as a delegated administrator for an AWS service that already 9530// has a delegated administrator. To complete this operation, you must first 9531// deregister any existing delegated administrators for this service. 9532// 9533// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 9534// valid for a limited period of time. You must resubmit the request and 9535// generate a new verfication code. 9536// 9537// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 9538// handshakes that you can send in one day. 9539// 9540// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 9541// in this organization, you first must migrate the organization's management 9542// account to the marketplace that corresponds to the management account's 9543// address. For example, accounts with India addresses must be associated 9544// with the AISPL marketplace. All accounts in an organization must be associated 9545// with the same marketplace. 9546// 9547// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 9548// in China. To create an organization, the master must have a valid business 9549// license. For more information, contact customer support. 9550// 9551// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 9552// must first provide a valid contact address and phone number for the management 9553// account. Then try the operation again. 9554// 9555// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 9556// management account must have an associated account in the AWS GovCloud 9557// (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 9558// in the AWS GovCloud User Guide. 9559// 9560// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 9561// with this management account, you first must associate a valid payment 9562// instrument, such as a credit card, with the account. Follow the steps 9563// at To leave an organization when all required account information has 9564// not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 9565// in the AWS Organizations User Guide. 9566// 9567// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 9568// to register more delegated administrators than allowed for the service 9569// principal. 9570// 9571// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 9572// number of policies of a certain type that can be attached to an entity 9573// at one time. 9574// 9575// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 9576// on this resource. 9577// 9578// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 9579// with this member account, you first must associate a valid payment instrument, 9580// such as a credit card, with the account. Follow the steps at To leave 9581// an organization when all required account information has not yet been 9582// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 9583// in the AWS Organizations User Guide. 9584// 9585// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 9586// policy from an entity that would cause the entity to have fewer than the 9587// minimum number of policies of a certain type required. 9588// 9589// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 9590// that requires the organization to be configured to support all features. 9591// An organization that supports only consolidated billing features can't 9592// perform this operation. 9593// 9594// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 9595// too many levels deep. 9596// 9597// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 9598// that you can have in an organization. 9599// 9600// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 9601// is larger than the maximum size. 9602// 9603// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 9604// policies that you can have in an organization. 9605// 9606// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 9607// tags that are not compliant with the tag policy requirements for this 9608// account. 9609// 9610// * InvalidInputException 9611// The requested operation failed because you provided invalid values for one 9612// or more of the request parameters. This exception includes a reason that 9613// contains additional information about the violated limit: 9614// 9615// Some of the reasons in the following list might not be applicable to this 9616// specific API or operation. 9617// 9618// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 9619// the same entity. 9620// 9621// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 9622// can't be modified. 9623// 9624// * INPUT_REQUIRED: You must include a value for all required parameters. 9625// 9626// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 9627// for the invited account owner. 9628// 9629// * INVALID_ENUM: You specified an invalid value. 9630// 9631// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 9632// 9633// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 9634// characters. 9635// 9636// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 9637// at least one invalid value. 9638// 9639// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 9640// from the response to a previous call of the operation. 9641// 9642// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 9643// organization, or email) as a party. 9644// 9645// * INVALID_PATTERN: You provided a value that doesn't match the required 9646// pattern. 9647// 9648// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 9649// match the required pattern. 9650// 9651// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 9652// name can't begin with the reserved prefix AWSServiceRoleFor. 9653// 9654// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 9655// Name (ARN) for the organization. 9656// 9657// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 9658// 9659// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 9660// tag. You can’t add, edit, or delete system tag keys because they're 9661// reserved for AWS use. System tags don’t count against your tags per 9662// resource limit. 9663// 9664// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 9665// for the operation. 9666// 9667// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 9668// than allowed. 9669// 9670// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 9671// value than allowed. 9672// 9673// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 9674// than allowed. 9675// 9676// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 9677// value than allowed. 9678// 9679// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 9680// between entities in the same root. 9681// 9682// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 9683// target entity. 9684// 9685// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 9686// isn't recognized. 9687// 9688// * TooManyRequestsException 9689// You have sent too many requests in too short a period of time. The quota 9690// helps protect against denial-of-service attacks. Try again later. 9691// 9692// For information about quotas that affect AWS Organizations, see Quotas for 9693// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 9694// the AWS Organizations User Guide. 9695// 9696// * ServiceException 9697// AWS Organizations can't complete your request because of an internal service 9698// error. Try again later. 9699// 9700// * UnsupportedAPIEndpointException 9701// This action isn't available in the current AWS Region. 9702// 9703// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListDelegatedAdministrators 9704func (c *Organizations) ListDelegatedAdministrators(input *ListDelegatedAdministratorsInput) (*ListDelegatedAdministratorsOutput, error) { 9705 req, out := c.ListDelegatedAdministratorsRequest(input) 9706 return out, req.Send() 9707} 9708 9709// ListDelegatedAdministratorsWithContext is the same as ListDelegatedAdministrators with the addition of 9710// the ability to pass a context and additional request options. 9711// 9712// See ListDelegatedAdministrators for details on how to use this API operation. 9713// 9714// The context must be non-nil and will be used for request cancellation. If 9715// the context is nil a panic will occur. In the future the SDK may create 9716// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9717// for more information on using Contexts. 9718func (c *Organizations) ListDelegatedAdministratorsWithContext(ctx aws.Context, input *ListDelegatedAdministratorsInput, opts ...request.Option) (*ListDelegatedAdministratorsOutput, error) { 9719 req, out := c.ListDelegatedAdministratorsRequest(input) 9720 req.SetContext(ctx) 9721 req.ApplyOptions(opts...) 9722 return out, req.Send() 9723} 9724 9725// ListDelegatedAdministratorsPages iterates over the pages of a ListDelegatedAdministrators operation, 9726// calling the "fn" function with the response data for each page. To stop 9727// iterating, return false from the fn function. 9728// 9729// See ListDelegatedAdministrators method for more information on how to use this operation. 9730// 9731// Note: This operation can generate multiple requests to a service. 9732// 9733// // Example iterating over at most 3 pages of a ListDelegatedAdministrators operation. 9734// pageNum := 0 9735// err := client.ListDelegatedAdministratorsPages(params, 9736// func(page *organizations.ListDelegatedAdministratorsOutput, lastPage bool) bool { 9737// pageNum++ 9738// fmt.Println(page) 9739// return pageNum <= 3 9740// }) 9741// 9742func (c *Organizations) ListDelegatedAdministratorsPages(input *ListDelegatedAdministratorsInput, fn func(*ListDelegatedAdministratorsOutput, bool) bool) error { 9743 return c.ListDelegatedAdministratorsPagesWithContext(aws.BackgroundContext(), input, fn) 9744} 9745 9746// ListDelegatedAdministratorsPagesWithContext same as ListDelegatedAdministratorsPages except 9747// it takes a Context and allows setting request options on the pages. 9748// 9749// The context must be non-nil and will be used for request cancellation. If 9750// the context is nil a panic will occur. In the future the SDK may create 9751// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9752// for more information on using Contexts. 9753func (c *Organizations) ListDelegatedAdministratorsPagesWithContext(ctx aws.Context, input *ListDelegatedAdministratorsInput, fn func(*ListDelegatedAdministratorsOutput, bool) bool, opts ...request.Option) error { 9754 p := request.Pagination{ 9755 NewRequest: func() (*request.Request, error) { 9756 var inCpy *ListDelegatedAdministratorsInput 9757 if input != nil { 9758 tmp := *input 9759 inCpy = &tmp 9760 } 9761 req, _ := c.ListDelegatedAdministratorsRequest(inCpy) 9762 req.SetContext(ctx) 9763 req.ApplyOptions(opts...) 9764 return req, nil 9765 }, 9766 } 9767 9768 for p.Next() { 9769 if !fn(p.Page().(*ListDelegatedAdministratorsOutput), !p.HasNextPage()) { 9770 break 9771 } 9772 } 9773 9774 return p.Err() 9775} 9776 9777const opListDelegatedServicesForAccount = "ListDelegatedServicesForAccount" 9778 9779// ListDelegatedServicesForAccountRequest generates a "aws/request.Request" representing the 9780// client's request for the ListDelegatedServicesForAccount operation. The "output" return 9781// value will be populated with the request's response once the request completes 9782// successfully. 9783// 9784// Use "Send" method on the returned Request to send the API call to the service. 9785// the "output" return value is not valid until after Send returns without error. 9786// 9787// See ListDelegatedServicesForAccount for more information on using the ListDelegatedServicesForAccount 9788// API call, and error handling. 9789// 9790// This method is useful when you want to inject custom logic or configuration 9791// into the SDK's request lifecycle. Such as custom headers, or retry logic. 9792// 9793// 9794// // Example sending a request using the ListDelegatedServicesForAccountRequest method. 9795// req, resp := client.ListDelegatedServicesForAccountRequest(params) 9796// 9797// err := req.Send() 9798// if err == nil { // resp is now filled 9799// fmt.Println(resp) 9800// } 9801// 9802// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListDelegatedServicesForAccount 9803func (c *Organizations) ListDelegatedServicesForAccountRequest(input *ListDelegatedServicesForAccountInput) (req *request.Request, output *ListDelegatedServicesForAccountOutput) { 9804 op := &request.Operation{ 9805 Name: opListDelegatedServicesForAccount, 9806 HTTPMethod: "POST", 9807 HTTPPath: "/", 9808 Paginator: &request.Paginator{ 9809 InputTokens: []string{"NextToken"}, 9810 OutputTokens: []string{"NextToken"}, 9811 LimitToken: "MaxResults", 9812 TruncationToken: "", 9813 }, 9814 } 9815 9816 if input == nil { 9817 input = &ListDelegatedServicesForAccountInput{} 9818 } 9819 9820 output = &ListDelegatedServicesForAccountOutput{} 9821 req = c.newRequest(op, input, output) 9822 return 9823} 9824 9825// ListDelegatedServicesForAccount API operation for AWS Organizations. 9826// 9827// List the AWS services for which the specified account is a delegated administrator. 9828// 9829// This operation can be called only from the organization's management account 9830// or by a member account that is a delegated administrator for an AWS service. 9831// 9832// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 9833// with awserr.Error's Code and Message methods to get detailed information about 9834// the error. 9835// 9836// See the AWS API reference guide for AWS Organizations's 9837// API operation ListDelegatedServicesForAccount for usage and error information. 9838// 9839// Returned Error Types: 9840// * AccessDeniedException 9841// You don't have permissions to perform the requested operation. The user or 9842// role that is making the request must have at least one IAM permissions policy 9843// attached that grants the required permissions. For more information, see 9844// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 9845// in the IAM User Guide. 9846// 9847// * AccountNotFoundException 9848// We can't find an AWS account with the AccountId that you specified, or the 9849// account whose credentials you used to make this request isn't a member of 9850// an organization. 9851// 9852// * AccountNotRegisteredException 9853// The specified account is not a delegated administrator for this AWS service. 9854// 9855// * AWSOrganizationsNotInUseException 9856// Your account isn't a member of an organization. To make this request, you 9857// must use the credentials of an account that belongs to an organization. 9858// 9859// * ConstraintViolationException 9860// Performing this operation violates a minimum or maximum value limit. For 9861// example, attempting to remove the last service control policy (SCP) from 9862// an OU or root, inviting or creating too many accounts to the organization, 9863// or attaching too many policies to an account, OU, or root. This exception 9864// includes a reason that contains additional information about the violated 9865// limit: 9866// 9867// Some of the reasons in the following list might not be applicable to this 9868// specific API or operation. 9869// 9870// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 9871// account from the organization. You can't remove the management account. 9872// Instead, after you remove all member accounts, delete the organization 9873// itself. 9874// 9875// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 9876// from the organization that doesn't yet have enough information to exist 9877// as a standalone account. This account requires you to first agree to the 9878// AWS Customer Agreement. Follow the steps at Removing a member account 9879// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 9880// the AWS Organizations User Guide. 9881// 9882// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 9883// an account from the organization that doesn't yet have enough information 9884// to exist as a standalone account. This account requires you to first complete 9885// phone verification. Follow the steps at Removing a member account from 9886// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 9887// in the AWS Organizations User Guide. 9888// 9889// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 9890// of accounts that you can create in one day. 9891// 9892// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 9893// the number of accounts in an organization. If you need more accounts, 9894// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 9895// request an increase in your limit. Or the number of invitations that you 9896// tried to send would cause you to exceed the limit of accounts in your 9897// organization. Send fewer invitations or contact AWS Support to request 9898// an increase in the number of accounts. Deleted and closed accounts still 9899// count toward your limit. If you get this exception when running a command 9900// immediately after creating the organization, wait one hour and try again. 9901// After an hour, if the command continues to fail with this error, contact 9902// AWS Support (https://console.aws.amazon.com/support/home#/). 9903// 9904// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 9905// register the management account of the organization as a delegated administrator 9906// for an AWS service integrated with Organizations. You can designate only 9907// a member account as a delegated administrator. 9908// 9909// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 9910// an account that is registered as a delegated administrator for a service 9911// integrated with your organization. To complete this operation, you must 9912// first deregister this account as a delegated administrator. 9913// 9914// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 9915// organization in the specified region, you must enable all features mode. 9916// 9917// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 9918// an AWS account as a delegated administrator for an AWS service that already 9919// has a delegated administrator. To complete this operation, you must first 9920// deregister any existing delegated administrators for this service. 9921// 9922// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 9923// valid for a limited period of time. You must resubmit the request and 9924// generate a new verfication code. 9925// 9926// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 9927// handshakes that you can send in one day. 9928// 9929// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 9930// in this organization, you first must migrate the organization's management 9931// account to the marketplace that corresponds to the management account's 9932// address. For example, accounts with India addresses must be associated 9933// with the AISPL marketplace. All accounts in an organization must be associated 9934// with the same marketplace. 9935// 9936// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 9937// in China. To create an organization, the master must have a valid business 9938// license. For more information, contact customer support. 9939// 9940// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 9941// must first provide a valid contact address and phone number for the management 9942// account. Then try the operation again. 9943// 9944// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 9945// management account must have an associated account in the AWS GovCloud 9946// (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 9947// in the AWS GovCloud User Guide. 9948// 9949// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 9950// with this management account, you first must associate a valid payment 9951// instrument, such as a credit card, with the account. Follow the steps 9952// at To leave an organization when all required account information has 9953// not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 9954// in the AWS Organizations User Guide. 9955// 9956// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 9957// to register more delegated administrators than allowed for the service 9958// principal. 9959// 9960// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 9961// number of policies of a certain type that can be attached to an entity 9962// at one time. 9963// 9964// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 9965// on this resource. 9966// 9967// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 9968// with this member account, you first must associate a valid payment instrument, 9969// such as a credit card, with the account. Follow the steps at To leave 9970// an organization when all required account information has not yet been 9971// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 9972// in the AWS Organizations User Guide. 9973// 9974// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 9975// policy from an entity that would cause the entity to have fewer than the 9976// minimum number of policies of a certain type required. 9977// 9978// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 9979// that requires the organization to be configured to support all features. 9980// An organization that supports only consolidated billing features can't 9981// perform this operation. 9982// 9983// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 9984// too many levels deep. 9985// 9986// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 9987// that you can have in an organization. 9988// 9989// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 9990// is larger than the maximum size. 9991// 9992// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 9993// policies that you can have in an organization. 9994// 9995// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 9996// tags that are not compliant with the tag policy requirements for this 9997// account. 9998// 9999// * InvalidInputException 10000// The requested operation failed because you provided invalid values for one 10001// or more of the request parameters. This exception includes a reason that 10002// contains additional information about the violated limit: 10003// 10004// Some of the reasons in the following list might not be applicable to this 10005// specific API or operation. 10006// 10007// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 10008// the same entity. 10009// 10010// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 10011// can't be modified. 10012// 10013// * INPUT_REQUIRED: You must include a value for all required parameters. 10014// 10015// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 10016// for the invited account owner. 10017// 10018// * INVALID_ENUM: You specified an invalid value. 10019// 10020// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 10021// 10022// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 10023// characters. 10024// 10025// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 10026// at least one invalid value. 10027// 10028// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 10029// from the response to a previous call of the operation. 10030// 10031// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 10032// organization, or email) as a party. 10033// 10034// * INVALID_PATTERN: You provided a value that doesn't match the required 10035// pattern. 10036// 10037// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 10038// match the required pattern. 10039// 10040// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 10041// name can't begin with the reserved prefix AWSServiceRoleFor. 10042// 10043// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 10044// Name (ARN) for the organization. 10045// 10046// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 10047// 10048// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 10049// tag. You can’t add, edit, or delete system tag keys because they're 10050// reserved for AWS use. System tags don’t count against your tags per 10051// resource limit. 10052// 10053// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 10054// for the operation. 10055// 10056// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 10057// than allowed. 10058// 10059// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 10060// value than allowed. 10061// 10062// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 10063// than allowed. 10064// 10065// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 10066// value than allowed. 10067// 10068// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 10069// between entities in the same root. 10070// 10071// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 10072// target entity. 10073// 10074// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 10075// isn't recognized. 10076// 10077// * TooManyRequestsException 10078// You have sent too many requests in too short a period of time. The quota 10079// helps protect against denial-of-service attacks. Try again later. 10080// 10081// For information about quotas that affect AWS Organizations, see Quotas for 10082// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 10083// the AWS Organizations User Guide. 10084// 10085// * ServiceException 10086// AWS Organizations can't complete your request because of an internal service 10087// error. Try again later. 10088// 10089// * UnsupportedAPIEndpointException 10090// This action isn't available in the current AWS Region. 10091// 10092// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListDelegatedServicesForAccount 10093func (c *Organizations) ListDelegatedServicesForAccount(input *ListDelegatedServicesForAccountInput) (*ListDelegatedServicesForAccountOutput, error) { 10094 req, out := c.ListDelegatedServicesForAccountRequest(input) 10095 return out, req.Send() 10096} 10097 10098// ListDelegatedServicesForAccountWithContext is the same as ListDelegatedServicesForAccount with the addition of 10099// the ability to pass a context and additional request options. 10100// 10101// See ListDelegatedServicesForAccount for details on how to use this API operation. 10102// 10103// The context must be non-nil and will be used for request cancellation. If 10104// the context is nil a panic will occur. In the future the SDK may create 10105// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 10106// for more information on using Contexts. 10107func (c *Organizations) ListDelegatedServicesForAccountWithContext(ctx aws.Context, input *ListDelegatedServicesForAccountInput, opts ...request.Option) (*ListDelegatedServicesForAccountOutput, error) { 10108 req, out := c.ListDelegatedServicesForAccountRequest(input) 10109 req.SetContext(ctx) 10110 req.ApplyOptions(opts...) 10111 return out, req.Send() 10112} 10113 10114// ListDelegatedServicesForAccountPages iterates over the pages of a ListDelegatedServicesForAccount operation, 10115// calling the "fn" function with the response data for each page. To stop 10116// iterating, return false from the fn function. 10117// 10118// See ListDelegatedServicesForAccount method for more information on how to use this operation. 10119// 10120// Note: This operation can generate multiple requests to a service. 10121// 10122// // Example iterating over at most 3 pages of a ListDelegatedServicesForAccount operation. 10123// pageNum := 0 10124// err := client.ListDelegatedServicesForAccountPages(params, 10125// func(page *organizations.ListDelegatedServicesForAccountOutput, lastPage bool) bool { 10126// pageNum++ 10127// fmt.Println(page) 10128// return pageNum <= 3 10129// }) 10130// 10131func (c *Organizations) ListDelegatedServicesForAccountPages(input *ListDelegatedServicesForAccountInput, fn func(*ListDelegatedServicesForAccountOutput, bool) bool) error { 10132 return c.ListDelegatedServicesForAccountPagesWithContext(aws.BackgroundContext(), input, fn) 10133} 10134 10135// ListDelegatedServicesForAccountPagesWithContext same as ListDelegatedServicesForAccountPages except 10136// it takes a Context and allows setting request options on the pages. 10137// 10138// The context must be non-nil and will be used for request cancellation. If 10139// the context is nil a panic will occur. In the future the SDK may create 10140// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 10141// for more information on using Contexts. 10142func (c *Organizations) ListDelegatedServicesForAccountPagesWithContext(ctx aws.Context, input *ListDelegatedServicesForAccountInput, fn func(*ListDelegatedServicesForAccountOutput, bool) bool, opts ...request.Option) error { 10143 p := request.Pagination{ 10144 NewRequest: func() (*request.Request, error) { 10145 var inCpy *ListDelegatedServicesForAccountInput 10146 if input != nil { 10147 tmp := *input 10148 inCpy = &tmp 10149 } 10150 req, _ := c.ListDelegatedServicesForAccountRequest(inCpy) 10151 req.SetContext(ctx) 10152 req.ApplyOptions(opts...) 10153 return req, nil 10154 }, 10155 } 10156 10157 for p.Next() { 10158 if !fn(p.Page().(*ListDelegatedServicesForAccountOutput), !p.HasNextPage()) { 10159 break 10160 } 10161 } 10162 10163 return p.Err() 10164} 10165 10166const opListHandshakesForAccount = "ListHandshakesForAccount" 10167 10168// ListHandshakesForAccountRequest generates a "aws/request.Request" representing the 10169// client's request for the ListHandshakesForAccount operation. The "output" return 10170// value will be populated with the request's response once the request completes 10171// successfully. 10172// 10173// Use "Send" method on the returned Request to send the API call to the service. 10174// the "output" return value is not valid until after Send returns without error. 10175// 10176// See ListHandshakesForAccount for more information on using the ListHandshakesForAccount 10177// API call, and error handling. 10178// 10179// This method is useful when you want to inject custom logic or configuration 10180// into the SDK's request lifecycle. Such as custom headers, or retry logic. 10181// 10182// 10183// // Example sending a request using the ListHandshakesForAccountRequest method. 10184// req, resp := client.ListHandshakesForAccountRequest(params) 10185// 10186// err := req.Send() 10187// if err == nil { // resp is now filled 10188// fmt.Println(resp) 10189// } 10190// 10191// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForAccount 10192func (c *Organizations) ListHandshakesForAccountRequest(input *ListHandshakesForAccountInput) (req *request.Request, output *ListHandshakesForAccountOutput) { 10193 op := &request.Operation{ 10194 Name: opListHandshakesForAccount, 10195 HTTPMethod: "POST", 10196 HTTPPath: "/", 10197 Paginator: &request.Paginator{ 10198 InputTokens: []string{"NextToken"}, 10199 OutputTokens: []string{"NextToken"}, 10200 LimitToken: "MaxResults", 10201 TruncationToken: "", 10202 }, 10203 } 10204 10205 if input == nil { 10206 input = &ListHandshakesForAccountInput{} 10207 } 10208 10209 output = &ListHandshakesForAccountOutput{} 10210 req = c.newRequest(op, input, output) 10211 return 10212} 10213 10214// ListHandshakesForAccount API operation for AWS Organizations. 10215// 10216// Lists the current handshakes that are associated with the account of the 10217// requesting user. 10218// 10219// Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the results 10220// of this API for only 30 days after changing to that state. After that, they're 10221// deleted and no longer accessible. 10222// 10223// Always check the NextToken response parameter for a null value when calling 10224// a List* operation. These operations can occasionally return an empty set 10225// of results even when there are more results available. The NextToken response 10226// parameter value is null only when there are no more results to display. 10227// 10228// This operation can be called from any account in the organization. 10229// 10230// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 10231// with awserr.Error's Code and Message methods to get detailed information about 10232// the error. 10233// 10234// See the AWS API reference guide for AWS Organizations's 10235// API operation ListHandshakesForAccount for usage and error information. 10236// 10237// Returned Error Types: 10238// * AccessDeniedException 10239// You don't have permissions to perform the requested operation. The user or 10240// role that is making the request must have at least one IAM permissions policy 10241// attached that grants the required permissions. For more information, see 10242// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 10243// in the IAM User Guide. 10244// 10245// * ConcurrentModificationException 10246// The target of the operation is currently being modified by a different request. 10247// Try again later. 10248// 10249// * InvalidInputException 10250// The requested operation failed because you provided invalid values for one 10251// or more of the request parameters. This exception includes a reason that 10252// contains additional information about the violated limit: 10253// 10254// Some of the reasons in the following list might not be applicable to this 10255// specific API or operation. 10256// 10257// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 10258// the same entity. 10259// 10260// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 10261// can't be modified. 10262// 10263// * INPUT_REQUIRED: You must include a value for all required parameters. 10264// 10265// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 10266// for the invited account owner. 10267// 10268// * INVALID_ENUM: You specified an invalid value. 10269// 10270// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 10271// 10272// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 10273// characters. 10274// 10275// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 10276// at least one invalid value. 10277// 10278// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 10279// from the response to a previous call of the operation. 10280// 10281// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 10282// organization, or email) as a party. 10283// 10284// * INVALID_PATTERN: You provided a value that doesn't match the required 10285// pattern. 10286// 10287// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 10288// match the required pattern. 10289// 10290// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 10291// name can't begin with the reserved prefix AWSServiceRoleFor. 10292// 10293// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 10294// Name (ARN) for the organization. 10295// 10296// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 10297// 10298// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 10299// tag. You can’t add, edit, or delete system tag keys because they're 10300// reserved for AWS use. System tags don’t count against your tags per 10301// resource limit. 10302// 10303// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 10304// for the operation. 10305// 10306// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 10307// than allowed. 10308// 10309// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 10310// value than allowed. 10311// 10312// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 10313// than allowed. 10314// 10315// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 10316// value than allowed. 10317// 10318// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 10319// between entities in the same root. 10320// 10321// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 10322// target entity. 10323// 10324// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 10325// isn't recognized. 10326// 10327// * ServiceException 10328// AWS Organizations can't complete your request because of an internal service 10329// error. Try again later. 10330// 10331// * TooManyRequestsException 10332// You have sent too many requests in too short a period of time. The quota 10333// helps protect against denial-of-service attacks. Try again later. 10334// 10335// For information about quotas that affect AWS Organizations, see Quotas for 10336// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 10337// the AWS Organizations User Guide. 10338// 10339// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForAccount 10340func (c *Organizations) ListHandshakesForAccount(input *ListHandshakesForAccountInput) (*ListHandshakesForAccountOutput, error) { 10341 req, out := c.ListHandshakesForAccountRequest(input) 10342 return out, req.Send() 10343} 10344 10345// ListHandshakesForAccountWithContext is the same as ListHandshakesForAccount with the addition of 10346// the ability to pass a context and additional request options. 10347// 10348// See ListHandshakesForAccount for details on how to use this API operation. 10349// 10350// The context must be non-nil and will be used for request cancellation. If 10351// the context is nil a panic will occur. In the future the SDK may create 10352// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 10353// for more information on using Contexts. 10354func (c *Organizations) ListHandshakesForAccountWithContext(ctx aws.Context, input *ListHandshakesForAccountInput, opts ...request.Option) (*ListHandshakesForAccountOutput, error) { 10355 req, out := c.ListHandshakesForAccountRequest(input) 10356 req.SetContext(ctx) 10357 req.ApplyOptions(opts...) 10358 return out, req.Send() 10359} 10360 10361// ListHandshakesForAccountPages iterates over the pages of a ListHandshakesForAccount operation, 10362// calling the "fn" function with the response data for each page. To stop 10363// iterating, return false from the fn function. 10364// 10365// See ListHandshakesForAccount method for more information on how to use this operation. 10366// 10367// Note: This operation can generate multiple requests to a service. 10368// 10369// // Example iterating over at most 3 pages of a ListHandshakesForAccount operation. 10370// pageNum := 0 10371// err := client.ListHandshakesForAccountPages(params, 10372// func(page *organizations.ListHandshakesForAccountOutput, lastPage bool) bool { 10373// pageNum++ 10374// fmt.Println(page) 10375// return pageNum <= 3 10376// }) 10377// 10378func (c *Organizations) ListHandshakesForAccountPages(input *ListHandshakesForAccountInput, fn func(*ListHandshakesForAccountOutput, bool) bool) error { 10379 return c.ListHandshakesForAccountPagesWithContext(aws.BackgroundContext(), input, fn) 10380} 10381 10382// ListHandshakesForAccountPagesWithContext same as ListHandshakesForAccountPages except 10383// it takes a Context and allows setting request options on the pages. 10384// 10385// The context must be non-nil and will be used for request cancellation. If 10386// the context is nil a panic will occur. In the future the SDK may create 10387// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 10388// for more information on using Contexts. 10389func (c *Organizations) ListHandshakesForAccountPagesWithContext(ctx aws.Context, input *ListHandshakesForAccountInput, fn func(*ListHandshakesForAccountOutput, bool) bool, opts ...request.Option) error { 10390 p := request.Pagination{ 10391 NewRequest: func() (*request.Request, error) { 10392 var inCpy *ListHandshakesForAccountInput 10393 if input != nil { 10394 tmp := *input 10395 inCpy = &tmp 10396 } 10397 req, _ := c.ListHandshakesForAccountRequest(inCpy) 10398 req.SetContext(ctx) 10399 req.ApplyOptions(opts...) 10400 return req, nil 10401 }, 10402 } 10403 10404 for p.Next() { 10405 if !fn(p.Page().(*ListHandshakesForAccountOutput), !p.HasNextPage()) { 10406 break 10407 } 10408 } 10409 10410 return p.Err() 10411} 10412 10413const opListHandshakesForOrganization = "ListHandshakesForOrganization" 10414 10415// ListHandshakesForOrganizationRequest generates a "aws/request.Request" representing the 10416// client's request for the ListHandshakesForOrganization operation. The "output" return 10417// value will be populated with the request's response once the request completes 10418// successfully. 10419// 10420// Use "Send" method on the returned Request to send the API call to the service. 10421// the "output" return value is not valid until after Send returns without error. 10422// 10423// See ListHandshakesForOrganization for more information on using the ListHandshakesForOrganization 10424// API call, and error handling. 10425// 10426// This method is useful when you want to inject custom logic or configuration 10427// into the SDK's request lifecycle. Such as custom headers, or retry logic. 10428// 10429// 10430// // Example sending a request using the ListHandshakesForOrganizationRequest method. 10431// req, resp := client.ListHandshakesForOrganizationRequest(params) 10432// 10433// err := req.Send() 10434// if err == nil { // resp is now filled 10435// fmt.Println(resp) 10436// } 10437// 10438// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForOrganization 10439func (c *Organizations) ListHandshakesForOrganizationRequest(input *ListHandshakesForOrganizationInput) (req *request.Request, output *ListHandshakesForOrganizationOutput) { 10440 op := &request.Operation{ 10441 Name: opListHandshakesForOrganization, 10442 HTTPMethod: "POST", 10443 HTTPPath: "/", 10444 Paginator: &request.Paginator{ 10445 InputTokens: []string{"NextToken"}, 10446 OutputTokens: []string{"NextToken"}, 10447 LimitToken: "MaxResults", 10448 TruncationToken: "", 10449 }, 10450 } 10451 10452 if input == nil { 10453 input = &ListHandshakesForOrganizationInput{} 10454 } 10455 10456 output = &ListHandshakesForOrganizationOutput{} 10457 req = c.newRequest(op, input, output) 10458 return 10459} 10460 10461// ListHandshakesForOrganization API operation for AWS Organizations. 10462// 10463// Lists the handshakes that are associated with the organization that the requesting 10464// user is part of. The ListHandshakesForOrganization operation returns a list 10465// of handshake structures. Each structure contains details and status about 10466// a handshake. 10467// 10468// Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the results 10469// of this API for only 30 days after changing to that state. After that, they're 10470// deleted and no longer accessible. 10471// 10472// Always check the NextToken response parameter for a null value when calling 10473// a List* operation. These operations can occasionally return an empty set 10474// of results even when there are more results available. The NextToken response 10475// parameter value is null only when there are no more results to display. 10476// 10477// This operation can be called only from the organization's management account 10478// or by a member account that is a delegated administrator for an AWS service. 10479// 10480// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 10481// with awserr.Error's Code and Message methods to get detailed information about 10482// the error. 10483// 10484// See the AWS API reference guide for AWS Organizations's 10485// API operation ListHandshakesForOrganization for usage and error information. 10486// 10487// Returned Error Types: 10488// * AccessDeniedException 10489// You don't have permissions to perform the requested operation. The user or 10490// role that is making the request must have at least one IAM permissions policy 10491// attached that grants the required permissions. For more information, see 10492// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 10493// in the IAM User Guide. 10494// 10495// * AWSOrganizationsNotInUseException 10496// Your account isn't a member of an organization. To make this request, you 10497// must use the credentials of an account that belongs to an organization. 10498// 10499// * ConcurrentModificationException 10500// The target of the operation is currently being modified by a different request. 10501// Try again later. 10502// 10503// * InvalidInputException 10504// The requested operation failed because you provided invalid values for one 10505// or more of the request parameters. This exception includes a reason that 10506// contains additional information about the violated limit: 10507// 10508// Some of the reasons in the following list might not be applicable to this 10509// specific API or operation. 10510// 10511// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 10512// the same entity. 10513// 10514// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 10515// can't be modified. 10516// 10517// * INPUT_REQUIRED: You must include a value for all required parameters. 10518// 10519// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 10520// for the invited account owner. 10521// 10522// * INVALID_ENUM: You specified an invalid value. 10523// 10524// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 10525// 10526// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 10527// characters. 10528// 10529// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 10530// at least one invalid value. 10531// 10532// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 10533// from the response to a previous call of the operation. 10534// 10535// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 10536// organization, or email) as a party. 10537// 10538// * INVALID_PATTERN: You provided a value that doesn't match the required 10539// pattern. 10540// 10541// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 10542// match the required pattern. 10543// 10544// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 10545// name can't begin with the reserved prefix AWSServiceRoleFor. 10546// 10547// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 10548// Name (ARN) for the organization. 10549// 10550// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 10551// 10552// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 10553// tag. You can’t add, edit, or delete system tag keys because they're 10554// reserved for AWS use. System tags don’t count against your tags per 10555// resource limit. 10556// 10557// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 10558// for the operation. 10559// 10560// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 10561// than allowed. 10562// 10563// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 10564// value than allowed. 10565// 10566// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 10567// than allowed. 10568// 10569// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 10570// value than allowed. 10571// 10572// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 10573// between entities in the same root. 10574// 10575// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 10576// target entity. 10577// 10578// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 10579// isn't recognized. 10580// 10581// * ServiceException 10582// AWS Organizations can't complete your request because of an internal service 10583// error. Try again later. 10584// 10585// * TooManyRequestsException 10586// You have sent too many requests in too short a period of time. The quota 10587// helps protect against denial-of-service attacks. Try again later. 10588// 10589// For information about quotas that affect AWS Organizations, see Quotas for 10590// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 10591// the AWS Organizations User Guide. 10592// 10593// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForOrganization 10594func (c *Organizations) ListHandshakesForOrganization(input *ListHandshakesForOrganizationInput) (*ListHandshakesForOrganizationOutput, error) { 10595 req, out := c.ListHandshakesForOrganizationRequest(input) 10596 return out, req.Send() 10597} 10598 10599// ListHandshakesForOrganizationWithContext is the same as ListHandshakesForOrganization with the addition of 10600// the ability to pass a context and additional request options. 10601// 10602// See ListHandshakesForOrganization for details on how to use this API operation. 10603// 10604// The context must be non-nil and will be used for request cancellation. If 10605// the context is nil a panic will occur. In the future the SDK may create 10606// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 10607// for more information on using Contexts. 10608func (c *Organizations) ListHandshakesForOrganizationWithContext(ctx aws.Context, input *ListHandshakesForOrganizationInput, opts ...request.Option) (*ListHandshakesForOrganizationOutput, error) { 10609 req, out := c.ListHandshakesForOrganizationRequest(input) 10610 req.SetContext(ctx) 10611 req.ApplyOptions(opts...) 10612 return out, req.Send() 10613} 10614 10615// ListHandshakesForOrganizationPages iterates over the pages of a ListHandshakesForOrganization operation, 10616// calling the "fn" function with the response data for each page. To stop 10617// iterating, return false from the fn function. 10618// 10619// See ListHandshakesForOrganization method for more information on how to use this operation. 10620// 10621// Note: This operation can generate multiple requests to a service. 10622// 10623// // Example iterating over at most 3 pages of a ListHandshakesForOrganization operation. 10624// pageNum := 0 10625// err := client.ListHandshakesForOrganizationPages(params, 10626// func(page *organizations.ListHandshakesForOrganizationOutput, lastPage bool) bool { 10627// pageNum++ 10628// fmt.Println(page) 10629// return pageNum <= 3 10630// }) 10631// 10632func (c *Organizations) ListHandshakesForOrganizationPages(input *ListHandshakesForOrganizationInput, fn func(*ListHandshakesForOrganizationOutput, bool) bool) error { 10633 return c.ListHandshakesForOrganizationPagesWithContext(aws.BackgroundContext(), input, fn) 10634} 10635 10636// ListHandshakesForOrganizationPagesWithContext same as ListHandshakesForOrganizationPages except 10637// it takes a Context and allows setting request options on the pages. 10638// 10639// The context must be non-nil and will be used for request cancellation. If 10640// the context is nil a panic will occur. In the future the SDK may create 10641// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 10642// for more information on using Contexts. 10643func (c *Organizations) ListHandshakesForOrganizationPagesWithContext(ctx aws.Context, input *ListHandshakesForOrganizationInput, fn func(*ListHandshakesForOrganizationOutput, bool) bool, opts ...request.Option) error { 10644 p := request.Pagination{ 10645 NewRequest: func() (*request.Request, error) { 10646 var inCpy *ListHandshakesForOrganizationInput 10647 if input != nil { 10648 tmp := *input 10649 inCpy = &tmp 10650 } 10651 req, _ := c.ListHandshakesForOrganizationRequest(inCpy) 10652 req.SetContext(ctx) 10653 req.ApplyOptions(opts...) 10654 return req, nil 10655 }, 10656 } 10657 10658 for p.Next() { 10659 if !fn(p.Page().(*ListHandshakesForOrganizationOutput), !p.HasNextPage()) { 10660 break 10661 } 10662 } 10663 10664 return p.Err() 10665} 10666 10667const opListOrganizationalUnitsForParent = "ListOrganizationalUnitsForParent" 10668 10669// ListOrganizationalUnitsForParentRequest generates a "aws/request.Request" representing the 10670// client's request for the ListOrganizationalUnitsForParent operation. The "output" return 10671// value will be populated with the request's response once the request completes 10672// successfully. 10673// 10674// Use "Send" method on the returned Request to send the API call to the service. 10675// the "output" return value is not valid until after Send returns without error. 10676// 10677// See ListOrganizationalUnitsForParent for more information on using the ListOrganizationalUnitsForParent 10678// API call, and error handling. 10679// 10680// This method is useful when you want to inject custom logic or configuration 10681// into the SDK's request lifecycle. Such as custom headers, or retry logic. 10682// 10683// 10684// // Example sending a request using the ListOrganizationalUnitsForParentRequest method. 10685// req, resp := client.ListOrganizationalUnitsForParentRequest(params) 10686// 10687// err := req.Send() 10688// if err == nil { // resp is now filled 10689// fmt.Println(resp) 10690// } 10691// 10692// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListOrganizationalUnitsForParent 10693func (c *Organizations) ListOrganizationalUnitsForParentRequest(input *ListOrganizationalUnitsForParentInput) (req *request.Request, output *ListOrganizationalUnitsForParentOutput) { 10694 op := &request.Operation{ 10695 Name: opListOrganizationalUnitsForParent, 10696 HTTPMethod: "POST", 10697 HTTPPath: "/", 10698 Paginator: &request.Paginator{ 10699 InputTokens: []string{"NextToken"}, 10700 OutputTokens: []string{"NextToken"}, 10701 LimitToken: "MaxResults", 10702 TruncationToken: "", 10703 }, 10704 } 10705 10706 if input == nil { 10707 input = &ListOrganizationalUnitsForParentInput{} 10708 } 10709 10710 output = &ListOrganizationalUnitsForParentOutput{} 10711 req = c.newRequest(op, input, output) 10712 return 10713} 10714 10715// ListOrganizationalUnitsForParent API operation for AWS Organizations. 10716// 10717// Lists the organizational units (OUs) in a parent organizational unit or root. 10718// 10719// Always check the NextToken response parameter for a null value when calling 10720// a List* operation. These operations can occasionally return an empty set 10721// of results even when there are more results available. The NextToken response 10722// parameter value is null only when there are no more results to display. 10723// 10724// This operation can be called only from the organization's management account 10725// or by a member account that is a delegated administrator for an AWS service. 10726// 10727// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 10728// with awserr.Error's Code and Message methods to get detailed information about 10729// the error. 10730// 10731// See the AWS API reference guide for AWS Organizations's 10732// API operation ListOrganizationalUnitsForParent for usage and error information. 10733// 10734// Returned Error Types: 10735// * AccessDeniedException 10736// You don't have permissions to perform the requested operation. The user or 10737// role that is making the request must have at least one IAM permissions policy 10738// attached that grants the required permissions. For more information, see 10739// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 10740// in the IAM User Guide. 10741// 10742// * AWSOrganizationsNotInUseException 10743// Your account isn't a member of an organization. To make this request, you 10744// must use the credentials of an account that belongs to an organization. 10745// 10746// * InvalidInputException 10747// The requested operation failed because you provided invalid values for one 10748// or more of the request parameters. This exception includes a reason that 10749// contains additional information about the violated limit: 10750// 10751// Some of the reasons in the following list might not be applicable to this 10752// specific API or operation. 10753// 10754// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 10755// the same entity. 10756// 10757// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 10758// can't be modified. 10759// 10760// * INPUT_REQUIRED: You must include a value for all required parameters. 10761// 10762// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 10763// for the invited account owner. 10764// 10765// * INVALID_ENUM: You specified an invalid value. 10766// 10767// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 10768// 10769// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 10770// characters. 10771// 10772// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 10773// at least one invalid value. 10774// 10775// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 10776// from the response to a previous call of the operation. 10777// 10778// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 10779// organization, or email) as a party. 10780// 10781// * INVALID_PATTERN: You provided a value that doesn't match the required 10782// pattern. 10783// 10784// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 10785// match the required pattern. 10786// 10787// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 10788// name can't begin with the reserved prefix AWSServiceRoleFor. 10789// 10790// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 10791// Name (ARN) for the organization. 10792// 10793// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 10794// 10795// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 10796// tag. You can’t add, edit, or delete system tag keys because they're 10797// reserved for AWS use. System tags don’t count against your tags per 10798// resource limit. 10799// 10800// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 10801// for the operation. 10802// 10803// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 10804// than allowed. 10805// 10806// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 10807// value than allowed. 10808// 10809// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 10810// than allowed. 10811// 10812// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 10813// value than allowed. 10814// 10815// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 10816// between entities in the same root. 10817// 10818// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 10819// target entity. 10820// 10821// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 10822// isn't recognized. 10823// 10824// * ParentNotFoundException 10825// We can't find a root or OU with the ParentId that you specified. 10826// 10827// * ServiceException 10828// AWS Organizations can't complete your request because of an internal service 10829// error. Try again later. 10830// 10831// * TooManyRequestsException 10832// You have sent too many requests in too short a period of time. The quota 10833// helps protect against denial-of-service attacks. Try again later. 10834// 10835// For information about quotas that affect AWS Organizations, see Quotas for 10836// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 10837// the AWS Organizations User Guide. 10838// 10839// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListOrganizationalUnitsForParent 10840func (c *Organizations) ListOrganizationalUnitsForParent(input *ListOrganizationalUnitsForParentInput) (*ListOrganizationalUnitsForParentOutput, error) { 10841 req, out := c.ListOrganizationalUnitsForParentRequest(input) 10842 return out, req.Send() 10843} 10844 10845// ListOrganizationalUnitsForParentWithContext is the same as ListOrganizationalUnitsForParent with the addition of 10846// the ability to pass a context and additional request options. 10847// 10848// See ListOrganizationalUnitsForParent for details on how to use this API operation. 10849// 10850// The context must be non-nil and will be used for request cancellation. If 10851// the context is nil a panic will occur. In the future the SDK may create 10852// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 10853// for more information on using Contexts. 10854func (c *Organizations) ListOrganizationalUnitsForParentWithContext(ctx aws.Context, input *ListOrganizationalUnitsForParentInput, opts ...request.Option) (*ListOrganizationalUnitsForParentOutput, error) { 10855 req, out := c.ListOrganizationalUnitsForParentRequest(input) 10856 req.SetContext(ctx) 10857 req.ApplyOptions(opts...) 10858 return out, req.Send() 10859} 10860 10861// ListOrganizationalUnitsForParentPages iterates over the pages of a ListOrganizationalUnitsForParent operation, 10862// calling the "fn" function with the response data for each page. To stop 10863// iterating, return false from the fn function. 10864// 10865// See ListOrganizationalUnitsForParent method for more information on how to use this operation. 10866// 10867// Note: This operation can generate multiple requests to a service. 10868// 10869// // Example iterating over at most 3 pages of a ListOrganizationalUnitsForParent operation. 10870// pageNum := 0 10871// err := client.ListOrganizationalUnitsForParentPages(params, 10872// func(page *organizations.ListOrganizationalUnitsForParentOutput, lastPage bool) bool { 10873// pageNum++ 10874// fmt.Println(page) 10875// return pageNum <= 3 10876// }) 10877// 10878func (c *Organizations) ListOrganizationalUnitsForParentPages(input *ListOrganizationalUnitsForParentInput, fn func(*ListOrganizationalUnitsForParentOutput, bool) bool) error { 10879 return c.ListOrganizationalUnitsForParentPagesWithContext(aws.BackgroundContext(), input, fn) 10880} 10881 10882// ListOrganizationalUnitsForParentPagesWithContext same as ListOrganizationalUnitsForParentPages except 10883// it takes a Context and allows setting request options on the pages. 10884// 10885// The context must be non-nil and will be used for request cancellation. If 10886// the context is nil a panic will occur. In the future the SDK may create 10887// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 10888// for more information on using Contexts. 10889func (c *Organizations) ListOrganizationalUnitsForParentPagesWithContext(ctx aws.Context, input *ListOrganizationalUnitsForParentInput, fn func(*ListOrganizationalUnitsForParentOutput, bool) bool, opts ...request.Option) error { 10890 p := request.Pagination{ 10891 NewRequest: func() (*request.Request, error) { 10892 var inCpy *ListOrganizationalUnitsForParentInput 10893 if input != nil { 10894 tmp := *input 10895 inCpy = &tmp 10896 } 10897 req, _ := c.ListOrganizationalUnitsForParentRequest(inCpy) 10898 req.SetContext(ctx) 10899 req.ApplyOptions(opts...) 10900 return req, nil 10901 }, 10902 } 10903 10904 for p.Next() { 10905 if !fn(p.Page().(*ListOrganizationalUnitsForParentOutput), !p.HasNextPage()) { 10906 break 10907 } 10908 } 10909 10910 return p.Err() 10911} 10912 10913const opListParents = "ListParents" 10914 10915// ListParentsRequest generates a "aws/request.Request" representing the 10916// client's request for the ListParents operation. The "output" return 10917// value will be populated with the request's response once the request completes 10918// successfully. 10919// 10920// Use "Send" method on the returned Request to send the API call to the service. 10921// the "output" return value is not valid until after Send returns without error. 10922// 10923// See ListParents for more information on using the ListParents 10924// API call, and error handling. 10925// 10926// This method is useful when you want to inject custom logic or configuration 10927// into the SDK's request lifecycle. Such as custom headers, or retry logic. 10928// 10929// 10930// // Example sending a request using the ListParentsRequest method. 10931// req, resp := client.ListParentsRequest(params) 10932// 10933// err := req.Send() 10934// if err == nil { // resp is now filled 10935// fmt.Println(resp) 10936// } 10937// 10938// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListParents 10939func (c *Organizations) ListParentsRequest(input *ListParentsInput) (req *request.Request, output *ListParentsOutput) { 10940 op := &request.Operation{ 10941 Name: opListParents, 10942 HTTPMethod: "POST", 10943 HTTPPath: "/", 10944 Paginator: &request.Paginator{ 10945 InputTokens: []string{"NextToken"}, 10946 OutputTokens: []string{"NextToken"}, 10947 LimitToken: "MaxResults", 10948 TruncationToken: "", 10949 }, 10950 } 10951 10952 if input == nil { 10953 input = &ListParentsInput{} 10954 } 10955 10956 output = &ListParentsOutput{} 10957 req = c.newRequest(op, input, output) 10958 return 10959} 10960 10961// ListParents API operation for AWS Organizations. 10962// 10963// Lists the root or organizational units (OUs) that serve as the immediate 10964// parent of the specified child OU or account. This operation, along with ListChildren 10965// enables you to traverse the tree structure that makes up this root. 10966// 10967// Always check the NextToken response parameter for a null value when calling 10968// a List* operation. These operations can occasionally return an empty set 10969// of results even when there are more results available. The NextToken response 10970// parameter value is null only when there are no more results to display. 10971// 10972// This operation can be called only from the organization's management account 10973// or by a member account that is a delegated administrator for an AWS service. 10974// 10975// In the current release, a child can have only a single parent. 10976// 10977// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 10978// with awserr.Error's Code and Message methods to get detailed information about 10979// the error. 10980// 10981// See the AWS API reference guide for AWS Organizations's 10982// API operation ListParents for usage and error information. 10983// 10984// Returned Error Types: 10985// * AccessDeniedException 10986// You don't have permissions to perform the requested operation. The user or 10987// role that is making the request must have at least one IAM permissions policy 10988// attached that grants the required permissions. For more information, see 10989// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 10990// in the IAM User Guide. 10991// 10992// * AWSOrganizationsNotInUseException 10993// Your account isn't a member of an organization. To make this request, you 10994// must use the credentials of an account that belongs to an organization. 10995// 10996// * ChildNotFoundException 10997// We can't find an organizational unit (OU) or AWS account with the ChildId 10998// that you specified. 10999// 11000// * InvalidInputException 11001// The requested operation failed because you provided invalid values for one 11002// or more of the request parameters. This exception includes a reason that 11003// contains additional information about the violated limit: 11004// 11005// Some of the reasons in the following list might not be applicable to this 11006// specific API or operation. 11007// 11008// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 11009// the same entity. 11010// 11011// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 11012// can't be modified. 11013// 11014// * INPUT_REQUIRED: You must include a value for all required parameters. 11015// 11016// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 11017// for the invited account owner. 11018// 11019// * INVALID_ENUM: You specified an invalid value. 11020// 11021// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 11022// 11023// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 11024// characters. 11025// 11026// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 11027// at least one invalid value. 11028// 11029// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 11030// from the response to a previous call of the operation. 11031// 11032// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 11033// organization, or email) as a party. 11034// 11035// * INVALID_PATTERN: You provided a value that doesn't match the required 11036// pattern. 11037// 11038// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 11039// match the required pattern. 11040// 11041// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 11042// name can't begin with the reserved prefix AWSServiceRoleFor. 11043// 11044// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 11045// Name (ARN) for the organization. 11046// 11047// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 11048// 11049// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 11050// tag. You can’t add, edit, or delete system tag keys because they're 11051// reserved for AWS use. System tags don’t count against your tags per 11052// resource limit. 11053// 11054// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 11055// for the operation. 11056// 11057// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 11058// than allowed. 11059// 11060// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 11061// value than allowed. 11062// 11063// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 11064// than allowed. 11065// 11066// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 11067// value than allowed. 11068// 11069// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 11070// between entities in the same root. 11071// 11072// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 11073// target entity. 11074// 11075// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 11076// isn't recognized. 11077// 11078// * ServiceException 11079// AWS Organizations can't complete your request because of an internal service 11080// error. Try again later. 11081// 11082// * TooManyRequestsException 11083// You have sent too many requests in too short a period of time. The quota 11084// helps protect against denial-of-service attacks. Try again later. 11085// 11086// For information about quotas that affect AWS Organizations, see Quotas for 11087// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 11088// the AWS Organizations User Guide. 11089// 11090// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListParents 11091func (c *Organizations) ListParents(input *ListParentsInput) (*ListParentsOutput, error) { 11092 req, out := c.ListParentsRequest(input) 11093 return out, req.Send() 11094} 11095 11096// ListParentsWithContext is the same as ListParents with the addition of 11097// the ability to pass a context and additional request options. 11098// 11099// See ListParents for details on how to use this API operation. 11100// 11101// The context must be non-nil and will be used for request cancellation. If 11102// the context is nil a panic will occur. In the future the SDK may create 11103// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 11104// for more information on using Contexts. 11105func (c *Organizations) ListParentsWithContext(ctx aws.Context, input *ListParentsInput, opts ...request.Option) (*ListParentsOutput, error) { 11106 req, out := c.ListParentsRequest(input) 11107 req.SetContext(ctx) 11108 req.ApplyOptions(opts...) 11109 return out, req.Send() 11110} 11111 11112// ListParentsPages iterates over the pages of a ListParents operation, 11113// calling the "fn" function with the response data for each page. To stop 11114// iterating, return false from the fn function. 11115// 11116// See ListParents method for more information on how to use this operation. 11117// 11118// Note: This operation can generate multiple requests to a service. 11119// 11120// // Example iterating over at most 3 pages of a ListParents operation. 11121// pageNum := 0 11122// err := client.ListParentsPages(params, 11123// func(page *organizations.ListParentsOutput, lastPage bool) bool { 11124// pageNum++ 11125// fmt.Println(page) 11126// return pageNum <= 3 11127// }) 11128// 11129func (c *Organizations) ListParentsPages(input *ListParentsInput, fn func(*ListParentsOutput, bool) bool) error { 11130 return c.ListParentsPagesWithContext(aws.BackgroundContext(), input, fn) 11131} 11132 11133// ListParentsPagesWithContext same as ListParentsPages except 11134// it takes a Context and allows setting request options on the pages. 11135// 11136// The context must be non-nil and will be used for request cancellation. If 11137// the context is nil a panic will occur. In the future the SDK may create 11138// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 11139// for more information on using Contexts. 11140func (c *Organizations) ListParentsPagesWithContext(ctx aws.Context, input *ListParentsInput, fn func(*ListParentsOutput, bool) bool, opts ...request.Option) error { 11141 p := request.Pagination{ 11142 NewRequest: func() (*request.Request, error) { 11143 var inCpy *ListParentsInput 11144 if input != nil { 11145 tmp := *input 11146 inCpy = &tmp 11147 } 11148 req, _ := c.ListParentsRequest(inCpy) 11149 req.SetContext(ctx) 11150 req.ApplyOptions(opts...) 11151 return req, nil 11152 }, 11153 } 11154 11155 for p.Next() { 11156 if !fn(p.Page().(*ListParentsOutput), !p.HasNextPage()) { 11157 break 11158 } 11159 } 11160 11161 return p.Err() 11162} 11163 11164const opListPolicies = "ListPolicies" 11165 11166// ListPoliciesRequest generates a "aws/request.Request" representing the 11167// client's request for the ListPolicies operation. The "output" return 11168// value will be populated with the request's response once the request completes 11169// successfully. 11170// 11171// Use "Send" method on the returned Request to send the API call to the service. 11172// the "output" return value is not valid until after Send returns without error. 11173// 11174// See ListPolicies for more information on using the ListPolicies 11175// API call, and error handling. 11176// 11177// This method is useful when you want to inject custom logic or configuration 11178// into the SDK's request lifecycle. Such as custom headers, or retry logic. 11179// 11180// 11181// // Example sending a request using the ListPoliciesRequest method. 11182// req, resp := client.ListPoliciesRequest(params) 11183// 11184// err := req.Send() 11185// if err == nil { // resp is now filled 11186// fmt.Println(resp) 11187// } 11188// 11189// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPolicies 11190func (c *Organizations) ListPoliciesRequest(input *ListPoliciesInput) (req *request.Request, output *ListPoliciesOutput) { 11191 op := &request.Operation{ 11192 Name: opListPolicies, 11193 HTTPMethod: "POST", 11194 HTTPPath: "/", 11195 Paginator: &request.Paginator{ 11196 InputTokens: []string{"NextToken"}, 11197 OutputTokens: []string{"NextToken"}, 11198 LimitToken: "MaxResults", 11199 TruncationToken: "", 11200 }, 11201 } 11202 11203 if input == nil { 11204 input = &ListPoliciesInput{} 11205 } 11206 11207 output = &ListPoliciesOutput{} 11208 req = c.newRequest(op, input, output) 11209 return 11210} 11211 11212// ListPolicies API operation for AWS Organizations. 11213// 11214// Retrieves the list of all policies in an organization of a specified type. 11215// 11216// Always check the NextToken response parameter for a null value when calling 11217// a List* operation. These operations can occasionally return an empty set 11218// of results even when there are more results available. The NextToken response 11219// parameter value is null only when there are no more results to display. 11220// 11221// This operation can be called only from the organization's management account 11222// or by a member account that is a delegated administrator for an AWS service. 11223// 11224// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 11225// with awserr.Error's Code and Message methods to get detailed information about 11226// the error. 11227// 11228// See the AWS API reference guide for AWS Organizations's 11229// API operation ListPolicies for usage and error information. 11230// 11231// Returned Error Types: 11232// * AccessDeniedException 11233// You don't have permissions to perform the requested operation. The user or 11234// role that is making the request must have at least one IAM permissions policy 11235// attached that grants the required permissions. For more information, see 11236// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 11237// in the IAM User Guide. 11238// 11239// * AWSOrganizationsNotInUseException 11240// Your account isn't a member of an organization. To make this request, you 11241// must use the credentials of an account that belongs to an organization. 11242// 11243// * InvalidInputException 11244// The requested operation failed because you provided invalid values for one 11245// or more of the request parameters. This exception includes a reason that 11246// contains additional information about the violated limit: 11247// 11248// Some of the reasons in the following list might not be applicable to this 11249// specific API or operation. 11250// 11251// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 11252// the same entity. 11253// 11254// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 11255// can't be modified. 11256// 11257// * INPUT_REQUIRED: You must include a value for all required parameters. 11258// 11259// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 11260// for the invited account owner. 11261// 11262// * INVALID_ENUM: You specified an invalid value. 11263// 11264// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 11265// 11266// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 11267// characters. 11268// 11269// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 11270// at least one invalid value. 11271// 11272// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 11273// from the response to a previous call of the operation. 11274// 11275// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 11276// organization, or email) as a party. 11277// 11278// * INVALID_PATTERN: You provided a value that doesn't match the required 11279// pattern. 11280// 11281// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 11282// match the required pattern. 11283// 11284// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 11285// name can't begin with the reserved prefix AWSServiceRoleFor. 11286// 11287// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 11288// Name (ARN) for the organization. 11289// 11290// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 11291// 11292// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 11293// tag. You can’t add, edit, or delete system tag keys because they're 11294// reserved for AWS use. System tags don’t count against your tags per 11295// resource limit. 11296// 11297// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 11298// for the operation. 11299// 11300// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 11301// than allowed. 11302// 11303// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 11304// value than allowed. 11305// 11306// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 11307// than allowed. 11308// 11309// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 11310// value than allowed. 11311// 11312// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 11313// between entities in the same root. 11314// 11315// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 11316// target entity. 11317// 11318// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 11319// isn't recognized. 11320// 11321// * ServiceException 11322// AWS Organizations can't complete your request because of an internal service 11323// error. Try again later. 11324// 11325// * TooManyRequestsException 11326// You have sent too many requests in too short a period of time. The quota 11327// helps protect against denial-of-service attacks. Try again later. 11328// 11329// For information about quotas that affect AWS Organizations, see Quotas for 11330// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 11331// the AWS Organizations User Guide. 11332// 11333// * UnsupportedAPIEndpointException 11334// This action isn't available in the current AWS Region. 11335// 11336// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPolicies 11337func (c *Organizations) ListPolicies(input *ListPoliciesInput) (*ListPoliciesOutput, error) { 11338 req, out := c.ListPoliciesRequest(input) 11339 return out, req.Send() 11340} 11341 11342// ListPoliciesWithContext is the same as ListPolicies with the addition of 11343// the ability to pass a context and additional request options. 11344// 11345// See ListPolicies for details on how to use this API operation. 11346// 11347// The context must be non-nil and will be used for request cancellation. If 11348// the context is nil a panic will occur. In the future the SDK may create 11349// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 11350// for more information on using Contexts. 11351func (c *Organizations) ListPoliciesWithContext(ctx aws.Context, input *ListPoliciesInput, opts ...request.Option) (*ListPoliciesOutput, error) { 11352 req, out := c.ListPoliciesRequest(input) 11353 req.SetContext(ctx) 11354 req.ApplyOptions(opts...) 11355 return out, req.Send() 11356} 11357 11358// ListPoliciesPages iterates over the pages of a ListPolicies operation, 11359// calling the "fn" function with the response data for each page. To stop 11360// iterating, return false from the fn function. 11361// 11362// See ListPolicies method for more information on how to use this operation. 11363// 11364// Note: This operation can generate multiple requests to a service. 11365// 11366// // Example iterating over at most 3 pages of a ListPolicies operation. 11367// pageNum := 0 11368// err := client.ListPoliciesPages(params, 11369// func(page *organizations.ListPoliciesOutput, lastPage bool) bool { 11370// pageNum++ 11371// fmt.Println(page) 11372// return pageNum <= 3 11373// }) 11374// 11375func (c *Organizations) ListPoliciesPages(input *ListPoliciesInput, fn func(*ListPoliciesOutput, bool) bool) error { 11376 return c.ListPoliciesPagesWithContext(aws.BackgroundContext(), input, fn) 11377} 11378 11379// ListPoliciesPagesWithContext same as ListPoliciesPages except 11380// it takes a Context and allows setting request options on the pages. 11381// 11382// The context must be non-nil and will be used for request cancellation. If 11383// the context is nil a panic will occur. In the future the SDK may create 11384// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 11385// for more information on using Contexts. 11386func (c *Organizations) ListPoliciesPagesWithContext(ctx aws.Context, input *ListPoliciesInput, fn func(*ListPoliciesOutput, bool) bool, opts ...request.Option) error { 11387 p := request.Pagination{ 11388 NewRequest: func() (*request.Request, error) { 11389 var inCpy *ListPoliciesInput 11390 if input != nil { 11391 tmp := *input 11392 inCpy = &tmp 11393 } 11394 req, _ := c.ListPoliciesRequest(inCpy) 11395 req.SetContext(ctx) 11396 req.ApplyOptions(opts...) 11397 return req, nil 11398 }, 11399 } 11400 11401 for p.Next() { 11402 if !fn(p.Page().(*ListPoliciesOutput), !p.HasNextPage()) { 11403 break 11404 } 11405 } 11406 11407 return p.Err() 11408} 11409 11410const opListPoliciesForTarget = "ListPoliciesForTarget" 11411 11412// ListPoliciesForTargetRequest generates a "aws/request.Request" representing the 11413// client's request for the ListPoliciesForTarget operation. The "output" return 11414// value will be populated with the request's response once the request completes 11415// successfully. 11416// 11417// Use "Send" method on the returned Request to send the API call to the service. 11418// the "output" return value is not valid until after Send returns without error. 11419// 11420// See ListPoliciesForTarget for more information on using the ListPoliciesForTarget 11421// API call, and error handling. 11422// 11423// This method is useful when you want to inject custom logic or configuration 11424// into the SDK's request lifecycle. Such as custom headers, or retry logic. 11425// 11426// 11427// // Example sending a request using the ListPoliciesForTargetRequest method. 11428// req, resp := client.ListPoliciesForTargetRequest(params) 11429// 11430// err := req.Send() 11431// if err == nil { // resp is now filled 11432// fmt.Println(resp) 11433// } 11434// 11435// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPoliciesForTarget 11436func (c *Organizations) ListPoliciesForTargetRequest(input *ListPoliciesForTargetInput) (req *request.Request, output *ListPoliciesForTargetOutput) { 11437 op := &request.Operation{ 11438 Name: opListPoliciesForTarget, 11439 HTTPMethod: "POST", 11440 HTTPPath: "/", 11441 Paginator: &request.Paginator{ 11442 InputTokens: []string{"NextToken"}, 11443 OutputTokens: []string{"NextToken"}, 11444 LimitToken: "MaxResults", 11445 TruncationToken: "", 11446 }, 11447 } 11448 11449 if input == nil { 11450 input = &ListPoliciesForTargetInput{} 11451 } 11452 11453 output = &ListPoliciesForTargetOutput{} 11454 req = c.newRequest(op, input, output) 11455 return 11456} 11457 11458// ListPoliciesForTarget API operation for AWS Organizations. 11459// 11460// Lists the policies that are directly attached to the specified target root, 11461// organizational unit (OU), or account. You must specify the policy type that 11462// you want included in the returned list. 11463// 11464// Always check the NextToken response parameter for a null value when calling 11465// a List* operation. These operations can occasionally return an empty set 11466// of results even when there are more results available. The NextToken response 11467// parameter value is null only when there are no more results to display. 11468// 11469// This operation can be called only from the organization's management account 11470// or by a member account that is a delegated administrator for an AWS service. 11471// 11472// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 11473// with awserr.Error's Code and Message methods to get detailed information about 11474// the error. 11475// 11476// See the AWS API reference guide for AWS Organizations's 11477// API operation ListPoliciesForTarget for usage and error information. 11478// 11479// Returned Error Types: 11480// * AccessDeniedException 11481// You don't have permissions to perform the requested operation. The user or 11482// role that is making the request must have at least one IAM permissions policy 11483// attached that grants the required permissions. For more information, see 11484// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 11485// in the IAM User Guide. 11486// 11487// * AWSOrganizationsNotInUseException 11488// Your account isn't a member of an organization. To make this request, you 11489// must use the credentials of an account that belongs to an organization. 11490// 11491// * InvalidInputException 11492// The requested operation failed because you provided invalid values for one 11493// or more of the request parameters. This exception includes a reason that 11494// contains additional information about the violated limit: 11495// 11496// Some of the reasons in the following list might not be applicable to this 11497// specific API or operation. 11498// 11499// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 11500// the same entity. 11501// 11502// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 11503// can't be modified. 11504// 11505// * INPUT_REQUIRED: You must include a value for all required parameters. 11506// 11507// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 11508// for the invited account owner. 11509// 11510// * INVALID_ENUM: You specified an invalid value. 11511// 11512// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 11513// 11514// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 11515// characters. 11516// 11517// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 11518// at least one invalid value. 11519// 11520// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 11521// from the response to a previous call of the operation. 11522// 11523// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 11524// organization, or email) as a party. 11525// 11526// * INVALID_PATTERN: You provided a value that doesn't match the required 11527// pattern. 11528// 11529// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 11530// match the required pattern. 11531// 11532// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 11533// name can't begin with the reserved prefix AWSServiceRoleFor. 11534// 11535// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 11536// Name (ARN) for the organization. 11537// 11538// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 11539// 11540// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 11541// tag. You can’t add, edit, or delete system tag keys because they're 11542// reserved for AWS use. System tags don’t count against your tags per 11543// resource limit. 11544// 11545// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 11546// for the operation. 11547// 11548// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 11549// than allowed. 11550// 11551// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 11552// value than allowed. 11553// 11554// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 11555// than allowed. 11556// 11557// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 11558// value than allowed. 11559// 11560// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 11561// between entities in the same root. 11562// 11563// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 11564// target entity. 11565// 11566// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 11567// isn't recognized. 11568// 11569// * ServiceException 11570// AWS Organizations can't complete your request because of an internal service 11571// error. Try again later. 11572// 11573// * TargetNotFoundException 11574// We can't find a root, OU, account, or policy with the TargetId that you specified. 11575// 11576// * TooManyRequestsException 11577// You have sent too many requests in too short a period of time. The quota 11578// helps protect against denial-of-service attacks. Try again later. 11579// 11580// For information about quotas that affect AWS Organizations, see Quotas for 11581// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 11582// the AWS Organizations User Guide. 11583// 11584// * UnsupportedAPIEndpointException 11585// This action isn't available in the current AWS Region. 11586// 11587// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPoliciesForTarget 11588func (c *Organizations) ListPoliciesForTarget(input *ListPoliciesForTargetInput) (*ListPoliciesForTargetOutput, error) { 11589 req, out := c.ListPoliciesForTargetRequest(input) 11590 return out, req.Send() 11591} 11592 11593// ListPoliciesForTargetWithContext is the same as ListPoliciesForTarget with the addition of 11594// the ability to pass a context and additional request options. 11595// 11596// See ListPoliciesForTarget for details on how to use this API operation. 11597// 11598// The context must be non-nil and will be used for request cancellation. If 11599// the context is nil a panic will occur. In the future the SDK may create 11600// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 11601// for more information on using Contexts. 11602func (c *Organizations) ListPoliciesForTargetWithContext(ctx aws.Context, input *ListPoliciesForTargetInput, opts ...request.Option) (*ListPoliciesForTargetOutput, error) { 11603 req, out := c.ListPoliciesForTargetRequest(input) 11604 req.SetContext(ctx) 11605 req.ApplyOptions(opts...) 11606 return out, req.Send() 11607} 11608 11609// ListPoliciesForTargetPages iterates over the pages of a ListPoliciesForTarget operation, 11610// calling the "fn" function with the response data for each page. To stop 11611// iterating, return false from the fn function. 11612// 11613// See ListPoliciesForTarget method for more information on how to use this operation. 11614// 11615// Note: This operation can generate multiple requests to a service. 11616// 11617// // Example iterating over at most 3 pages of a ListPoliciesForTarget operation. 11618// pageNum := 0 11619// err := client.ListPoliciesForTargetPages(params, 11620// func(page *organizations.ListPoliciesForTargetOutput, lastPage bool) bool { 11621// pageNum++ 11622// fmt.Println(page) 11623// return pageNum <= 3 11624// }) 11625// 11626func (c *Organizations) ListPoliciesForTargetPages(input *ListPoliciesForTargetInput, fn func(*ListPoliciesForTargetOutput, bool) bool) error { 11627 return c.ListPoliciesForTargetPagesWithContext(aws.BackgroundContext(), input, fn) 11628} 11629 11630// ListPoliciesForTargetPagesWithContext same as ListPoliciesForTargetPages except 11631// it takes a Context and allows setting request options on the pages. 11632// 11633// The context must be non-nil and will be used for request cancellation. If 11634// the context is nil a panic will occur. In the future the SDK may create 11635// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 11636// for more information on using Contexts. 11637func (c *Organizations) ListPoliciesForTargetPagesWithContext(ctx aws.Context, input *ListPoliciesForTargetInput, fn func(*ListPoliciesForTargetOutput, bool) bool, opts ...request.Option) error { 11638 p := request.Pagination{ 11639 NewRequest: func() (*request.Request, error) { 11640 var inCpy *ListPoliciesForTargetInput 11641 if input != nil { 11642 tmp := *input 11643 inCpy = &tmp 11644 } 11645 req, _ := c.ListPoliciesForTargetRequest(inCpy) 11646 req.SetContext(ctx) 11647 req.ApplyOptions(opts...) 11648 return req, nil 11649 }, 11650 } 11651 11652 for p.Next() { 11653 if !fn(p.Page().(*ListPoliciesForTargetOutput), !p.HasNextPage()) { 11654 break 11655 } 11656 } 11657 11658 return p.Err() 11659} 11660 11661const opListRoots = "ListRoots" 11662 11663// ListRootsRequest generates a "aws/request.Request" representing the 11664// client's request for the ListRoots operation. The "output" return 11665// value will be populated with the request's response once the request completes 11666// successfully. 11667// 11668// Use "Send" method on the returned Request to send the API call to the service. 11669// the "output" return value is not valid until after Send returns without error. 11670// 11671// See ListRoots for more information on using the ListRoots 11672// API call, and error handling. 11673// 11674// This method is useful when you want to inject custom logic or configuration 11675// into the SDK's request lifecycle. Such as custom headers, or retry logic. 11676// 11677// 11678// // Example sending a request using the ListRootsRequest method. 11679// req, resp := client.ListRootsRequest(params) 11680// 11681// err := req.Send() 11682// if err == nil { // resp is now filled 11683// fmt.Println(resp) 11684// } 11685// 11686// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListRoots 11687func (c *Organizations) ListRootsRequest(input *ListRootsInput) (req *request.Request, output *ListRootsOutput) { 11688 op := &request.Operation{ 11689 Name: opListRoots, 11690 HTTPMethod: "POST", 11691 HTTPPath: "/", 11692 Paginator: &request.Paginator{ 11693 InputTokens: []string{"NextToken"}, 11694 OutputTokens: []string{"NextToken"}, 11695 LimitToken: "MaxResults", 11696 TruncationToken: "", 11697 }, 11698 } 11699 11700 if input == nil { 11701 input = &ListRootsInput{} 11702 } 11703 11704 output = &ListRootsOutput{} 11705 req = c.newRequest(op, input, output) 11706 return 11707} 11708 11709// ListRoots API operation for AWS Organizations. 11710// 11711// Lists the roots that are defined in the current organization. 11712// 11713// Always check the NextToken response parameter for a null value when calling 11714// a List* operation. These operations can occasionally return an empty set 11715// of results even when there are more results available. The NextToken response 11716// parameter value is null only when there are no more results to display. 11717// 11718// This operation can be called only from the organization's management account 11719// or by a member account that is a delegated administrator for an AWS service. 11720// 11721// Policy types can be enabled and disabled in roots. This is distinct from 11722// whether they're available in the organization. When you enable all features, 11723// you make policy types available for use in that organization. Individual 11724// policy types can then be enabled and disabled in a root. To see the availability 11725// of a policy type in an organization, use DescribeOrganization. 11726// 11727// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 11728// with awserr.Error's Code and Message methods to get detailed information about 11729// the error. 11730// 11731// See the AWS API reference guide for AWS Organizations's 11732// API operation ListRoots for usage and error information. 11733// 11734// Returned Error Types: 11735// * AccessDeniedException 11736// You don't have permissions to perform the requested operation. The user or 11737// role that is making the request must have at least one IAM permissions policy 11738// attached that grants the required permissions. For more information, see 11739// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 11740// in the IAM User Guide. 11741// 11742// * AWSOrganizationsNotInUseException 11743// Your account isn't a member of an organization. To make this request, you 11744// must use the credentials of an account that belongs to an organization. 11745// 11746// * InvalidInputException 11747// The requested operation failed because you provided invalid values for one 11748// or more of the request parameters. This exception includes a reason that 11749// contains additional information about the violated limit: 11750// 11751// Some of the reasons in the following list might not be applicable to this 11752// specific API or operation. 11753// 11754// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 11755// the same entity. 11756// 11757// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 11758// can't be modified. 11759// 11760// * INPUT_REQUIRED: You must include a value for all required parameters. 11761// 11762// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 11763// for the invited account owner. 11764// 11765// * INVALID_ENUM: You specified an invalid value. 11766// 11767// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 11768// 11769// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 11770// characters. 11771// 11772// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 11773// at least one invalid value. 11774// 11775// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 11776// from the response to a previous call of the operation. 11777// 11778// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 11779// organization, or email) as a party. 11780// 11781// * INVALID_PATTERN: You provided a value that doesn't match the required 11782// pattern. 11783// 11784// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 11785// match the required pattern. 11786// 11787// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 11788// name can't begin with the reserved prefix AWSServiceRoleFor. 11789// 11790// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 11791// Name (ARN) for the organization. 11792// 11793// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 11794// 11795// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 11796// tag. You can’t add, edit, or delete system tag keys because they're 11797// reserved for AWS use. System tags don’t count against your tags per 11798// resource limit. 11799// 11800// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 11801// for the operation. 11802// 11803// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 11804// than allowed. 11805// 11806// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 11807// value than allowed. 11808// 11809// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 11810// than allowed. 11811// 11812// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 11813// value than allowed. 11814// 11815// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 11816// between entities in the same root. 11817// 11818// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 11819// target entity. 11820// 11821// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 11822// isn't recognized. 11823// 11824// * ServiceException 11825// AWS Organizations can't complete your request because of an internal service 11826// error. Try again later. 11827// 11828// * TooManyRequestsException 11829// You have sent too many requests in too short a period of time. The quota 11830// helps protect against denial-of-service attacks. Try again later. 11831// 11832// For information about quotas that affect AWS Organizations, see Quotas for 11833// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 11834// the AWS Organizations User Guide. 11835// 11836// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListRoots 11837func (c *Organizations) ListRoots(input *ListRootsInput) (*ListRootsOutput, error) { 11838 req, out := c.ListRootsRequest(input) 11839 return out, req.Send() 11840} 11841 11842// ListRootsWithContext is the same as ListRoots with the addition of 11843// the ability to pass a context and additional request options. 11844// 11845// See ListRoots for details on how to use this API operation. 11846// 11847// The context must be non-nil and will be used for request cancellation. If 11848// the context is nil a panic will occur. In the future the SDK may create 11849// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 11850// for more information on using Contexts. 11851func (c *Organizations) ListRootsWithContext(ctx aws.Context, input *ListRootsInput, opts ...request.Option) (*ListRootsOutput, error) { 11852 req, out := c.ListRootsRequest(input) 11853 req.SetContext(ctx) 11854 req.ApplyOptions(opts...) 11855 return out, req.Send() 11856} 11857 11858// ListRootsPages iterates over the pages of a ListRoots operation, 11859// calling the "fn" function with the response data for each page. To stop 11860// iterating, return false from the fn function. 11861// 11862// See ListRoots method for more information on how to use this operation. 11863// 11864// Note: This operation can generate multiple requests to a service. 11865// 11866// // Example iterating over at most 3 pages of a ListRoots operation. 11867// pageNum := 0 11868// err := client.ListRootsPages(params, 11869// func(page *organizations.ListRootsOutput, lastPage bool) bool { 11870// pageNum++ 11871// fmt.Println(page) 11872// return pageNum <= 3 11873// }) 11874// 11875func (c *Organizations) ListRootsPages(input *ListRootsInput, fn func(*ListRootsOutput, bool) bool) error { 11876 return c.ListRootsPagesWithContext(aws.BackgroundContext(), input, fn) 11877} 11878 11879// ListRootsPagesWithContext same as ListRootsPages except 11880// it takes a Context and allows setting request options on the pages. 11881// 11882// The context must be non-nil and will be used for request cancellation. If 11883// the context is nil a panic will occur. In the future the SDK may create 11884// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 11885// for more information on using Contexts. 11886func (c *Organizations) ListRootsPagesWithContext(ctx aws.Context, input *ListRootsInput, fn func(*ListRootsOutput, bool) bool, opts ...request.Option) error { 11887 p := request.Pagination{ 11888 NewRequest: func() (*request.Request, error) { 11889 var inCpy *ListRootsInput 11890 if input != nil { 11891 tmp := *input 11892 inCpy = &tmp 11893 } 11894 req, _ := c.ListRootsRequest(inCpy) 11895 req.SetContext(ctx) 11896 req.ApplyOptions(opts...) 11897 return req, nil 11898 }, 11899 } 11900 11901 for p.Next() { 11902 if !fn(p.Page().(*ListRootsOutput), !p.HasNextPage()) { 11903 break 11904 } 11905 } 11906 11907 return p.Err() 11908} 11909 11910const opListTagsForResource = "ListTagsForResource" 11911 11912// ListTagsForResourceRequest generates a "aws/request.Request" representing the 11913// client's request for the ListTagsForResource operation. The "output" return 11914// value will be populated with the request's response once the request completes 11915// successfully. 11916// 11917// Use "Send" method on the returned Request to send the API call to the service. 11918// the "output" return value is not valid until after Send returns without error. 11919// 11920// See ListTagsForResource for more information on using the ListTagsForResource 11921// API call, and error handling. 11922// 11923// This method is useful when you want to inject custom logic or configuration 11924// into the SDK's request lifecycle. Such as custom headers, or retry logic. 11925// 11926// 11927// // Example sending a request using the ListTagsForResourceRequest method. 11928// req, resp := client.ListTagsForResourceRequest(params) 11929// 11930// err := req.Send() 11931// if err == nil { // resp is now filled 11932// fmt.Println(resp) 11933// } 11934// 11935// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTagsForResource 11936func (c *Organizations) ListTagsForResourceRequest(input *ListTagsForResourceInput) (req *request.Request, output *ListTagsForResourceOutput) { 11937 op := &request.Operation{ 11938 Name: opListTagsForResource, 11939 HTTPMethod: "POST", 11940 HTTPPath: "/", 11941 Paginator: &request.Paginator{ 11942 InputTokens: []string{"NextToken"}, 11943 OutputTokens: []string{"NextToken"}, 11944 LimitToken: "", 11945 TruncationToken: "", 11946 }, 11947 } 11948 11949 if input == nil { 11950 input = &ListTagsForResourceInput{} 11951 } 11952 11953 output = &ListTagsForResourceOutput{} 11954 req = c.newRequest(op, input, output) 11955 return 11956} 11957 11958// ListTagsForResource API operation for AWS Organizations. 11959// 11960// Lists tags that are attached to the specified resource. 11961// 11962// You can attach tags to the following resources in AWS Organizations. 11963// 11964// * AWS account 11965// 11966// * Organization root 11967// 11968// * Organizational unit (OU) 11969// 11970// * Policy (any type) 11971// 11972// This operation can be called only from the organization's management account 11973// or by a member account that is a delegated administrator for an AWS service. 11974// 11975// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 11976// with awserr.Error's Code and Message methods to get detailed information about 11977// the error. 11978// 11979// See the AWS API reference guide for AWS Organizations's 11980// API operation ListTagsForResource for usage and error information. 11981// 11982// Returned Error Types: 11983// * AccessDeniedException 11984// You don't have permissions to perform the requested operation. The user or 11985// role that is making the request must have at least one IAM permissions policy 11986// attached that grants the required permissions. For more information, see 11987// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 11988// in the IAM User Guide. 11989// 11990// * AWSOrganizationsNotInUseException 11991// Your account isn't a member of an organization. To make this request, you 11992// must use the credentials of an account that belongs to an organization. 11993// 11994// * TargetNotFoundException 11995// We can't find a root, OU, account, or policy with the TargetId that you specified. 11996// 11997// * InvalidInputException 11998// The requested operation failed because you provided invalid values for one 11999// or more of the request parameters. This exception includes a reason that 12000// contains additional information about the violated limit: 12001// 12002// Some of the reasons in the following list might not be applicable to this 12003// specific API or operation. 12004// 12005// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 12006// the same entity. 12007// 12008// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 12009// can't be modified. 12010// 12011// * INPUT_REQUIRED: You must include a value for all required parameters. 12012// 12013// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 12014// for the invited account owner. 12015// 12016// * INVALID_ENUM: You specified an invalid value. 12017// 12018// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 12019// 12020// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 12021// characters. 12022// 12023// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 12024// at least one invalid value. 12025// 12026// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 12027// from the response to a previous call of the operation. 12028// 12029// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 12030// organization, or email) as a party. 12031// 12032// * INVALID_PATTERN: You provided a value that doesn't match the required 12033// pattern. 12034// 12035// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 12036// match the required pattern. 12037// 12038// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 12039// name can't begin with the reserved prefix AWSServiceRoleFor. 12040// 12041// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 12042// Name (ARN) for the organization. 12043// 12044// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 12045// 12046// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 12047// tag. You can’t add, edit, or delete system tag keys because they're 12048// reserved for AWS use. System tags don’t count against your tags per 12049// resource limit. 12050// 12051// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 12052// for the operation. 12053// 12054// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 12055// than allowed. 12056// 12057// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 12058// value than allowed. 12059// 12060// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 12061// than allowed. 12062// 12063// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 12064// value than allowed. 12065// 12066// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 12067// between entities in the same root. 12068// 12069// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 12070// target entity. 12071// 12072// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 12073// isn't recognized. 12074// 12075// * ServiceException 12076// AWS Organizations can't complete your request because of an internal service 12077// error. Try again later. 12078// 12079// * TooManyRequestsException 12080// You have sent too many requests in too short a period of time. The quota 12081// helps protect against denial-of-service attacks. Try again later. 12082// 12083// For information about quotas that affect AWS Organizations, see Quotas for 12084// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 12085// the AWS Organizations User Guide. 12086// 12087// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTagsForResource 12088func (c *Organizations) ListTagsForResource(input *ListTagsForResourceInput) (*ListTagsForResourceOutput, error) { 12089 req, out := c.ListTagsForResourceRequest(input) 12090 return out, req.Send() 12091} 12092 12093// ListTagsForResourceWithContext is the same as ListTagsForResource with the addition of 12094// the ability to pass a context and additional request options. 12095// 12096// See ListTagsForResource for details on how to use this API operation. 12097// 12098// The context must be non-nil and will be used for request cancellation. If 12099// the context is nil a panic will occur. In the future the SDK may create 12100// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 12101// for more information on using Contexts. 12102func (c *Organizations) ListTagsForResourceWithContext(ctx aws.Context, input *ListTagsForResourceInput, opts ...request.Option) (*ListTagsForResourceOutput, error) { 12103 req, out := c.ListTagsForResourceRequest(input) 12104 req.SetContext(ctx) 12105 req.ApplyOptions(opts...) 12106 return out, req.Send() 12107} 12108 12109// ListTagsForResourcePages iterates over the pages of a ListTagsForResource operation, 12110// calling the "fn" function with the response data for each page. To stop 12111// iterating, return false from the fn function. 12112// 12113// See ListTagsForResource method for more information on how to use this operation. 12114// 12115// Note: This operation can generate multiple requests to a service. 12116// 12117// // Example iterating over at most 3 pages of a ListTagsForResource operation. 12118// pageNum := 0 12119// err := client.ListTagsForResourcePages(params, 12120// func(page *organizations.ListTagsForResourceOutput, lastPage bool) bool { 12121// pageNum++ 12122// fmt.Println(page) 12123// return pageNum <= 3 12124// }) 12125// 12126func (c *Organizations) ListTagsForResourcePages(input *ListTagsForResourceInput, fn func(*ListTagsForResourceOutput, bool) bool) error { 12127 return c.ListTagsForResourcePagesWithContext(aws.BackgroundContext(), input, fn) 12128} 12129 12130// ListTagsForResourcePagesWithContext same as ListTagsForResourcePages except 12131// it takes a Context and allows setting request options on the pages. 12132// 12133// The context must be non-nil and will be used for request cancellation. If 12134// the context is nil a panic will occur. In the future the SDK may create 12135// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 12136// for more information on using Contexts. 12137func (c *Organizations) ListTagsForResourcePagesWithContext(ctx aws.Context, input *ListTagsForResourceInput, fn func(*ListTagsForResourceOutput, bool) bool, opts ...request.Option) error { 12138 p := request.Pagination{ 12139 NewRequest: func() (*request.Request, error) { 12140 var inCpy *ListTagsForResourceInput 12141 if input != nil { 12142 tmp := *input 12143 inCpy = &tmp 12144 } 12145 req, _ := c.ListTagsForResourceRequest(inCpy) 12146 req.SetContext(ctx) 12147 req.ApplyOptions(opts...) 12148 return req, nil 12149 }, 12150 } 12151 12152 for p.Next() { 12153 if !fn(p.Page().(*ListTagsForResourceOutput), !p.HasNextPage()) { 12154 break 12155 } 12156 } 12157 12158 return p.Err() 12159} 12160 12161const opListTargetsForPolicy = "ListTargetsForPolicy" 12162 12163// ListTargetsForPolicyRequest generates a "aws/request.Request" representing the 12164// client's request for the ListTargetsForPolicy operation. The "output" return 12165// value will be populated with the request's response once the request completes 12166// successfully. 12167// 12168// Use "Send" method on the returned Request to send the API call to the service. 12169// the "output" return value is not valid until after Send returns without error. 12170// 12171// See ListTargetsForPolicy for more information on using the ListTargetsForPolicy 12172// API call, and error handling. 12173// 12174// This method is useful when you want to inject custom logic or configuration 12175// into the SDK's request lifecycle. Such as custom headers, or retry logic. 12176// 12177// 12178// // Example sending a request using the ListTargetsForPolicyRequest method. 12179// req, resp := client.ListTargetsForPolicyRequest(params) 12180// 12181// err := req.Send() 12182// if err == nil { // resp is now filled 12183// fmt.Println(resp) 12184// } 12185// 12186// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTargetsForPolicy 12187func (c *Organizations) ListTargetsForPolicyRequest(input *ListTargetsForPolicyInput) (req *request.Request, output *ListTargetsForPolicyOutput) { 12188 op := &request.Operation{ 12189 Name: opListTargetsForPolicy, 12190 HTTPMethod: "POST", 12191 HTTPPath: "/", 12192 Paginator: &request.Paginator{ 12193 InputTokens: []string{"NextToken"}, 12194 OutputTokens: []string{"NextToken"}, 12195 LimitToken: "MaxResults", 12196 TruncationToken: "", 12197 }, 12198 } 12199 12200 if input == nil { 12201 input = &ListTargetsForPolicyInput{} 12202 } 12203 12204 output = &ListTargetsForPolicyOutput{} 12205 req = c.newRequest(op, input, output) 12206 return 12207} 12208 12209// ListTargetsForPolicy API operation for AWS Organizations. 12210// 12211// Lists all the roots, organizational units (OUs), and accounts that the specified 12212// policy is attached to. 12213// 12214// Always check the NextToken response parameter for a null value when calling 12215// a List* operation. These operations can occasionally return an empty set 12216// of results even when there are more results available. The NextToken response 12217// parameter value is null only when there are no more results to display. 12218// 12219// This operation can be called only from the organization's management account 12220// or by a member account that is a delegated administrator for an AWS service. 12221// 12222// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 12223// with awserr.Error's Code and Message methods to get detailed information about 12224// the error. 12225// 12226// See the AWS API reference guide for AWS Organizations's 12227// API operation ListTargetsForPolicy for usage and error information. 12228// 12229// Returned Error Types: 12230// * AccessDeniedException 12231// You don't have permissions to perform the requested operation. The user or 12232// role that is making the request must have at least one IAM permissions policy 12233// attached that grants the required permissions. For more information, see 12234// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 12235// in the IAM User Guide. 12236// 12237// * AWSOrganizationsNotInUseException 12238// Your account isn't a member of an organization. To make this request, you 12239// must use the credentials of an account that belongs to an organization. 12240// 12241// * InvalidInputException 12242// The requested operation failed because you provided invalid values for one 12243// or more of the request parameters. This exception includes a reason that 12244// contains additional information about the violated limit: 12245// 12246// Some of the reasons in the following list might not be applicable to this 12247// specific API or operation. 12248// 12249// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 12250// the same entity. 12251// 12252// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 12253// can't be modified. 12254// 12255// * INPUT_REQUIRED: You must include a value for all required parameters. 12256// 12257// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 12258// for the invited account owner. 12259// 12260// * INVALID_ENUM: You specified an invalid value. 12261// 12262// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 12263// 12264// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 12265// characters. 12266// 12267// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 12268// at least one invalid value. 12269// 12270// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 12271// from the response to a previous call of the operation. 12272// 12273// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 12274// organization, or email) as a party. 12275// 12276// * INVALID_PATTERN: You provided a value that doesn't match the required 12277// pattern. 12278// 12279// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 12280// match the required pattern. 12281// 12282// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 12283// name can't begin with the reserved prefix AWSServiceRoleFor. 12284// 12285// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 12286// Name (ARN) for the organization. 12287// 12288// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 12289// 12290// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 12291// tag. You can’t add, edit, or delete system tag keys because they're 12292// reserved for AWS use. System tags don’t count against your tags per 12293// resource limit. 12294// 12295// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 12296// for the operation. 12297// 12298// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 12299// than allowed. 12300// 12301// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 12302// value than allowed. 12303// 12304// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 12305// than allowed. 12306// 12307// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 12308// value than allowed. 12309// 12310// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 12311// between entities in the same root. 12312// 12313// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 12314// target entity. 12315// 12316// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 12317// isn't recognized. 12318// 12319// * PolicyNotFoundException 12320// We can't find a policy with the PolicyId that you specified. 12321// 12322// * ServiceException 12323// AWS Organizations can't complete your request because of an internal service 12324// error. Try again later. 12325// 12326// * TooManyRequestsException 12327// You have sent too many requests in too short a period of time. The quota 12328// helps protect against denial-of-service attacks. Try again later. 12329// 12330// For information about quotas that affect AWS Organizations, see Quotas for 12331// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 12332// the AWS Organizations User Guide. 12333// 12334// * UnsupportedAPIEndpointException 12335// This action isn't available in the current AWS Region. 12336// 12337// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTargetsForPolicy 12338func (c *Organizations) ListTargetsForPolicy(input *ListTargetsForPolicyInput) (*ListTargetsForPolicyOutput, error) { 12339 req, out := c.ListTargetsForPolicyRequest(input) 12340 return out, req.Send() 12341} 12342 12343// ListTargetsForPolicyWithContext is the same as ListTargetsForPolicy with the addition of 12344// the ability to pass a context and additional request options. 12345// 12346// See ListTargetsForPolicy for details on how to use this API operation. 12347// 12348// The context must be non-nil and will be used for request cancellation. If 12349// the context is nil a panic will occur. In the future the SDK may create 12350// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 12351// for more information on using Contexts. 12352func (c *Organizations) ListTargetsForPolicyWithContext(ctx aws.Context, input *ListTargetsForPolicyInput, opts ...request.Option) (*ListTargetsForPolicyOutput, error) { 12353 req, out := c.ListTargetsForPolicyRequest(input) 12354 req.SetContext(ctx) 12355 req.ApplyOptions(opts...) 12356 return out, req.Send() 12357} 12358 12359// ListTargetsForPolicyPages iterates over the pages of a ListTargetsForPolicy operation, 12360// calling the "fn" function with the response data for each page. To stop 12361// iterating, return false from the fn function. 12362// 12363// See ListTargetsForPolicy method for more information on how to use this operation. 12364// 12365// Note: This operation can generate multiple requests to a service. 12366// 12367// // Example iterating over at most 3 pages of a ListTargetsForPolicy operation. 12368// pageNum := 0 12369// err := client.ListTargetsForPolicyPages(params, 12370// func(page *organizations.ListTargetsForPolicyOutput, lastPage bool) bool { 12371// pageNum++ 12372// fmt.Println(page) 12373// return pageNum <= 3 12374// }) 12375// 12376func (c *Organizations) ListTargetsForPolicyPages(input *ListTargetsForPolicyInput, fn func(*ListTargetsForPolicyOutput, bool) bool) error { 12377 return c.ListTargetsForPolicyPagesWithContext(aws.BackgroundContext(), input, fn) 12378} 12379 12380// ListTargetsForPolicyPagesWithContext same as ListTargetsForPolicyPages except 12381// it takes a Context and allows setting request options on the pages. 12382// 12383// The context must be non-nil and will be used for request cancellation. If 12384// the context is nil a panic will occur. In the future the SDK may create 12385// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 12386// for more information on using Contexts. 12387func (c *Organizations) ListTargetsForPolicyPagesWithContext(ctx aws.Context, input *ListTargetsForPolicyInput, fn func(*ListTargetsForPolicyOutput, bool) bool, opts ...request.Option) error { 12388 p := request.Pagination{ 12389 NewRequest: func() (*request.Request, error) { 12390 var inCpy *ListTargetsForPolicyInput 12391 if input != nil { 12392 tmp := *input 12393 inCpy = &tmp 12394 } 12395 req, _ := c.ListTargetsForPolicyRequest(inCpy) 12396 req.SetContext(ctx) 12397 req.ApplyOptions(opts...) 12398 return req, nil 12399 }, 12400 } 12401 12402 for p.Next() { 12403 if !fn(p.Page().(*ListTargetsForPolicyOutput), !p.HasNextPage()) { 12404 break 12405 } 12406 } 12407 12408 return p.Err() 12409} 12410 12411const opMoveAccount = "MoveAccount" 12412 12413// MoveAccountRequest generates a "aws/request.Request" representing the 12414// client's request for the MoveAccount operation. The "output" return 12415// value will be populated with the request's response once the request completes 12416// successfully. 12417// 12418// Use "Send" method on the returned Request to send the API call to the service. 12419// the "output" return value is not valid until after Send returns without error. 12420// 12421// See MoveAccount for more information on using the MoveAccount 12422// API call, and error handling. 12423// 12424// This method is useful when you want to inject custom logic or configuration 12425// into the SDK's request lifecycle. Such as custom headers, or retry logic. 12426// 12427// 12428// // Example sending a request using the MoveAccountRequest method. 12429// req, resp := client.MoveAccountRequest(params) 12430// 12431// err := req.Send() 12432// if err == nil { // resp is now filled 12433// fmt.Println(resp) 12434// } 12435// 12436// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/MoveAccount 12437func (c *Organizations) MoveAccountRequest(input *MoveAccountInput) (req *request.Request, output *MoveAccountOutput) { 12438 op := &request.Operation{ 12439 Name: opMoveAccount, 12440 HTTPMethod: "POST", 12441 HTTPPath: "/", 12442 } 12443 12444 if input == nil { 12445 input = &MoveAccountInput{} 12446 } 12447 12448 output = &MoveAccountOutput{} 12449 req = c.newRequest(op, input, output) 12450 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 12451 return 12452} 12453 12454// MoveAccount API operation for AWS Organizations. 12455// 12456// Moves an account from its current source parent root or organizational unit 12457// (OU) to the specified destination parent root or OU. 12458// 12459// This operation can be called only from the organization's management account. 12460// 12461// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 12462// with awserr.Error's Code and Message methods to get detailed information about 12463// the error. 12464// 12465// See the AWS API reference guide for AWS Organizations's 12466// API operation MoveAccount for usage and error information. 12467// 12468// Returned Error Types: 12469// * AccessDeniedException 12470// You don't have permissions to perform the requested operation. The user or 12471// role that is making the request must have at least one IAM permissions policy 12472// attached that grants the required permissions. For more information, see 12473// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 12474// in the IAM User Guide. 12475// 12476// * InvalidInputException 12477// The requested operation failed because you provided invalid values for one 12478// or more of the request parameters. This exception includes a reason that 12479// contains additional information about the violated limit: 12480// 12481// Some of the reasons in the following list might not be applicable to this 12482// specific API or operation. 12483// 12484// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 12485// the same entity. 12486// 12487// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 12488// can't be modified. 12489// 12490// * INPUT_REQUIRED: You must include a value for all required parameters. 12491// 12492// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 12493// for the invited account owner. 12494// 12495// * INVALID_ENUM: You specified an invalid value. 12496// 12497// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 12498// 12499// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 12500// characters. 12501// 12502// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 12503// at least one invalid value. 12504// 12505// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 12506// from the response to a previous call of the operation. 12507// 12508// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 12509// organization, or email) as a party. 12510// 12511// * INVALID_PATTERN: You provided a value that doesn't match the required 12512// pattern. 12513// 12514// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 12515// match the required pattern. 12516// 12517// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 12518// name can't begin with the reserved prefix AWSServiceRoleFor. 12519// 12520// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 12521// Name (ARN) for the organization. 12522// 12523// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 12524// 12525// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 12526// tag. You can’t add, edit, or delete system tag keys because they're 12527// reserved for AWS use. System tags don’t count against your tags per 12528// resource limit. 12529// 12530// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 12531// for the operation. 12532// 12533// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 12534// than allowed. 12535// 12536// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 12537// value than allowed. 12538// 12539// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 12540// than allowed. 12541// 12542// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 12543// value than allowed. 12544// 12545// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 12546// between entities in the same root. 12547// 12548// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 12549// target entity. 12550// 12551// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 12552// isn't recognized. 12553// 12554// * SourceParentNotFoundException 12555// We can't find a source root or OU with the ParentId that you specified. 12556// 12557// * DestinationParentNotFoundException 12558// We can't find the destination container (a root or OU) with the ParentId 12559// that you specified. 12560// 12561// * DuplicateAccountException 12562// That account is already present in the specified destination. 12563// 12564// * AccountNotFoundException 12565// We can't find an AWS account with the AccountId that you specified, or the 12566// account whose credentials you used to make this request isn't a member of 12567// an organization. 12568// 12569// * TooManyRequestsException 12570// You have sent too many requests in too short a period of time. The quota 12571// helps protect against denial-of-service attacks. Try again later. 12572// 12573// For information about quotas that affect AWS Organizations, see Quotas for 12574// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 12575// the AWS Organizations User Guide. 12576// 12577// * ConcurrentModificationException 12578// The target of the operation is currently being modified by a different request. 12579// Try again later. 12580// 12581// * AWSOrganizationsNotInUseException 12582// Your account isn't a member of an organization. To make this request, you 12583// must use the credentials of an account that belongs to an organization. 12584// 12585// * ServiceException 12586// AWS Organizations can't complete your request because of an internal service 12587// error. Try again later. 12588// 12589// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/MoveAccount 12590func (c *Organizations) MoveAccount(input *MoveAccountInput) (*MoveAccountOutput, error) { 12591 req, out := c.MoveAccountRequest(input) 12592 return out, req.Send() 12593} 12594 12595// MoveAccountWithContext is the same as MoveAccount with the addition of 12596// the ability to pass a context and additional request options. 12597// 12598// See MoveAccount for details on how to use this API operation. 12599// 12600// The context must be non-nil and will be used for request cancellation. If 12601// the context is nil a panic will occur. In the future the SDK may create 12602// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 12603// for more information on using Contexts. 12604func (c *Organizations) MoveAccountWithContext(ctx aws.Context, input *MoveAccountInput, opts ...request.Option) (*MoveAccountOutput, error) { 12605 req, out := c.MoveAccountRequest(input) 12606 req.SetContext(ctx) 12607 req.ApplyOptions(opts...) 12608 return out, req.Send() 12609} 12610 12611const opRegisterDelegatedAdministrator = "RegisterDelegatedAdministrator" 12612 12613// RegisterDelegatedAdministratorRequest generates a "aws/request.Request" representing the 12614// client's request for the RegisterDelegatedAdministrator operation. The "output" return 12615// value will be populated with the request's response once the request completes 12616// successfully. 12617// 12618// Use "Send" method on the returned Request to send the API call to the service. 12619// the "output" return value is not valid until after Send returns without error. 12620// 12621// See RegisterDelegatedAdministrator for more information on using the RegisterDelegatedAdministrator 12622// API call, and error handling. 12623// 12624// This method is useful when you want to inject custom logic or configuration 12625// into the SDK's request lifecycle. Such as custom headers, or retry logic. 12626// 12627// 12628// // Example sending a request using the RegisterDelegatedAdministratorRequest method. 12629// req, resp := client.RegisterDelegatedAdministratorRequest(params) 12630// 12631// err := req.Send() 12632// if err == nil { // resp is now filled 12633// fmt.Println(resp) 12634// } 12635// 12636// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RegisterDelegatedAdministrator 12637func (c *Organizations) RegisterDelegatedAdministratorRequest(input *RegisterDelegatedAdministratorInput) (req *request.Request, output *RegisterDelegatedAdministratorOutput) { 12638 op := &request.Operation{ 12639 Name: opRegisterDelegatedAdministrator, 12640 HTTPMethod: "POST", 12641 HTTPPath: "/", 12642 } 12643 12644 if input == nil { 12645 input = &RegisterDelegatedAdministratorInput{} 12646 } 12647 12648 output = &RegisterDelegatedAdministratorOutput{} 12649 req = c.newRequest(op, input, output) 12650 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 12651 return 12652} 12653 12654// RegisterDelegatedAdministrator API operation for AWS Organizations. 12655// 12656// Enables the specified member account to administer the Organizations features 12657// of the specified AWS service. It grants read-only access to AWS Organizations 12658// service data. The account still requires IAM permissions to access and administer 12659// the AWS service. 12660// 12661// You can run this action only for AWS services that support this feature. 12662// For a current list of services that support it, see the column Supports Delegated 12663// Administrator in the table at AWS Services that you can use with AWS Organizations 12664// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html) 12665// in the AWS Organizations User Guide. 12666// 12667// This operation can be called only from the organization's management account. 12668// 12669// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 12670// with awserr.Error's Code and Message methods to get detailed information about 12671// the error. 12672// 12673// See the AWS API reference guide for AWS Organizations's 12674// API operation RegisterDelegatedAdministrator for usage and error information. 12675// 12676// Returned Error Types: 12677// * AccessDeniedException 12678// You don't have permissions to perform the requested operation. The user or 12679// role that is making the request must have at least one IAM permissions policy 12680// attached that grants the required permissions. For more information, see 12681// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 12682// in the IAM User Guide. 12683// 12684// * AccountAlreadyRegisteredException 12685// The specified account is already a delegated administrator for this AWS service. 12686// 12687// * AccountNotFoundException 12688// We can't find an AWS account with the AccountId that you specified, or the 12689// account whose credentials you used to make this request isn't a member of 12690// an organization. 12691// 12692// * AWSOrganizationsNotInUseException 12693// Your account isn't a member of an organization. To make this request, you 12694// must use the credentials of an account that belongs to an organization. 12695// 12696// * ConcurrentModificationException 12697// The target of the operation is currently being modified by a different request. 12698// Try again later. 12699// 12700// * ConstraintViolationException 12701// Performing this operation violates a minimum or maximum value limit. For 12702// example, attempting to remove the last service control policy (SCP) from 12703// an OU or root, inviting or creating too many accounts to the organization, 12704// or attaching too many policies to an account, OU, or root. This exception 12705// includes a reason that contains additional information about the violated 12706// limit: 12707// 12708// Some of the reasons in the following list might not be applicable to this 12709// specific API or operation. 12710// 12711// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 12712// account from the organization. You can't remove the management account. 12713// Instead, after you remove all member accounts, delete the organization 12714// itself. 12715// 12716// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 12717// from the organization that doesn't yet have enough information to exist 12718// as a standalone account. This account requires you to first agree to the 12719// AWS Customer Agreement. Follow the steps at Removing a member account 12720// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 12721// the AWS Organizations User Guide. 12722// 12723// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 12724// an account from the organization that doesn't yet have enough information 12725// to exist as a standalone account. This account requires you to first complete 12726// phone verification. Follow the steps at Removing a member account from 12727// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 12728// in the AWS Organizations User Guide. 12729// 12730// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 12731// of accounts that you can create in one day. 12732// 12733// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 12734// the number of accounts in an organization. If you need more accounts, 12735// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 12736// request an increase in your limit. Or the number of invitations that you 12737// tried to send would cause you to exceed the limit of accounts in your 12738// organization. Send fewer invitations or contact AWS Support to request 12739// an increase in the number of accounts. Deleted and closed accounts still 12740// count toward your limit. If you get this exception when running a command 12741// immediately after creating the organization, wait one hour and try again. 12742// After an hour, if the command continues to fail with this error, contact 12743// AWS Support (https://console.aws.amazon.com/support/home#/). 12744// 12745// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 12746// register the management account of the organization as a delegated administrator 12747// for an AWS service integrated with Organizations. You can designate only 12748// a member account as a delegated administrator. 12749// 12750// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 12751// an account that is registered as a delegated administrator for a service 12752// integrated with your organization. To complete this operation, you must 12753// first deregister this account as a delegated administrator. 12754// 12755// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 12756// organization in the specified region, you must enable all features mode. 12757// 12758// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 12759// an AWS account as a delegated administrator for an AWS service that already 12760// has a delegated administrator. To complete this operation, you must first 12761// deregister any existing delegated administrators for this service. 12762// 12763// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 12764// valid for a limited period of time. You must resubmit the request and 12765// generate a new verfication code. 12766// 12767// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 12768// handshakes that you can send in one day. 12769// 12770// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 12771// in this organization, you first must migrate the organization's management 12772// account to the marketplace that corresponds to the management account's 12773// address. For example, accounts with India addresses must be associated 12774// with the AISPL marketplace. All accounts in an organization must be associated 12775// with the same marketplace. 12776// 12777// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 12778// in China. To create an organization, the master must have a valid business 12779// license. For more information, contact customer support. 12780// 12781// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 12782// must first provide a valid contact address and phone number for the management 12783// account. Then try the operation again. 12784// 12785// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 12786// management account must have an associated account in the AWS GovCloud 12787// (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 12788// in the AWS GovCloud User Guide. 12789// 12790// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 12791// with this management account, you first must associate a valid payment 12792// instrument, such as a credit card, with the account. Follow the steps 12793// at To leave an organization when all required account information has 12794// not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 12795// in the AWS Organizations User Guide. 12796// 12797// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 12798// to register more delegated administrators than allowed for the service 12799// principal. 12800// 12801// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 12802// number of policies of a certain type that can be attached to an entity 12803// at one time. 12804// 12805// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 12806// on this resource. 12807// 12808// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 12809// with this member account, you first must associate a valid payment instrument, 12810// such as a credit card, with the account. Follow the steps at To leave 12811// an organization when all required account information has not yet been 12812// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 12813// in the AWS Organizations User Guide. 12814// 12815// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 12816// policy from an entity that would cause the entity to have fewer than the 12817// minimum number of policies of a certain type required. 12818// 12819// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 12820// that requires the organization to be configured to support all features. 12821// An organization that supports only consolidated billing features can't 12822// perform this operation. 12823// 12824// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 12825// too many levels deep. 12826// 12827// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 12828// that you can have in an organization. 12829// 12830// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 12831// is larger than the maximum size. 12832// 12833// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 12834// policies that you can have in an organization. 12835// 12836// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 12837// tags that are not compliant with the tag policy requirements for this 12838// account. 12839// 12840// * InvalidInputException 12841// The requested operation failed because you provided invalid values for one 12842// or more of the request parameters. This exception includes a reason that 12843// contains additional information about the violated limit: 12844// 12845// Some of the reasons in the following list might not be applicable to this 12846// specific API or operation. 12847// 12848// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 12849// the same entity. 12850// 12851// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 12852// can't be modified. 12853// 12854// * INPUT_REQUIRED: You must include a value for all required parameters. 12855// 12856// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 12857// for the invited account owner. 12858// 12859// * INVALID_ENUM: You specified an invalid value. 12860// 12861// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 12862// 12863// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 12864// characters. 12865// 12866// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 12867// at least one invalid value. 12868// 12869// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 12870// from the response to a previous call of the operation. 12871// 12872// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 12873// organization, or email) as a party. 12874// 12875// * INVALID_PATTERN: You provided a value that doesn't match the required 12876// pattern. 12877// 12878// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 12879// match the required pattern. 12880// 12881// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 12882// name can't begin with the reserved prefix AWSServiceRoleFor. 12883// 12884// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 12885// Name (ARN) for the organization. 12886// 12887// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 12888// 12889// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 12890// tag. You can’t add, edit, or delete system tag keys because they're 12891// reserved for AWS use. System tags don’t count against your tags per 12892// resource limit. 12893// 12894// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 12895// for the operation. 12896// 12897// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 12898// than allowed. 12899// 12900// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 12901// value than allowed. 12902// 12903// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 12904// than allowed. 12905// 12906// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 12907// value than allowed. 12908// 12909// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 12910// between entities in the same root. 12911// 12912// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 12913// target entity. 12914// 12915// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 12916// isn't recognized. 12917// 12918// * TooManyRequestsException 12919// You have sent too many requests in too short a period of time. The quota 12920// helps protect against denial-of-service attacks. Try again later. 12921// 12922// For information about quotas that affect AWS Organizations, see Quotas for 12923// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 12924// the AWS Organizations User Guide. 12925// 12926// * ServiceException 12927// AWS Organizations can't complete your request because of an internal service 12928// error. Try again later. 12929// 12930// * UnsupportedAPIEndpointException 12931// This action isn't available in the current AWS Region. 12932// 12933// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RegisterDelegatedAdministrator 12934func (c *Organizations) RegisterDelegatedAdministrator(input *RegisterDelegatedAdministratorInput) (*RegisterDelegatedAdministratorOutput, error) { 12935 req, out := c.RegisterDelegatedAdministratorRequest(input) 12936 return out, req.Send() 12937} 12938 12939// RegisterDelegatedAdministratorWithContext is the same as RegisterDelegatedAdministrator with the addition of 12940// the ability to pass a context and additional request options. 12941// 12942// See RegisterDelegatedAdministrator for details on how to use this API operation. 12943// 12944// The context must be non-nil and will be used for request cancellation. If 12945// the context is nil a panic will occur. In the future the SDK may create 12946// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 12947// for more information on using Contexts. 12948func (c *Organizations) RegisterDelegatedAdministratorWithContext(ctx aws.Context, input *RegisterDelegatedAdministratorInput, opts ...request.Option) (*RegisterDelegatedAdministratorOutput, error) { 12949 req, out := c.RegisterDelegatedAdministratorRequest(input) 12950 req.SetContext(ctx) 12951 req.ApplyOptions(opts...) 12952 return out, req.Send() 12953} 12954 12955const opRemoveAccountFromOrganization = "RemoveAccountFromOrganization" 12956 12957// RemoveAccountFromOrganizationRequest generates a "aws/request.Request" representing the 12958// client's request for the RemoveAccountFromOrganization operation. The "output" return 12959// value will be populated with the request's response once the request completes 12960// successfully. 12961// 12962// Use "Send" method on the returned Request to send the API call to the service. 12963// the "output" return value is not valid until after Send returns without error. 12964// 12965// See RemoveAccountFromOrganization for more information on using the RemoveAccountFromOrganization 12966// API call, and error handling. 12967// 12968// This method is useful when you want to inject custom logic or configuration 12969// into the SDK's request lifecycle. Such as custom headers, or retry logic. 12970// 12971// 12972// // Example sending a request using the RemoveAccountFromOrganizationRequest method. 12973// req, resp := client.RemoveAccountFromOrganizationRequest(params) 12974// 12975// err := req.Send() 12976// if err == nil { // resp is now filled 12977// fmt.Println(resp) 12978// } 12979// 12980// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RemoveAccountFromOrganization 12981func (c *Organizations) RemoveAccountFromOrganizationRequest(input *RemoveAccountFromOrganizationInput) (req *request.Request, output *RemoveAccountFromOrganizationOutput) { 12982 op := &request.Operation{ 12983 Name: opRemoveAccountFromOrganization, 12984 HTTPMethod: "POST", 12985 HTTPPath: "/", 12986 } 12987 12988 if input == nil { 12989 input = &RemoveAccountFromOrganizationInput{} 12990 } 12991 12992 output = &RemoveAccountFromOrganizationOutput{} 12993 req = c.newRequest(op, input, output) 12994 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 12995 return 12996} 12997 12998// RemoveAccountFromOrganization API operation for AWS Organizations. 12999// 13000// Removes the specified account from the organization. 13001// 13002// The removed account becomes a standalone account that isn't a member of any 13003// organization. It's no longer subject to any policies and is responsible for 13004// its own bill payments. The organization's management account is no longer 13005// charged for any expenses accrued by the member account after it's removed 13006// from the organization. 13007// 13008// This operation can be called only from the organization's management account. 13009// Member accounts can remove themselves with LeaveOrganization instead. 13010// 13011// * You can remove an account from your organization only if the account 13012// is configured with the information required to operate as a standalone 13013// account. When you create an account in an organization using the AWS Organizations 13014// console, API, or CLI commands, the information required of standalone 13015// accounts is not automatically collected. For an account that you want 13016// to make standalone, you must choose a support plan, provide and verify 13017// the required contact information, and provide a current payment method. 13018// AWS uses the payment method to charge for any billable (not free tier) 13019// AWS activity that occurs while the account isn't attached to an organization. 13020// To remove an account that doesn't yet have this information, you must 13021// sign in as the member account and follow the steps at To leave an organization 13022// when all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 13023// in the AWS Organizations User Guide. 13024// 13025// * The account that you want to leave must not be a delegated administrator 13026// account for any AWS service enabled for your organization. If the account 13027// is a delegated administrator, you must first change the delegated administrator 13028// account to another account that is remaining in the organization. 13029// 13030// * After the account leaves the organization, all tags that were attached 13031// to the account object in the organization are deleted. AWS accounts outside 13032// of an organization do not support tags. 13033// 13034// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 13035// with awserr.Error's Code and Message methods to get detailed information about 13036// the error. 13037// 13038// See the AWS API reference guide for AWS Organizations's 13039// API operation RemoveAccountFromOrganization for usage and error information. 13040// 13041// Returned Error Types: 13042// * AccessDeniedException 13043// You don't have permissions to perform the requested operation. The user or 13044// role that is making the request must have at least one IAM permissions policy 13045// attached that grants the required permissions. For more information, see 13046// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 13047// in the IAM User Guide. 13048// 13049// * AccountNotFoundException 13050// We can't find an AWS account with the AccountId that you specified, or the 13051// account whose credentials you used to make this request isn't a member of 13052// an organization. 13053// 13054// * AWSOrganizationsNotInUseException 13055// Your account isn't a member of an organization. To make this request, you 13056// must use the credentials of an account that belongs to an organization. 13057// 13058// * ConcurrentModificationException 13059// The target of the operation is currently being modified by a different request. 13060// Try again later. 13061// 13062// * ConstraintViolationException 13063// Performing this operation violates a minimum or maximum value limit. For 13064// example, attempting to remove the last service control policy (SCP) from 13065// an OU or root, inviting or creating too many accounts to the organization, 13066// or attaching too many policies to an account, OU, or root. This exception 13067// includes a reason that contains additional information about the violated 13068// limit: 13069// 13070// Some of the reasons in the following list might not be applicable to this 13071// specific API or operation. 13072// 13073// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 13074// account from the organization. You can't remove the management account. 13075// Instead, after you remove all member accounts, delete the organization 13076// itself. 13077// 13078// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 13079// from the organization that doesn't yet have enough information to exist 13080// as a standalone account. This account requires you to first agree to the 13081// AWS Customer Agreement. Follow the steps at Removing a member account 13082// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 13083// the AWS Organizations User Guide. 13084// 13085// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 13086// an account from the organization that doesn't yet have enough information 13087// to exist as a standalone account. This account requires you to first complete 13088// phone verification. Follow the steps at Removing a member account from 13089// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 13090// in the AWS Organizations User Guide. 13091// 13092// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 13093// of accounts that you can create in one day. 13094// 13095// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 13096// the number of accounts in an organization. If you need more accounts, 13097// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 13098// request an increase in your limit. Or the number of invitations that you 13099// tried to send would cause you to exceed the limit of accounts in your 13100// organization. Send fewer invitations or contact AWS Support to request 13101// an increase in the number of accounts. Deleted and closed accounts still 13102// count toward your limit. If you get this exception when running a command 13103// immediately after creating the organization, wait one hour and try again. 13104// After an hour, if the command continues to fail with this error, contact 13105// AWS Support (https://console.aws.amazon.com/support/home#/). 13106// 13107// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 13108// register the management account of the organization as a delegated administrator 13109// for an AWS service integrated with Organizations. You can designate only 13110// a member account as a delegated administrator. 13111// 13112// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 13113// an account that is registered as a delegated administrator for a service 13114// integrated with your organization. To complete this operation, you must 13115// first deregister this account as a delegated administrator. 13116// 13117// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 13118// organization in the specified region, you must enable all features mode. 13119// 13120// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 13121// an AWS account as a delegated administrator for an AWS service that already 13122// has a delegated administrator. To complete this operation, you must first 13123// deregister any existing delegated administrators for this service. 13124// 13125// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 13126// valid for a limited period of time. You must resubmit the request and 13127// generate a new verfication code. 13128// 13129// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 13130// handshakes that you can send in one day. 13131// 13132// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 13133// in this organization, you first must migrate the organization's management 13134// account to the marketplace that corresponds to the management account's 13135// address. For example, accounts with India addresses must be associated 13136// with the AISPL marketplace. All accounts in an organization must be associated 13137// with the same marketplace. 13138// 13139// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 13140// in China. To create an organization, the master must have a valid business 13141// license. For more information, contact customer support. 13142// 13143// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 13144// must first provide a valid contact address and phone number for the management 13145// account. Then try the operation again. 13146// 13147// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 13148// management account must have an associated account in the AWS GovCloud 13149// (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 13150// in the AWS GovCloud User Guide. 13151// 13152// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 13153// with this management account, you first must associate a valid payment 13154// instrument, such as a credit card, with the account. Follow the steps 13155// at To leave an organization when all required account information has 13156// not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 13157// in the AWS Organizations User Guide. 13158// 13159// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 13160// to register more delegated administrators than allowed for the service 13161// principal. 13162// 13163// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 13164// number of policies of a certain type that can be attached to an entity 13165// at one time. 13166// 13167// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 13168// on this resource. 13169// 13170// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 13171// with this member account, you first must associate a valid payment instrument, 13172// such as a credit card, with the account. Follow the steps at To leave 13173// an organization when all required account information has not yet been 13174// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 13175// in the AWS Organizations User Guide. 13176// 13177// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 13178// policy from an entity that would cause the entity to have fewer than the 13179// minimum number of policies of a certain type required. 13180// 13181// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 13182// that requires the organization to be configured to support all features. 13183// An organization that supports only consolidated billing features can't 13184// perform this operation. 13185// 13186// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 13187// too many levels deep. 13188// 13189// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 13190// that you can have in an organization. 13191// 13192// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 13193// is larger than the maximum size. 13194// 13195// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 13196// policies that you can have in an organization. 13197// 13198// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 13199// tags that are not compliant with the tag policy requirements for this 13200// account. 13201// 13202// * InvalidInputException 13203// The requested operation failed because you provided invalid values for one 13204// or more of the request parameters. This exception includes a reason that 13205// contains additional information about the violated limit: 13206// 13207// Some of the reasons in the following list might not be applicable to this 13208// specific API or operation. 13209// 13210// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 13211// the same entity. 13212// 13213// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 13214// can't be modified. 13215// 13216// * INPUT_REQUIRED: You must include a value for all required parameters. 13217// 13218// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 13219// for the invited account owner. 13220// 13221// * INVALID_ENUM: You specified an invalid value. 13222// 13223// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 13224// 13225// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 13226// characters. 13227// 13228// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 13229// at least one invalid value. 13230// 13231// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 13232// from the response to a previous call of the operation. 13233// 13234// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 13235// organization, or email) as a party. 13236// 13237// * INVALID_PATTERN: You provided a value that doesn't match the required 13238// pattern. 13239// 13240// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 13241// match the required pattern. 13242// 13243// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 13244// name can't begin with the reserved prefix AWSServiceRoleFor. 13245// 13246// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 13247// Name (ARN) for the organization. 13248// 13249// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 13250// 13251// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 13252// tag. You can’t add, edit, or delete system tag keys because they're 13253// reserved for AWS use. System tags don’t count against your tags per 13254// resource limit. 13255// 13256// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 13257// for the operation. 13258// 13259// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 13260// than allowed. 13261// 13262// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 13263// value than allowed. 13264// 13265// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 13266// than allowed. 13267// 13268// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 13269// value than allowed. 13270// 13271// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 13272// between entities in the same root. 13273// 13274// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 13275// target entity. 13276// 13277// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 13278// isn't recognized. 13279// 13280// * MasterCannotLeaveOrganizationException 13281// You can't remove a management account from an organization. If you want the 13282// management account to become a member account in another organization, you 13283// must first delete the current organization of the management account. 13284// 13285// * ServiceException 13286// AWS Organizations can't complete your request because of an internal service 13287// error. Try again later. 13288// 13289// * TooManyRequestsException 13290// You have sent too many requests in too short a period of time. The quota 13291// helps protect against denial-of-service attacks. Try again later. 13292// 13293// For information about quotas that affect AWS Organizations, see Quotas for 13294// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 13295// the AWS Organizations User Guide. 13296// 13297// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RemoveAccountFromOrganization 13298func (c *Organizations) RemoveAccountFromOrganization(input *RemoveAccountFromOrganizationInput) (*RemoveAccountFromOrganizationOutput, error) { 13299 req, out := c.RemoveAccountFromOrganizationRequest(input) 13300 return out, req.Send() 13301} 13302 13303// RemoveAccountFromOrganizationWithContext is the same as RemoveAccountFromOrganization with the addition of 13304// the ability to pass a context and additional request options. 13305// 13306// See RemoveAccountFromOrganization for details on how to use this API operation. 13307// 13308// The context must be non-nil and will be used for request cancellation. If 13309// the context is nil a panic will occur. In the future the SDK may create 13310// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 13311// for more information on using Contexts. 13312func (c *Organizations) RemoveAccountFromOrganizationWithContext(ctx aws.Context, input *RemoveAccountFromOrganizationInput, opts ...request.Option) (*RemoveAccountFromOrganizationOutput, error) { 13313 req, out := c.RemoveAccountFromOrganizationRequest(input) 13314 req.SetContext(ctx) 13315 req.ApplyOptions(opts...) 13316 return out, req.Send() 13317} 13318 13319const opTagResource = "TagResource" 13320 13321// TagResourceRequest generates a "aws/request.Request" representing the 13322// client's request for the TagResource operation. The "output" return 13323// value will be populated with the request's response once the request completes 13324// successfully. 13325// 13326// Use "Send" method on the returned Request to send the API call to the service. 13327// the "output" return value is not valid until after Send returns without error. 13328// 13329// See TagResource for more information on using the TagResource 13330// API call, and error handling. 13331// 13332// This method is useful when you want to inject custom logic or configuration 13333// into the SDK's request lifecycle. Such as custom headers, or retry logic. 13334// 13335// 13336// // Example sending a request using the TagResourceRequest method. 13337// req, resp := client.TagResourceRequest(params) 13338// 13339// err := req.Send() 13340// if err == nil { // resp is now filled 13341// fmt.Println(resp) 13342// } 13343// 13344// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/TagResource 13345func (c *Organizations) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) { 13346 op := &request.Operation{ 13347 Name: opTagResource, 13348 HTTPMethod: "POST", 13349 HTTPPath: "/", 13350 } 13351 13352 if input == nil { 13353 input = &TagResourceInput{} 13354 } 13355 13356 output = &TagResourceOutput{} 13357 req = c.newRequest(op, input, output) 13358 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 13359 return 13360} 13361 13362// TagResource API operation for AWS Organizations. 13363// 13364// Adds one or more tags to the specified resource. 13365// 13366// Currently, you can attach tags to the following resources in AWS Organizations. 13367// 13368// * AWS account 13369// 13370// * Organization root 13371// 13372// * Organizational unit (OU) 13373// 13374// * Policy (any type) 13375// 13376// This operation can be called only from the organization's management account. 13377// 13378// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 13379// with awserr.Error's Code and Message methods to get detailed information about 13380// the error. 13381// 13382// See the AWS API reference guide for AWS Organizations's 13383// API operation TagResource for usage and error information. 13384// 13385// Returned Error Types: 13386// * AccessDeniedException 13387// You don't have permissions to perform the requested operation. The user or 13388// role that is making the request must have at least one IAM permissions policy 13389// attached that grants the required permissions. For more information, see 13390// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 13391// in the IAM User Guide. 13392// 13393// * ConcurrentModificationException 13394// The target of the operation is currently being modified by a different request. 13395// Try again later. 13396// 13397// * AWSOrganizationsNotInUseException 13398// Your account isn't a member of an organization. To make this request, you 13399// must use the credentials of an account that belongs to an organization. 13400// 13401// * TargetNotFoundException 13402// We can't find a root, OU, account, or policy with the TargetId that you specified. 13403// 13404// * ConstraintViolationException 13405// Performing this operation violates a minimum or maximum value limit. For 13406// example, attempting to remove the last service control policy (SCP) from 13407// an OU or root, inviting or creating too many accounts to the organization, 13408// or attaching too many policies to an account, OU, or root. This exception 13409// includes a reason that contains additional information about the violated 13410// limit: 13411// 13412// Some of the reasons in the following list might not be applicable to this 13413// specific API or operation. 13414// 13415// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 13416// account from the organization. You can't remove the management account. 13417// Instead, after you remove all member accounts, delete the organization 13418// itself. 13419// 13420// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 13421// from the organization that doesn't yet have enough information to exist 13422// as a standalone account. This account requires you to first agree to the 13423// AWS Customer Agreement. Follow the steps at Removing a member account 13424// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 13425// the AWS Organizations User Guide. 13426// 13427// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 13428// an account from the organization that doesn't yet have enough information 13429// to exist as a standalone account. This account requires you to first complete 13430// phone verification. Follow the steps at Removing a member account from 13431// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 13432// in the AWS Organizations User Guide. 13433// 13434// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 13435// of accounts that you can create in one day. 13436// 13437// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 13438// the number of accounts in an organization. If you need more accounts, 13439// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 13440// request an increase in your limit. Or the number of invitations that you 13441// tried to send would cause you to exceed the limit of accounts in your 13442// organization. Send fewer invitations or contact AWS Support to request 13443// an increase in the number of accounts. Deleted and closed accounts still 13444// count toward your limit. If you get this exception when running a command 13445// immediately after creating the organization, wait one hour and try again. 13446// After an hour, if the command continues to fail with this error, contact 13447// AWS Support (https://console.aws.amazon.com/support/home#/). 13448// 13449// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 13450// register the management account of the organization as a delegated administrator 13451// for an AWS service integrated with Organizations. You can designate only 13452// a member account as a delegated administrator. 13453// 13454// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 13455// an account that is registered as a delegated administrator for a service 13456// integrated with your organization. To complete this operation, you must 13457// first deregister this account as a delegated administrator. 13458// 13459// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 13460// organization in the specified region, you must enable all features mode. 13461// 13462// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 13463// an AWS account as a delegated administrator for an AWS service that already 13464// has a delegated administrator. To complete this operation, you must first 13465// deregister any existing delegated administrators for this service. 13466// 13467// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 13468// valid for a limited period of time. You must resubmit the request and 13469// generate a new verfication code. 13470// 13471// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 13472// handshakes that you can send in one day. 13473// 13474// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 13475// in this organization, you first must migrate the organization's management 13476// account to the marketplace that corresponds to the management account's 13477// address. For example, accounts with India addresses must be associated 13478// with the AISPL marketplace. All accounts in an organization must be associated 13479// with the same marketplace. 13480// 13481// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 13482// in China. To create an organization, the master must have a valid business 13483// license. For more information, contact customer support. 13484// 13485// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 13486// must first provide a valid contact address and phone number for the management 13487// account. Then try the operation again. 13488// 13489// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 13490// management account must have an associated account in the AWS GovCloud 13491// (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 13492// in the AWS GovCloud User Guide. 13493// 13494// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 13495// with this management account, you first must associate a valid payment 13496// instrument, such as a credit card, with the account. Follow the steps 13497// at To leave an organization when all required account information has 13498// not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 13499// in the AWS Organizations User Guide. 13500// 13501// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 13502// to register more delegated administrators than allowed for the service 13503// principal. 13504// 13505// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 13506// number of policies of a certain type that can be attached to an entity 13507// at one time. 13508// 13509// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 13510// on this resource. 13511// 13512// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 13513// with this member account, you first must associate a valid payment instrument, 13514// such as a credit card, with the account. Follow the steps at To leave 13515// an organization when all required account information has not yet been 13516// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 13517// in the AWS Organizations User Guide. 13518// 13519// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 13520// policy from an entity that would cause the entity to have fewer than the 13521// minimum number of policies of a certain type required. 13522// 13523// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 13524// that requires the organization to be configured to support all features. 13525// An organization that supports only consolidated billing features can't 13526// perform this operation. 13527// 13528// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 13529// too many levels deep. 13530// 13531// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 13532// that you can have in an organization. 13533// 13534// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 13535// is larger than the maximum size. 13536// 13537// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 13538// policies that you can have in an organization. 13539// 13540// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 13541// tags that are not compliant with the tag policy requirements for this 13542// account. 13543// 13544// * InvalidInputException 13545// The requested operation failed because you provided invalid values for one 13546// or more of the request parameters. This exception includes a reason that 13547// contains additional information about the violated limit: 13548// 13549// Some of the reasons in the following list might not be applicable to this 13550// specific API or operation. 13551// 13552// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 13553// the same entity. 13554// 13555// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 13556// can't be modified. 13557// 13558// * INPUT_REQUIRED: You must include a value for all required parameters. 13559// 13560// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 13561// for the invited account owner. 13562// 13563// * INVALID_ENUM: You specified an invalid value. 13564// 13565// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 13566// 13567// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 13568// characters. 13569// 13570// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 13571// at least one invalid value. 13572// 13573// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 13574// from the response to a previous call of the operation. 13575// 13576// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 13577// organization, or email) as a party. 13578// 13579// * INVALID_PATTERN: You provided a value that doesn't match the required 13580// pattern. 13581// 13582// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 13583// match the required pattern. 13584// 13585// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 13586// name can't begin with the reserved prefix AWSServiceRoleFor. 13587// 13588// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 13589// Name (ARN) for the organization. 13590// 13591// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 13592// 13593// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 13594// tag. You can’t add, edit, or delete system tag keys because they're 13595// reserved for AWS use. System tags don’t count against your tags per 13596// resource limit. 13597// 13598// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 13599// for the operation. 13600// 13601// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 13602// than allowed. 13603// 13604// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 13605// value than allowed. 13606// 13607// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 13608// than allowed. 13609// 13610// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 13611// value than allowed. 13612// 13613// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 13614// between entities in the same root. 13615// 13616// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 13617// target entity. 13618// 13619// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 13620// isn't recognized. 13621// 13622// * ServiceException 13623// AWS Organizations can't complete your request because of an internal service 13624// error. Try again later. 13625// 13626// * TooManyRequestsException 13627// You have sent too many requests in too short a period of time. The quota 13628// helps protect against denial-of-service attacks. Try again later. 13629// 13630// For information about quotas that affect AWS Organizations, see Quotas for 13631// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 13632// the AWS Organizations User Guide. 13633// 13634// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/TagResource 13635func (c *Organizations) TagResource(input *TagResourceInput) (*TagResourceOutput, error) { 13636 req, out := c.TagResourceRequest(input) 13637 return out, req.Send() 13638} 13639 13640// TagResourceWithContext is the same as TagResource with the addition of 13641// the ability to pass a context and additional request options. 13642// 13643// See TagResource for details on how to use this API operation. 13644// 13645// The context must be non-nil and will be used for request cancellation. If 13646// the context is nil a panic will occur. In the future the SDK may create 13647// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 13648// for more information on using Contexts. 13649func (c *Organizations) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) { 13650 req, out := c.TagResourceRequest(input) 13651 req.SetContext(ctx) 13652 req.ApplyOptions(opts...) 13653 return out, req.Send() 13654} 13655 13656const opUntagResource = "UntagResource" 13657 13658// UntagResourceRequest generates a "aws/request.Request" representing the 13659// client's request for the UntagResource operation. The "output" return 13660// value will be populated with the request's response once the request completes 13661// successfully. 13662// 13663// Use "Send" method on the returned Request to send the API call to the service. 13664// the "output" return value is not valid until after Send returns without error. 13665// 13666// See UntagResource for more information on using the UntagResource 13667// API call, and error handling. 13668// 13669// This method is useful when you want to inject custom logic or configuration 13670// into the SDK's request lifecycle. Such as custom headers, or retry logic. 13671// 13672// 13673// // Example sending a request using the UntagResourceRequest method. 13674// req, resp := client.UntagResourceRequest(params) 13675// 13676// err := req.Send() 13677// if err == nil { // resp is now filled 13678// fmt.Println(resp) 13679// } 13680// 13681// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UntagResource 13682func (c *Organizations) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) { 13683 op := &request.Operation{ 13684 Name: opUntagResource, 13685 HTTPMethod: "POST", 13686 HTTPPath: "/", 13687 } 13688 13689 if input == nil { 13690 input = &UntagResourceInput{} 13691 } 13692 13693 output = &UntagResourceOutput{} 13694 req = c.newRequest(op, input, output) 13695 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 13696 return 13697} 13698 13699// UntagResource API operation for AWS Organizations. 13700// 13701// Removes any tags with the specified keys from the specified resource. 13702// 13703// You can attach tags to the following resources in AWS Organizations. 13704// 13705// * AWS account 13706// 13707// * Organization root 13708// 13709// * Organizational unit (OU) 13710// 13711// * Policy (any type) 13712// 13713// This operation can be called only from the organization's management account. 13714// 13715// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 13716// with awserr.Error's Code and Message methods to get detailed information about 13717// the error. 13718// 13719// See the AWS API reference guide for AWS Organizations's 13720// API operation UntagResource for usage and error information. 13721// 13722// Returned Error Types: 13723// * AccessDeniedException 13724// You don't have permissions to perform the requested operation. The user or 13725// role that is making the request must have at least one IAM permissions policy 13726// attached that grants the required permissions. For more information, see 13727// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 13728// in the IAM User Guide. 13729// 13730// * ConcurrentModificationException 13731// The target of the operation is currently being modified by a different request. 13732// Try again later. 13733// 13734// * AWSOrganizationsNotInUseException 13735// Your account isn't a member of an organization. To make this request, you 13736// must use the credentials of an account that belongs to an organization. 13737// 13738// * TargetNotFoundException 13739// We can't find a root, OU, account, or policy with the TargetId that you specified. 13740// 13741// * ConstraintViolationException 13742// Performing this operation violates a minimum or maximum value limit. For 13743// example, attempting to remove the last service control policy (SCP) from 13744// an OU or root, inviting or creating too many accounts to the organization, 13745// or attaching too many policies to an account, OU, or root. This exception 13746// includes a reason that contains additional information about the violated 13747// limit: 13748// 13749// Some of the reasons in the following list might not be applicable to this 13750// specific API or operation. 13751// 13752// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 13753// account from the organization. You can't remove the management account. 13754// Instead, after you remove all member accounts, delete the organization 13755// itself. 13756// 13757// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 13758// from the organization that doesn't yet have enough information to exist 13759// as a standalone account. This account requires you to first agree to the 13760// AWS Customer Agreement. Follow the steps at Removing a member account 13761// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 13762// the AWS Organizations User Guide. 13763// 13764// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 13765// an account from the organization that doesn't yet have enough information 13766// to exist as a standalone account. This account requires you to first complete 13767// phone verification. Follow the steps at Removing a member account from 13768// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 13769// in the AWS Organizations User Guide. 13770// 13771// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 13772// of accounts that you can create in one day. 13773// 13774// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 13775// the number of accounts in an organization. If you need more accounts, 13776// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 13777// request an increase in your limit. Or the number of invitations that you 13778// tried to send would cause you to exceed the limit of accounts in your 13779// organization. Send fewer invitations or contact AWS Support to request 13780// an increase in the number of accounts. Deleted and closed accounts still 13781// count toward your limit. If you get this exception when running a command 13782// immediately after creating the organization, wait one hour and try again. 13783// After an hour, if the command continues to fail with this error, contact 13784// AWS Support (https://console.aws.amazon.com/support/home#/). 13785// 13786// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 13787// register the management account of the organization as a delegated administrator 13788// for an AWS service integrated with Organizations. You can designate only 13789// a member account as a delegated administrator. 13790// 13791// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 13792// an account that is registered as a delegated administrator for a service 13793// integrated with your organization. To complete this operation, you must 13794// first deregister this account as a delegated administrator. 13795// 13796// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 13797// organization in the specified region, you must enable all features mode. 13798// 13799// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 13800// an AWS account as a delegated administrator for an AWS service that already 13801// has a delegated administrator. To complete this operation, you must first 13802// deregister any existing delegated administrators for this service. 13803// 13804// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 13805// valid for a limited period of time. You must resubmit the request and 13806// generate a new verfication code. 13807// 13808// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 13809// handshakes that you can send in one day. 13810// 13811// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 13812// in this organization, you first must migrate the organization's management 13813// account to the marketplace that corresponds to the management account's 13814// address. For example, accounts with India addresses must be associated 13815// with the AISPL marketplace. All accounts in an organization must be associated 13816// with the same marketplace. 13817// 13818// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 13819// in China. To create an organization, the master must have a valid business 13820// license. For more information, contact customer support. 13821// 13822// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 13823// must first provide a valid contact address and phone number for the management 13824// account. Then try the operation again. 13825// 13826// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 13827// management account must have an associated account in the AWS GovCloud 13828// (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 13829// in the AWS GovCloud User Guide. 13830// 13831// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 13832// with this management account, you first must associate a valid payment 13833// instrument, such as a credit card, with the account. Follow the steps 13834// at To leave an organization when all required account information has 13835// not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 13836// in the AWS Organizations User Guide. 13837// 13838// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 13839// to register more delegated administrators than allowed for the service 13840// principal. 13841// 13842// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 13843// number of policies of a certain type that can be attached to an entity 13844// at one time. 13845// 13846// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 13847// on this resource. 13848// 13849// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 13850// with this member account, you first must associate a valid payment instrument, 13851// such as a credit card, with the account. Follow the steps at To leave 13852// an organization when all required account information has not yet been 13853// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 13854// in the AWS Organizations User Guide. 13855// 13856// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 13857// policy from an entity that would cause the entity to have fewer than the 13858// minimum number of policies of a certain type required. 13859// 13860// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 13861// that requires the organization to be configured to support all features. 13862// An organization that supports only consolidated billing features can't 13863// perform this operation. 13864// 13865// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 13866// too many levels deep. 13867// 13868// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 13869// that you can have in an organization. 13870// 13871// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 13872// is larger than the maximum size. 13873// 13874// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 13875// policies that you can have in an organization. 13876// 13877// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 13878// tags that are not compliant with the tag policy requirements for this 13879// account. 13880// 13881// * InvalidInputException 13882// The requested operation failed because you provided invalid values for one 13883// or more of the request parameters. This exception includes a reason that 13884// contains additional information about the violated limit: 13885// 13886// Some of the reasons in the following list might not be applicable to this 13887// specific API or operation. 13888// 13889// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 13890// the same entity. 13891// 13892// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 13893// can't be modified. 13894// 13895// * INPUT_REQUIRED: You must include a value for all required parameters. 13896// 13897// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 13898// for the invited account owner. 13899// 13900// * INVALID_ENUM: You specified an invalid value. 13901// 13902// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 13903// 13904// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 13905// characters. 13906// 13907// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 13908// at least one invalid value. 13909// 13910// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 13911// from the response to a previous call of the operation. 13912// 13913// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 13914// organization, or email) as a party. 13915// 13916// * INVALID_PATTERN: You provided a value that doesn't match the required 13917// pattern. 13918// 13919// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 13920// match the required pattern. 13921// 13922// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 13923// name can't begin with the reserved prefix AWSServiceRoleFor. 13924// 13925// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 13926// Name (ARN) for the organization. 13927// 13928// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 13929// 13930// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 13931// tag. You can’t add, edit, or delete system tag keys because they're 13932// reserved for AWS use. System tags don’t count against your tags per 13933// resource limit. 13934// 13935// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 13936// for the operation. 13937// 13938// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 13939// than allowed. 13940// 13941// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 13942// value than allowed. 13943// 13944// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 13945// than allowed. 13946// 13947// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 13948// value than allowed. 13949// 13950// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 13951// between entities in the same root. 13952// 13953// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 13954// target entity. 13955// 13956// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 13957// isn't recognized. 13958// 13959// * ServiceException 13960// AWS Organizations can't complete your request because of an internal service 13961// error. Try again later. 13962// 13963// * TooManyRequestsException 13964// You have sent too many requests in too short a period of time. The quota 13965// helps protect against denial-of-service attacks. Try again later. 13966// 13967// For information about quotas that affect AWS Organizations, see Quotas for 13968// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 13969// the AWS Organizations User Guide. 13970// 13971// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UntagResource 13972func (c *Organizations) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) { 13973 req, out := c.UntagResourceRequest(input) 13974 return out, req.Send() 13975} 13976 13977// UntagResourceWithContext is the same as UntagResource with the addition of 13978// the ability to pass a context and additional request options. 13979// 13980// See UntagResource for details on how to use this API operation. 13981// 13982// The context must be non-nil and will be used for request cancellation. If 13983// the context is nil a panic will occur. In the future the SDK may create 13984// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 13985// for more information on using Contexts. 13986func (c *Organizations) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) { 13987 req, out := c.UntagResourceRequest(input) 13988 req.SetContext(ctx) 13989 req.ApplyOptions(opts...) 13990 return out, req.Send() 13991} 13992 13993const opUpdateOrganizationalUnit = "UpdateOrganizationalUnit" 13994 13995// UpdateOrganizationalUnitRequest generates a "aws/request.Request" representing the 13996// client's request for the UpdateOrganizationalUnit operation. The "output" return 13997// value will be populated with the request's response once the request completes 13998// successfully. 13999// 14000// Use "Send" method on the returned Request to send the API call to the service. 14001// the "output" return value is not valid until after Send returns without error. 14002// 14003// See UpdateOrganizationalUnit for more information on using the UpdateOrganizationalUnit 14004// API call, and error handling. 14005// 14006// This method is useful when you want to inject custom logic or configuration 14007// into the SDK's request lifecycle. Such as custom headers, or retry logic. 14008// 14009// 14010// // Example sending a request using the UpdateOrganizationalUnitRequest method. 14011// req, resp := client.UpdateOrganizationalUnitRequest(params) 14012// 14013// err := req.Send() 14014// if err == nil { // resp is now filled 14015// fmt.Println(resp) 14016// } 14017// 14018// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdateOrganizationalUnit 14019func (c *Organizations) UpdateOrganizationalUnitRequest(input *UpdateOrganizationalUnitInput) (req *request.Request, output *UpdateOrganizationalUnitOutput) { 14020 op := &request.Operation{ 14021 Name: opUpdateOrganizationalUnit, 14022 HTTPMethod: "POST", 14023 HTTPPath: "/", 14024 } 14025 14026 if input == nil { 14027 input = &UpdateOrganizationalUnitInput{} 14028 } 14029 14030 output = &UpdateOrganizationalUnitOutput{} 14031 req = c.newRequest(op, input, output) 14032 return 14033} 14034 14035// UpdateOrganizationalUnit API operation for AWS Organizations. 14036// 14037// Renames the specified organizational unit (OU). The ID and ARN don't change. 14038// The child OUs and accounts remain in place, and any attached policies of 14039// the OU remain attached. 14040// 14041// This operation can be called only from the organization's management account. 14042// 14043// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 14044// with awserr.Error's Code and Message methods to get detailed information about 14045// the error. 14046// 14047// See the AWS API reference guide for AWS Organizations's 14048// API operation UpdateOrganizationalUnit for usage and error information. 14049// 14050// Returned Error Types: 14051// * AccessDeniedException 14052// You don't have permissions to perform the requested operation. The user or 14053// role that is making the request must have at least one IAM permissions policy 14054// attached that grants the required permissions. For more information, see 14055// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 14056// in the IAM User Guide. 14057// 14058// * AWSOrganizationsNotInUseException 14059// Your account isn't a member of an organization. To make this request, you 14060// must use the credentials of an account that belongs to an organization. 14061// 14062// * ConcurrentModificationException 14063// The target of the operation is currently being modified by a different request. 14064// Try again later. 14065// 14066// * DuplicateOrganizationalUnitException 14067// An OU with the same name already exists. 14068// 14069// * InvalidInputException 14070// The requested operation failed because you provided invalid values for one 14071// or more of the request parameters. This exception includes a reason that 14072// contains additional information about the violated limit: 14073// 14074// Some of the reasons in the following list might not be applicable to this 14075// specific API or operation. 14076// 14077// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 14078// the same entity. 14079// 14080// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 14081// can't be modified. 14082// 14083// * INPUT_REQUIRED: You must include a value for all required parameters. 14084// 14085// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 14086// for the invited account owner. 14087// 14088// * INVALID_ENUM: You specified an invalid value. 14089// 14090// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 14091// 14092// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 14093// characters. 14094// 14095// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 14096// at least one invalid value. 14097// 14098// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 14099// from the response to a previous call of the operation. 14100// 14101// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 14102// organization, or email) as a party. 14103// 14104// * INVALID_PATTERN: You provided a value that doesn't match the required 14105// pattern. 14106// 14107// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 14108// match the required pattern. 14109// 14110// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 14111// name can't begin with the reserved prefix AWSServiceRoleFor. 14112// 14113// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 14114// Name (ARN) for the organization. 14115// 14116// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 14117// 14118// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 14119// tag. You can’t add, edit, or delete system tag keys because they're 14120// reserved for AWS use. System tags don’t count against your tags per 14121// resource limit. 14122// 14123// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 14124// for the operation. 14125// 14126// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 14127// than allowed. 14128// 14129// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 14130// value than allowed. 14131// 14132// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 14133// than allowed. 14134// 14135// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 14136// value than allowed. 14137// 14138// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 14139// between entities in the same root. 14140// 14141// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 14142// target entity. 14143// 14144// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 14145// isn't recognized. 14146// 14147// * OrganizationalUnitNotFoundException 14148// We can't find an OU with the OrganizationalUnitId that you specified. 14149// 14150// * ServiceException 14151// AWS Organizations can't complete your request because of an internal service 14152// error. Try again later. 14153// 14154// * TooManyRequestsException 14155// You have sent too many requests in too short a period of time. The quota 14156// helps protect against denial-of-service attacks. Try again later. 14157// 14158// For information about quotas that affect AWS Organizations, see Quotas for 14159// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 14160// the AWS Organizations User Guide. 14161// 14162// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdateOrganizationalUnit 14163func (c *Organizations) UpdateOrganizationalUnit(input *UpdateOrganizationalUnitInput) (*UpdateOrganizationalUnitOutput, error) { 14164 req, out := c.UpdateOrganizationalUnitRequest(input) 14165 return out, req.Send() 14166} 14167 14168// UpdateOrganizationalUnitWithContext is the same as UpdateOrganizationalUnit with the addition of 14169// the ability to pass a context and additional request options. 14170// 14171// See UpdateOrganizationalUnit for details on how to use this API operation. 14172// 14173// The context must be non-nil and will be used for request cancellation. If 14174// the context is nil a panic will occur. In the future the SDK may create 14175// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 14176// for more information on using Contexts. 14177func (c *Organizations) UpdateOrganizationalUnitWithContext(ctx aws.Context, input *UpdateOrganizationalUnitInput, opts ...request.Option) (*UpdateOrganizationalUnitOutput, error) { 14178 req, out := c.UpdateOrganizationalUnitRequest(input) 14179 req.SetContext(ctx) 14180 req.ApplyOptions(opts...) 14181 return out, req.Send() 14182} 14183 14184const opUpdatePolicy = "UpdatePolicy" 14185 14186// UpdatePolicyRequest generates a "aws/request.Request" representing the 14187// client's request for the UpdatePolicy operation. The "output" return 14188// value will be populated with the request's response once the request completes 14189// successfully. 14190// 14191// Use "Send" method on the returned Request to send the API call to the service. 14192// the "output" return value is not valid until after Send returns without error. 14193// 14194// See UpdatePolicy for more information on using the UpdatePolicy 14195// API call, and error handling. 14196// 14197// This method is useful when you want to inject custom logic or configuration 14198// into the SDK's request lifecycle. Such as custom headers, or retry logic. 14199// 14200// 14201// // Example sending a request using the UpdatePolicyRequest method. 14202// req, resp := client.UpdatePolicyRequest(params) 14203// 14204// err := req.Send() 14205// if err == nil { // resp is now filled 14206// fmt.Println(resp) 14207// } 14208// 14209// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdatePolicy 14210func (c *Organizations) UpdatePolicyRequest(input *UpdatePolicyInput) (req *request.Request, output *UpdatePolicyOutput) { 14211 op := &request.Operation{ 14212 Name: opUpdatePolicy, 14213 HTTPMethod: "POST", 14214 HTTPPath: "/", 14215 } 14216 14217 if input == nil { 14218 input = &UpdatePolicyInput{} 14219 } 14220 14221 output = &UpdatePolicyOutput{} 14222 req = c.newRequest(op, input, output) 14223 return 14224} 14225 14226// UpdatePolicy API operation for AWS Organizations. 14227// 14228// Updates an existing policy with a new name, description, or content. If you 14229// don't supply any parameter, that value remains unchanged. You can't change 14230// a policy's type. 14231// 14232// This operation can be called only from the organization's management account. 14233// 14234// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 14235// with awserr.Error's Code and Message methods to get detailed information about 14236// the error. 14237// 14238// See the AWS API reference guide for AWS Organizations's 14239// API operation UpdatePolicy for usage and error information. 14240// 14241// Returned Error Types: 14242// * AccessDeniedException 14243// You don't have permissions to perform the requested operation. The user or 14244// role that is making the request must have at least one IAM permissions policy 14245// attached that grants the required permissions. For more information, see 14246// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 14247// in the IAM User Guide. 14248// 14249// * AWSOrganizationsNotInUseException 14250// Your account isn't a member of an organization. To make this request, you 14251// must use the credentials of an account that belongs to an organization. 14252// 14253// * ConcurrentModificationException 14254// The target of the operation is currently being modified by a different request. 14255// Try again later. 14256// 14257// * ConstraintViolationException 14258// Performing this operation violates a minimum or maximum value limit. For 14259// example, attempting to remove the last service control policy (SCP) from 14260// an OU or root, inviting or creating too many accounts to the organization, 14261// or attaching too many policies to an account, OU, or root. This exception 14262// includes a reason that contains additional information about the violated 14263// limit: 14264// 14265// Some of the reasons in the following list might not be applicable to this 14266// specific API or operation. 14267// 14268// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 14269// account from the organization. You can't remove the management account. 14270// Instead, after you remove all member accounts, delete the organization 14271// itself. 14272// 14273// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 14274// from the organization that doesn't yet have enough information to exist 14275// as a standalone account. This account requires you to first agree to the 14276// AWS Customer Agreement. Follow the steps at Removing a member account 14277// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 14278// the AWS Organizations User Guide. 14279// 14280// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 14281// an account from the organization that doesn't yet have enough information 14282// to exist as a standalone account. This account requires you to first complete 14283// phone verification. Follow the steps at Removing a member account from 14284// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 14285// in the AWS Organizations User Guide. 14286// 14287// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 14288// of accounts that you can create in one day. 14289// 14290// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 14291// the number of accounts in an organization. If you need more accounts, 14292// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 14293// request an increase in your limit. Or the number of invitations that you 14294// tried to send would cause you to exceed the limit of accounts in your 14295// organization. Send fewer invitations or contact AWS Support to request 14296// an increase in the number of accounts. Deleted and closed accounts still 14297// count toward your limit. If you get this exception when running a command 14298// immediately after creating the organization, wait one hour and try again. 14299// After an hour, if the command continues to fail with this error, contact 14300// AWS Support (https://console.aws.amazon.com/support/home#/). 14301// 14302// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 14303// register the management account of the organization as a delegated administrator 14304// for an AWS service integrated with Organizations. You can designate only 14305// a member account as a delegated administrator. 14306// 14307// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 14308// an account that is registered as a delegated administrator for a service 14309// integrated with your organization. To complete this operation, you must 14310// first deregister this account as a delegated administrator. 14311// 14312// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 14313// organization in the specified region, you must enable all features mode. 14314// 14315// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 14316// an AWS account as a delegated administrator for an AWS service that already 14317// has a delegated administrator. To complete this operation, you must first 14318// deregister any existing delegated administrators for this service. 14319// 14320// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 14321// valid for a limited period of time. You must resubmit the request and 14322// generate a new verfication code. 14323// 14324// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 14325// handshakes that you can send in one day. 14326// 14327// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 14328// in this organization, you first must migrate the organization's management 14329// account to the marketplace that corresponds to the management account's 14330// address. For example, accounts with India addresses must be associated 14331// with the AISPL marketplace. All accounts in an organization must be associated 14332// with the same marketplace. 14333// 14334// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 14335// in China. To create an organization, the master must have a valid business 14336// license. For more information, contact customer support. 14337// 14338// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 14339// must first provide a valid contact address and phone number for the management 14340// account. Then try the operation again. 14341// 14342// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 14343// management account must have an associated account in the AWS GovCloud 14344// (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 14345// in the AWS GovCloud User Guide. 14346// 14347// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 14348// with this management account, you first must associate a valid payment 14349// instrument, such as a credit card, with the account. Follow the steps 14350// at To leave an organization when all required account information has 14351// not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 14352// in the AWS Organizations User Guide. 14353// 14354// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 14355// to register more delegated administrators than allowed for the service 14356// principal. 14357// 14358// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 14359// number of policies of a certain type that can be attached to an entity 14360// at one time. 14361// 14362// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 14363// on this resource. 14364// 14365// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 14366// with this member account, you first must associate a valid payment instrument, 14367// such as a credit card, with the account. Follow the steps at To leave 14368// an organization when all required account information has not yet been 14369// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 14370// in the AWS Organizations User Guide. 14371// 14372// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 14373// policy from an entity that would cause the entity to have fewer than the 14374// minimum number of policies of a certain type required. 14375// 14376// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 14377// that requires the organization to be configured to support all features. 14378// An organization that supports only consolidated billing features can't 14379// perform this operation. 14380// 14381// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 14382// too many levels deep. 14383// 14384// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 14385// that you can have in an organization. 14386// 14387// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 14388// is larger than the maximum size. 14389// 14390// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 14391// policies that you can have in an organization. 14392// 14393// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 14394// tags that are not compliant with the tag policy requirements for this 14395// account. 14396// 14397// * DuplicatePolicyException 14398// A policy with the same name already exists. 14399// 14400// * InvalidInputException 14401// The requested operation failed because you provided invalid values for one 14402// or more of the request parameters. This exception includes a reason that 14403// contains additional information about the violated limit: 14404// 14405// Some of the reasons in the following list might not be applicable to this 14406// specific API or operation. 14407// 14408// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 14409// the same entity. 14410// 14411// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 14412// can't be modified. 14413// 14414// * INPUT_REQUIRED: You must include a value for all required parameters. 14415// 14416// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 14417// for the invited account owner. 14418// 14419// * INVALID_ENUM: You specified an invalid value. 14420// 14421// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 14422// 14423// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 14424// characters. 14425// 14426// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 14427// at least one invalid value. 14428// 14429// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 14430// from the response to a previous call of the operation. 14431// 14432// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 14433// organization, or email) as a party. 14434// 14435// * INVALID_PATTERN: You provided a value that doesn't match the required 14436// pattern. 14437// 14438// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 14439// match the required pattern. 14440// 14441// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 14442// name can't begin with the reserved prefix AWSServiceRoleFor. 14443// 14444// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 14445// Name (ARN) for the organization. 14446// 14447// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 14448// 14449// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 14450// tag. You can’t add, edit, or delete system tag keys because they're 14451// reserved for AWS use. System tags don’t count against your tags per 14452// resource limit. 14453// 14454// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 14455// for the operation. 14456// 14457// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 14458// than allowed. 14459// 14460// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 14461// value than allowed. 14462// 14463// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 14464// than allowed. 14465// 14466// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 14467// value than allowed. 14468// 14469// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 14470// between entities in the same root. 14471// 14472// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 14473// target entity. 14474// 14475// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 14476// isn't recognized. 14477// 14478// * MalformedPolicyDocumentException 14479// The provided policy document doesn't meet the requirements of the specified 14480// policy type. For example, the syntax might be incorrect. For details about 14481// service control policy syntax, see Service Control Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html) 14482// in the AWS Organizations User Guide. 14483// 14484// * PolicyNotFoundException 14485// We can't find a policy with the PolicyId that you specified. 14486// 14487// * ServiceException 14488// AWS Organizations can't complete your request because of an internal service 14489// error. Try again later. 14490// 14491// * TooManyRequestsException 14492// You have sent too many requests in too short a period of time. The quota 14493// helps protect against denial-of-service attacks. Try again later. 14494// 14495// For information about quotas that affect AWS Organizations, see Quotas for 14496// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 14497// the AWS Organizations User Guide. 14498// 14499// * UnsupportedAPIEndpointException 14500// This action isn't available in the current AWS Region. 14501// 14502// * PolicyChangesInProgressException 14503// Changes to the effective policy are in progress, and its contents can't be 14504// returned. Try the operation again later. 14505// 14506// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdatePolicy 14507func (c *Organizations) UpdatePolicy(input *UpdatePolicyInput) (*UpdatePolicyOutput, error) { 14508 req, out := c.UpdatePolicyRequest(input) 14509 return out, req.Send() 14510} 14511 14512// UpdatePolicyWithContext is the same as UpdatePolicy with the addition of 14513// the ability to pass a context and additional request options. 14514// 14515// See UpdatePolicy for details on how to use this API operation. 14516// 14517// The context must be non-nil and will be used for request cancellation. If 14518// the context is nil a panic will occur. In the future the SDK may create 14519// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 14520// for more information on using Contexts. 14521func (c *Organizations) UpdatePolicyWithContext(ctx aws.Context, input *UpdatePolicyInput, opts ...request.Option) (*UpdatePolicyOutput, error) { 14522 req, out := c.UpdatePolicyRequest(input) 14523 req.SetContext(ctx) 14524 req.ApplyOptions(opts...) 14525 return out, req.Send() 14526} 14527 14528// Your account isn't a member of an organization. To make this request, you 14529// must use the credentials of an account that belongs to an organization. 14530type AWSOrganizationsNotInUseException struct { 14531 _ struct{} `type:"structure"` 14532 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 14533 14534 Message_ *string `locationName:"Message" type:"string"` 14535} 14536 14537// String returns the string representation 14538func (s AWSOrganizationsNotInUseException) String() string { 14539 return awsutil.Prettify(s) 14540} 14541 14542// GoString returns the string representation 14543func (s AWSOrganizationsNotInUseException) GoString() string { 14544 return s.String() 14545} 14546 14547func newErrorAWSOrganizationsNotInUseException(v protocol.ResponseMetadata) error { 14548 return &AWSOrganizationsNotInUseException{ 14549 RespMetadata: v, 14550 } 14551} 14552 14553// Code returns the exception type name. 14554func (s *AWSOrganizationsNotInUseException) Code() string { 14555 return "AWSOrganizationsNotInUseException" 14556} 14557 14558// Message returns the exception's message. 14559func (s *AWSOrganizationsNotInUseException) Message() string { 14560 if s.Message_ != nil { 14561 return *s.Message_ 14562 } 14563 return "" 14564} 14565 14566// OrigErr always returns nil, satisfies awserr.Error interface. 14567func (s *AWSOrganizationsNotInUseException) OrigErr() error { 14568 return nil 14569} 14570 14571func (s *AWSOrganizationsNotInUseException) Error() string { 14572 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 14573} 14574 14575// Status code returns the HTTP status code for the request's response error. 14576func (s *AWSOrganizationsNotInUseException) StatusCode() int { 14577 return s.RespMetadata.StatusCode 14578} 14579 14580// RequestID returns the service's response RequestID for request. 14581func (s *AWSOrganizationsNotInUseException) RequestID() string { 14582 return s.RespMetadata.RequestID 14583} 14584 14585type AcceptHandshakeInput struct { 14586 _ struct{} `type:"structure"` 14587 14588 // The unique identifier (ID) of the handshake that you want to accept. 14589 // 14590 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 14591 // requires "h-" followed by from 8 to 32 lowercase letters or digits. 14592 // 14593 // HandshakeId is a required field 14594 HandshakeId *string `type:"string" required:"true"` 14595} 14596 14597// String returns the string representation 14598func (s AcceptHandshakeInput) String() string { 14599 return awsutil.Prettify(s) 14600} 14601 14602// GoString returns the string representation 14603func (s AcceptHandshakeInput) GoString() string { 14604 return s.String() 14605} 14606 14607// Validate inspects the fields of the type to determine if they are valid. 14608func (s *AcceptHandshakeInput) Validate() error { 14609 invalidParams := request.ErrInvalidParams{Context: "AcceptHandshakeInput"} 14610 if s.HandshakeId == nil { 14611 invalidParams.Add(request.NewErrParamRequired("HandshakeId")) 14612 } 14613 14614 if invalidParams.Len() > 0 { 14615 return invalidParams 14616 } 14617 return nil 14618} 14619 14620// SetHandshakeId sets the HandshakeId field's value. 14621func (s *AcceptHandshakeInput) SetHandshakeId(v string) *AcceptHandshakeInput { 14622 s.HandshakeId = &v 14623 return s 14624} 14625 14626type AcceptHandshakeOutput struct { 14627 _ struct{} `type:"structure"` 14628 14629 // A structure that contains details about the accepted handshake. 14630 Handshake *Handshake `type:"structure"` 14631} 14632 14633// String returns the string representation 14634func (s AcceptHandshakeOutput) String() string { 14635 return awsutil.Prettify(s) 14636} 14637 14638// GoString returns the string representation 14639func (s AcceptHandshakeOutput) GoString() string { 14640 return s.String() 14641} 14642 14643// SetHandshake sets the Handshake field's value. 14644func (s *AcceptHandshakeOutput) SetHandshake(v *Handshake) *AcceptHandshakeOutput { 14645 s.Handshake = v 14646 return s 14647} 14648 14649// You don't have permissions to perform the requested operation. The user or 14650// role that is making the request must have at least one IAM permissions policy 14651// attached that grants the required permissions. For more information, see 14652// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 14653// in the IAM User Guide. 14654type AccessDeniedException struct { 14655 _ struct{} `type:"structure"` 14656 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 14657 14658 Message_ *string `locationName:"Message" type:"string"` 14659} 14660 14661// String returns the string representation 14662func (s AccessDeniedException) String() string { 14663 return awsutil.Prettify(s) 14664} 14665 14666// GoString returns the string representation 14667func (s AccessDeniedException) GoString() string { 14668 return s.String() 14669} 14670 14671func newErrorAccessDeniedException(v protocol.ResponseMetadata) error { 14672 return &AccessDeniedException{ 14673 RespMetadata: v, 14674 } 14675} 14676 14677// Code returns the exception type name. 14678func (s *AccessDeniedException) Code() string { 14679 return "AccessDeniedException" 14680} 14681 14682// Message returns the exception's message. 14683func (s *AccessDeniedException) Message() string { 14684 if s.Message_ != nil { 14685 return *s.Message_ 14686 } 14687 return "" 14688} 14689 14690// OrigErr always returns nil, satisfies awserr.Error interface. 14691func (s *AccessDeniedException) OrigErr() error { 14692 return nil 14693} 14694 14695func (s *AccessDeniedException) Error() string { 14696 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 14697} 14698 14699// Status code returns the HTTP status code for the request's response error. 14700func (s *AccessDeniedException) StatusCode() int { 14701 return s.RespMetadata.StatusCode 14702} 14703 14704// RequestID returns the service's response RequestID for request. 14705func (s *AccessDeniedException) RequestID() string { 14706 return s.RespMetadata.RequestID 14707} 14708 14709// The operation that you attempted requires you to have the iam:CreateServiceLinkedRole 14710// for organizations.amazonaws.com permission so that AWS Organizations can 14711// create the required service-linked role. You don't have that permission. 14712type AccessDeniedForDependencyException struct { 14713 _ struct{} `type:"structure"` 14714 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 14715 14716 Message_ *string `locationName:"Message" type:"string"` 14717 14718 Reason *string `type:"string" enum:"AccessDeniedForDependencyExceptionReason"` 14719} 14720 14721// String returns the string representation 14722func (s AccessDeniedForDependencyException) String() string { 14723 return awsutil.Prettify(s) 14724} 14725 14726// GoString returns the string representation 14727func (s AccessDeniedForDependencyException) GoString() string { 14728 return s.String() 14729} 14730 14731func newErrorAccessDeniedForDependencyException(v protocol.ResponseMetadata) error { 14732 return &AccessDeniedForDependencyException{ 14733 RespMetadata: v, 14734 } 14735} 14736 14737// Code returns the exception type name. 14738func (s *AccessDeniedForDependencyException) Code() string { 14739 return "AccessDeniedForDependencyException" 14740} 14741 14742// Message returns the exception's message. 14743func (s *AccessDeniedForDependencyException) Message() string { 14744 if s.Message_ != nil { 14745 return *s.Message_ 14746 } 14747 return "" 14748} 14749 14750// OrigErr always returns nil, satisfies awserr.Error interface. 14751func (s *AccessDeniedForDependencyException) OrigErr() error { 14752 return nil 14753} 14754 14755func (s *AccessDeniedForDependencyException) Error() string { 14756 return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) 14757} 14758 14759// Status code returns the HTTP status code for the request's response error. 14760func (s *AccessDeniedForDependencyException) StatusCode() int { 14761 return s.RespMetadata.StatusCode 14762} 14763 14764// RequestID returns the service's response RequestID for request. 14765func (s *AccessDeniedForDependencyException) RequestID() string { 14766 return s.RespMetadata.RequestID 14767} 14768 14769// Contains information about an AWS account that is a member of an organization. 14770type Account struct { 14771 _ struct{} `type:"structure"` 14772 14773 // The Amazon Resource Name (ARN) of the account. 14774 // 14775 // For more information about ARNs in Organizations, see ARN Formats Supported 14776 // by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) 14777 // in the AWS Service Authorization Reference. 14778 Arn *string `type:"string"` 14779 14780 // The email address associated with the AWS account. 14781 // 14782 // The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is 14783 // a string of characters that represents a standard internet email address. 14784 Email *string `min:"6" type:"string" sensitive:"true"` 14785 14786 // The unique identifier (ID) of the account. 14787 // 14788 // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string 14789 // requires exactly 12 digits. 14790 Id *string `type:"string"` 14791 14792 // The method by which the account joined the organization. 14793 JoinedMethod *string `type:"string" enum:"AccountJoinedMethod"` 14794 14795 // The date the account became a part of the organization. 14796 JoinedTimestamp *time.Time `type:"timestamp"` 14797 14798 // The friendly name of the account. 14799 // 14800 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 14801 // this parameter is a string of any of the characters in the ASCII character 14802 // range. 14803 Name *string `min:"1" type:"string" sensitive:"true"` 14804 14805 // The status of the account in the organization. 14806 Status *string `type:"string" enum:"AccountStatus"` 14807} 14808 14809// String returns the string representation 14810func (s Account) String() string { 14811 return awsutil.Prettify(s) 14812} 14813 14814// GoString returns the string representation 14815func (s Account) GoString() string { 14816 return s.String() 14817} 14818 14819// SetArn sets the Arn field's value. 14820func (s *Account) SetArn(v string) *Account { 14821 s.Arn = &v 14822 return s 14823} 14824 14825// SetEmail sets the Email field's value. 14826func (s *Account) SetEmail(v string) *Account { 14827 s.Email = &v 14828 return s 14829} 14830 14831// SetId sets the Id field's value. 14832func (s *Account) SetId(v string) *Account { 14833 s.Id = &v 14834 return s 14835} 14836 14837// SetJoinedMethod sets the JoinedMethod field's value. 14838func (s *Account) SetJoinedMethod(v string) *Account { 14839 s.JoinedMethod = &v 14840 return s 14841} 14842 14843// SetJoinedTimestamp sets the JoinedTimestamp field's value. 14844func (s *Account) SetJoinedTimestamp(v time.Time) *Account { 14845 s.JoinedTimestamp = &v 14846 return s 14847} 14848 14849// SetName sets the Name field's value. 14850func (s *Account) SetName(v string) *Account { 14851 s.Name = &v 14852 return s 14853} 14854 14855// SetStatus sets the Status field's value. 14856func (s *Account) SetStatus(v string) *Account { 14857 s.Status = &v 14858 return s 14859} 14860 14861// The specified account is already a delegated administrator for this AWS service. 14862type AccountAlreadyRegisteredException struct { 14863 _ struct{} `type:"structure"` 14864 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 14865 14866 Message_ *string `locationName:"Message" type:"string"` 14867} 14868 14869// String returns the string representation 14870func (s AccountAlreadyRegisteredException) String() string { 14871 return awsutil.Prettify(s) 14872} 14873 14874// GoString returns the string representation 14875func (s AccountAlreadyRegisteredException) GoString() string { 14876 return s.String() 14877} 14878 14879func newErrorAccountAlreadyRegisteredException(v protocol.ResponseMetadata) error { 14880 return &AccountAlreadyRegisteredException{ 14881 RespMetadata: v, 14882 } 14883} 14884 14885// Code returns the exception type name. 14886func (s *AccountAlreadyRegisteredException) Code() string { 14887 return "AccountAlreadyRegisteredException" 14888} 14889 14890// Message returns the exception's message. 14891func (s *AccountAlreadyRegisteredException) Message() string { 14892 if s.Message_ != nil { 14893 return *s.Message_ 14894 } 14895 return "" 14896} 14897 14898// OrigErr always returns nil, satisfies awserr.Error interface. 14899func (s *AccountAlreadyRegisteredException) OrigErr() error { 14900 return nil 14901} 14902 14903func (s *AccountAlreadyRegisteredException) Error() string { 14904 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 14905} 14906 14907// Status code returns the HTTP status code for the request's response error. 14908func (s *AccountAlreadyRegisteredException) StatusCode() int { 14909 return s.RespMetadata.StatusCode 14910} 14911 14912// RequestID returns the service's response RequestID for request. 14913func (s *AccountAlreadyRegisteredException) RequestID() string { 14914 return s.RespMetadata.RequestID 14915} 14916 14917// We can't find an AWS account with the AccountId that you specified, or the 14918// account whose credentials you used to make this request isn't a member of 14919// an organization. 14920type AccountNotFoundException struct { 14921 _ struct{} `type:"structure"` 14922 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 14923 14924 Message_ *string `locationName:"Message" type:"string"` 14925} 14926 14927// String returns the string representation 14928func (s AccountNotFoundException) String() string { 14929 return awsutil.Prettify(s) 14930} 14931 14932// GoString returns the string representation 14933func (s AccountNotFoundException) GoString() string { 14934 return s.String() 14935} 14936 14937func newErrorAccountNotFoundException(v protocol.ResponseMetadata) error { 14938 return &AccountNotFoundException{ 14939 RespMetadata: v, 14940 } 14941} 14942 14943// Code returns the exception type name. 14944func (s *AccountNotFoundException) Code() string { 14945 return "AccountNotFoundException" 14946} 14947 14948// Message returns the exception's message. 14949func (s *AccountNotFoundException) Message() string { 14950 if s.Message_ != nil { 14951 return *s.Message_ 14952 } 14953 return "" 14954} 14955 14956// OrigErr always returns nil, satisfies awserr.Error interface. 14957func (s *AccountNotFoundException) OrigErr() error { 14958 return nil 14959} 14960 14961func (s *AccountNotFoundException) Error() string { 14962 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 14963} 14964 14965// Status code returns the HTTP status code for the request's response error. 14966func (s *AccountNotFoundException) StatusCode() int { 14967 return s.RespMetadata.StatusCode 14968} 14969 14970// RequestID returns the service's response RequestID for request. 14971func (s *AccountNotFoundException) RequestID() string { 14972 return s.RespMetadata.RequestID 14973} 14974 14975// The specified account is not a delegated administrator for this AWS service. 14976type AccountNotRegisteredException struct { 14977 _ struct{} `type:"structure"` 14978 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 14979 14980 Message_ *string `locationName:"Message" type:"string"` 14981} 14982 14983// String returns the string representation 14984func (s AccountNotRegisteredException) String() string { 14985 return awsutil.Prettify(s) 14986} 14987 14988// GoString returns the string representation 14989func (s AccountNotRegisteredException) GoString() string { 14990 return s.String() 14991} 14992 14993func newErrorAccountNotRegisteredException(v protocol.ResponseMetadata) error { 14994 return &AccountNotRegisteredException{ 14995 RespMetadata: v, 14996 } 14997} 14998 14999// Code returns the exception type name. 15000func (s *AccountNotRegisteredException) Code() string { 15001 return "AccountNotRegisteredException" 15002} 15003 15004// Message returns the exception's message. 15005func (s *AccountNotRegisteredException) Message() string { 15006 if s.Message_ != nil { 15007 return *s.Message_ 15008 } 15009 return "" 15010} 15011 15012// OrigErr always returns nil, satisfies awserr.Error interface. 15013func (s *AccountNotRegisteredException) OrigErr() error { 15014 return nil 15015} 15016 15017func (s *AccountNotRegisteredException) Error() string { 15018 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 15019} 15020 15021// Status code returns the HTTP status code for the request's response error. 15022func (s *AccountNotRegisteredException) StatusCode() int { 15023 return s.RespMetadata.StatusCode 15024} 15025 15026// RequestID returns the service's response RequestID for request. 15027func (s *AccountNotRegisteredException) RequestID() string { 15028 return s.RespMetadata.RequestID 15029} 15030 15031// You can't invite an existing account to your organization until you verify 15032// that you own the email address associated with the management account. For 15033// more information, see Email Address Verification (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_create.html#about-email-verification) 15034// in the AWS Organizations User Guide. 15035type AccountOwnerNotVerifiedException struct { 15036 _ struct{} `type:"structure"` 15037 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 15038 15039 Message_ *string `locationName:"Message" type:"string"` 15040} 15041 15042// String returns the string representation 15043func (s AccountOwnerNotVerifiedException) String() string { 15044 return awsutil.Prettify(s) 15045} 15046 15047// GoString returns the string representation 15048func (s AccountOwnerNotVerifiedException) GoString() string { 15049 return s.String() 15050} 15051 15052func newErrorAccountOwnerNotVerifiedException(v protocol.ResponseMetadata) error { 15053 return &AccountOwnerNotVerifiedException{ 15054 RespMetadata: v, 15055 } 15056} 15057 15058// Code returns the exception type name. 15059func (s *AccountOwnerNotVerifiedException) Code() string { 15060 return "AccountOwnerNotVerifiedException" 15061} 15062 15063// Message returns the exception's message. 15064func (s *AccountOwnerNotVerifiedException) Message() string { 15065 if s.Message_ != nil { 15066 return *s.Message_ 15067 } 15068 return "" 15069} 15070 15071// OrigErr always returns nil, satisfies awserr.Error interface. 15072func (s *AccountOwnerNotVerifiedException) OrigErr() error { 15073 return nil 15074} 15075 15076func (s *AccountOwnerNotVerifiedException) Error() string { 15077 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 15078} 15079 15080// Status code returns the HTTP status code for the request's response error. 15081func (s *AccountOwnerNotVerifiedException) StatusCode() int { 15082 return s.RespMetadata.StatusCode 15083} 15084 15085// RequestID returns the service's response RequestID for request. 15086func (s *AccountOwnerNotVerifiedException) RequestID() string { 15087 return s.RespMetadata.RequestID 15088} 15089 15090// This account is already a member of an organization. An account can belong 15091// to only one organization at a time. 15092type AlreadyInOrganizationException struct { 15093 _ struct{} `type:"structure"` 15094 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 15095 15096 Message_ *string `locationName:"Message" type:"string"` 15097} 15098 15099// String returns the string representation 15100func (s AlreadyInOrganizationException) String() string { 15101 return awsutil.Prettify(s) 15102} 15103 15104// GoString returns the string representation 15105func (s AlreadyInOrganizationException) GoString() string { 15106 return s.String() 15107} 15108 15109func newErrorAlreadyInOrganizationException(v protocol.ResponseMetadata) error { 15110 return &AlreadyInOrganizationException{ 15111 RespMetadata: v, 15112 } 15113} 15114 15115// Code returns the exception type name. 15116func (s *AlreadyInOrganizationException) Code() string { 15117 return "AlreadyInOrganizationException" 15118} 15119 15120// Message returns the exception's message. 15121func (s *AlreadyInOrganizationException) Message() string { 15122 if s.Message_ != nil { 15123 return *s.Message_ 15124 } 15125 return "" 15126} 15127 15128// OrigErr always returns nil, satisfies awserr.Error interface. 15129func (s *AlreadyInOrganizationException) OrigErr() error { 15130 return nil 15131} 15132 15133func (s *AlreadyInOrganizationException) Error() string { 15134 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 15135} 15136 15137// Status code returns the HTTP status code for the request's response error. 15138func (s *AlreadyInOrganizationException) StatusCode() int { 15139 return s.RespMetadata.StatusCode 15140} 15141 15142// RequestID returns the service's response RequestID for request. 15143func (s *AlreadyInOrganizationException) RequestID() string { 15144 return s.RespMetadata.RequestID 15145} 15146 15147type AttachPolicyInput struct { 15148 _ struct{} `type:"structure"` 15149 15150 // The unique identifier (ID) of the policy that you want to attach to the target. 15151 // You can get the ID for the policy by calling the ListPolicies operation. 15152 // 15153 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 15154 // requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits, 15155 // or the underscore character (_). 15156 // 15157 // PolicyId is a required field 15158 PolicyId *string `type:"string" required:"true"` 15159 15160 // The unique identifier (ID) of the root, OU, or account that you want to attach 15161 // the policy to. You can get the ID by calling the ListRoots, ListOrganizationalUnitsForParent, 15162 // or ListAccounts operations. 15163 // 15164 // The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string 15165 // requires one of the following: 15166 // 15167 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 15168 // letters or digits. 15169 // 15170 // * Account - A string that consists of exactly 12 digits. 15171 // 15172 // * Organizational unit (OU) - A string that begins with "ou-" followed 15173 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 15174 // OU is in). This string is followed by a second "-" dash and from 8 to 15175 // 32 additional lowercase letters or digits. 15176 // 15177 // TargetId is a required field 15178 TargetId *string `type:"string" required:"true"` 15179} 15180 15181// String returns the string representation 15182func (s AttachPolicyInput) String() string { 15183 return awsutil.Prettify(s) 15184} 15185 15186// GoString returns the string representation 15187func (s AttachPolicyInput) GoString() string { 15188 return s.String() 15189} 15190 15191// Validate inspects the fields of the type to determine if they are valid. 15192func (s *AttachPolicyInput) Validate() error { 15193 invalidParams := request.ErrInvalidParams{Context: "AttachPolicyInput"} 15194 if s.PolicyId == nil { 15195 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 15196 } 15197 if s.TargetId == nil { 15198 invalidParams.Add(request.NewErrParamRequired("TargetId")) 15199 } 15200 15201 if invalidParams.Len() > 0 { 15202 return invalidParams 15203 } 15204 return nil 15205} 15206 15207// SetPolicyId sets the PolicyId field's value. 15208func (s *AttachPolicyInput) SetPolicyId(v string) *AttachPolicyInput { 15209 s.PolicyId = &v 15210 return s 15211} 15212 15213// SetTargetId sets the TargetId field's value. 15214func (s *AttachPolicyInput) SetTargetId(v string) *AttachPolicyInput { 15215 s.TargetId = &v 15216 return s 15217} 15218 15219type AttachPolicyOutput struct { 15220 _ struct{} `type:"structure"` 15221} 15222 15223// String returns the string representation 15224func (s AttachPolicyOutput) String() string { 15225 return awsutil.Prettify(s) 15226} 15227 15228// GoString returns the string representation 15229func (s AttachPolicyOutput) GoString() string { 15230 return s.String() 15231} 15232 15233type CancelHandshakeInput struct { 15234 _ struct{} `type:"structure"` 15235 15236 // The unique identifier (ID) of the handshake that you want to cancel. You 15237 // can get the ID from the ListHandshakesForOrganization operation. 15238 // 15239 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 15240 // requires "h-" followed by from 8 to 32 lowercase letters or digits. 15241 // 15242 // HandshakeId is a required field 15243 HandshakeId *string `type:"string" required:"true"` 15244} 15245 15246// String returns the string representation 15247func (s CancelHandshakeInput) String() string { 15248 return awsutil.Prettify(s) 15249} 15250 15251// GoString returns the string representation 15252func (s CancelHandshakeInput) GoString() string { 15253 return s.String() 15254} 15255 15256// Validate inspects the fields of the type to determine if they are valid. 15257func (s *CancelHandshakeInput) Validate() error { 15258 invalidParams := request.ErrInvalidParams{Context: "CancelHandshakeInput"} 15259 if s.HandshakeId == nil { 15260 invalidParams.Add(request.NewErrParamRequired("HandshakeId")) 15261 } 15262 15263 if invalidParams.Len() > 0 { 15264 return invalidParams 15265 } 15266 return nil 15267} 15268 15269// SetHandshakeId sets the HandshakeId field's value. 15270func (s *CancelHandshakeInput) SetHandshakeId(v string) *CancelHandshakeInput { 15271 s.HandshakeId = &v 15272 return s 15273} 15274 15275type CancelHandshakeOutput struct { 15276 _ struct{} `type:"structure"` 15277 15278 // A structure that contains details about the handshake that you canceled. 15279 Handshake *Handshake `type:"structure"` 15280} 15281 15282// String returns the string representation 15283func (s CancelHandshakeOutput) String() string { 15284 return awsutil.Prettify(s) 15285} 15286 15287// GoString returns the string representation 15288func (s CancelHandshakeOutput) GoString() string { 15289 return s.String() 15290} 15291 15292// SetHandshake sets the Handshake field's value. 15293func (s *CancelHandshakeOutput) SetHandshake(v *Handshake) *CancelHandshakeOutput { 15294 s.Handshake = v 15295 return s 15296} 15297 15298// Contains a list of child entities, either OUs or accounts. 15299type Child struct { 15300 _ struct{} `type:"structure"` 15301 15302 // The unique identifier (ID) of this child entity. 15303 // 15304 // The regex pattern (http://wikipedia.org/wiki/regex) for a child ID string 15305 // requires one of the following: 15306 // 15307 // * Account - A string that consists of exactly 12 digits. 15308 // 15309 // * Organizational unit (OU) - A string that begins with "ou-" followed 15310 // by from 4 to 32 lowercase letters or digits (the ID of the root that contains 15311 // the OU). This string is followed by a second "-" dash and from 8 to 32 15312 // additional lowercase letters or digits. 15313 Id *string `type:"string"` 15314 15315 // The type of this child entity. 15316 Type *string `type:"string" enum:"ChildType"` 15317} 15318 15319// String returns the string representation 15320func (s Child) String() string { 15321 return awsutil.Prettify(s) 15322} 15323 15324// GoString returns the string representation 15325func (s Child) GoString() string { 15326 return s.String() 15327} 15328 15329// SetId sets the Id field's value. 15330func (s *Child) SetId(v string) *Child { 15331 s.Id = &v 15332 return s 15333} 15334 15335// SetType sets the Type field's value. 15336func (s *Child) SetType(v string) *Child { 15337 s.Type = &v 15338 return s 15339} 15340 15341// We can't find an organizational unit (OU) or AWS account with the ChildId 15342// that you specified. 15343type ChildNotFoundException struct { 15344 _ struct{} `type:"structure"` 15345 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 15346 15347 Message_ *string `locationName:"Message" type:"string"` 15348} 15349 15350// String returns the string representation 15351func (s ChildNotFoundException) String() string { 15352 return awsutil.Prettify(s) 15353} 15354 15355// GoString returns the string representation 15356func (s ChildNotFoundException) GoString() string { 15357 return s.String() 15358} 15359 15360func newErrorChildNotFoundException(v protocol.ResponseMetadata) error { 15361 return &ChildNotFoundException{ 15362 RespMetadata: v, 15363 } 15364} 15365 15366// Code returns the exception type name. 15367func (s *ChildNotFoundException) Code() string { 15368 return "ChildNotFoundException" 15369} 15370 15371// Message returns the exception's message. 15372func (s *ChildNotFoundException) Message() string { 15373 if s.Message_ != nil { 15374 return *s.Message_ 15375 } 15376 return "" 15377} 15378 15379// OrigErr always returns nil, satisfies awserr.Error interface. 15380func (s *ChildNotFoundException) OrigErr() error { 15381 return nil 15382} 15383 15384func (s *ChildNotFoundException) Error() string { 15385 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 15386} 15387 15388// Status code returns the HTTP status code for the request's response error. 15389func (s *ChildNotFoundException) StatusCode() int { 15390 return s.RespMetadata.StatusCode 15391} 15392 15393// RequestID returns the service's response RequestID for request. 15394func (s *ChildNotFoundException) RequestID() string { 15395 return s.RespMetadata.RequestID 15396} 15397 15398// The target of the operation is currently being modified by a different request. 15399// Try again later. 15400type ConcurrentModificationException struct { 15401 _ struct{} `type:"structure"` 15402 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 15403 15404 Message_ *string `locationName:"Message" type:"string"` 15405} 15406 15407// String returns the string representation 15408func (s ConcurrentModificationException) String() string { 15409 return awsutil.Prettify(s) 15410} 15411 15412// GoString returns the string representation 15413func (s ConcurrentModificationException) GoString() string { 15414 return s.String() 15415} 15416 15417func newErrorConcurrentModificationException(v protocol.ResponseMetadata) error { 15418 return &ConcurrentModificationException{ 15419 RespMetadata: v, 15420 } 15421} 15422 15423// Code returns the exception type name. 15424func (s *ConcurrentModificationException) Code() string { 15425 return "ConcurrentModificationException" 15426} 15427 15428// Message returns the exception's message. 15429func (s *ConcurrentModificationException) Message() string { 15430 if s.Message_ != nil { 15431 return *s.Message_ 15432 } 15433 return "" 15434} 15435 15436// OrigErr always returns nil, satisfies awserr.Error interface. 15437func (s *ConcurrentModificationException) OrigErr() error { 15438 return nil 15439} 15440 15441func (s *ConcurrentModificationException) Error() string { 15442 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 15443} 15444 15445// Status code returns the HTTP status code for the request's response error. 15446func (s *ConcurrentModificationException) StatusCode() int { 15447 return s.RespMetadata.StatusCode 15448} 15449 15450// RequestID returns the service's response RequestID for request. 15451func (s *ConcurrentModificationException) RequestID() string { 15452 return s.RespMetadata.RequestID 15453} 15454 15455// Performing this operation violates a minimum or maximum value limit. For 15456// example, attempting to remove the last service control policy (SCP) from 15457// an OU or root, inviting or creating too many accounts to the organization, 15458// or attaching too many policies to an account, OU, or root. This exception 15459// includes a reason that contains additional information about the violated 15460// limit: 15461// 15462// Some of the reasons in the following list might not be applicable to this 15463// specific API or operation. 15464// 15465// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 15466// account from the organization. You can't remove the management account. 15467// Instead, after you remove all member accounts, delete the organization 15468// itself. 15469// 15470// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 15471// from the organization that doesn't yet have enough information to exist 15472// as a standalone account. This account requires you to first agree to the 15473// AWS Customer Agreement. Follow the steps at Removing a member account 15474// from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 15475// the AWS Organizations User Guide. 15476// 15477// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 15478// an account from the organization that doesn't yet have enough information 15479// to exist as a standalone account. This account requires you to first complete 15480// phone verification. Follow the steps at Removing a member account from 15481// your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 15482// in the AWS Organizations User Guide. 15483// 15484// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 15485// of accounts that you can create in one day. 15486// 15487// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 15488// the number of accounts in an organization. If you need more accounts, 15489// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 15490// request an increase in your limit. Or the number of invitations that you 15491// tried to send would cause you to exceed the limit of accounts in your 15492// organization. Send fewer invitations or contact AWS Support to request 15493// an increase in the number of accounts. Deleted and closed accounts still 15494// count toward your limit. If you get this exception when running a command 15495// immediately after creating the organization, wait one hour and try again. 15496// After an hour, if the command continues to fail with this error, contact 15497// AWS Support (https://console.aws.amazon.com/support/home#/). 15498// 15499// * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 15500// register the management account of the organization as a delegated administrator 15501// for an AWS service integrated with Organizations. You can designate only 15502// a member account as a delegated administrator. 15503// 15504// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 15505// an account that is registered as a delegated administrator for a service 15506// integrated with your organization. To complete this operation, you must 15507// first deregister this account as a delegated administrator. 15508// 15509// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 15510// organization in the specified region, you must enable all features mode. 15511// 15512// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 15513// an AWS account as a delegated administrator for an AWS service that already 15514// has a delegated administrator. To complete this operation, you must first 15515// deregister any existing delegated administrators for this service. 15516// 15517// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 15518// valid for a limited period of time. You must resubmit the request and 15519// generate a new verfication code. 15520// 15521// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 15522// handshakes that you can send in one day. 15523// 15524// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 15525// in this organization, you first must migrate the organization's management 15526// account to the marketplace that corresponds to the management account's 15527// address. For example, accounts with India addresses must be associated 15528// with the AISPL marketplace. All accounts in an organization must be associated 15529// with the same marketplace. 15530// 15531// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 15532// in China. To create an organization, the master must have a valid business 15533// license. For more information, contact customer support. 15534// 15535// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 15536// must first provide a valid contact address and phone number for the management 15537// account. Then try the operation again. 15538// 15539// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 15540// management account must have an associated account in the AWS GovCloud 15541// (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 15542// in the AWS GovCloud User Guide. 15543// 15544// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 15545// with this management account, you first must associate a valid payment 15546// instrument, such as a credit card, with the account. Follow the steps 15547// at To leave an organization when all required account information has 15548// not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 15549// in the AWS Organizations User Guide. 15550// 15551// * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 15552// to register more delegated administrators than allowed for the service 15553// principal. 15554// 15555// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 15556// number of policies of a certain type that can be attached to an entity 15557// at one time. 15558// 15559// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 15560// on this resource. 15561// 15562// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 15563// with this member account, you first must associate a valid payment instrument, 15564// such as a credit card, with the account. Follow the steps at To leave 15565// an organization when all required account information has not yet been 15566// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 15567// in the AWS Organizations User Guide. 15568// 15569// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 15570// policy from an entity that would cause the entity to have fewer than the 15571// minimum number of policies of a certain type required. 15572// 15573// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 15574// that requires the organization to be configured to support all features. 15575// An organization that supports only consolidated billing features can't 15576// perform this operation. 15577// 15578// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 15579// too many levels deep. 15580// 15581// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 15582// that you can have in an organization. 15583// 15584// * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 15585// is larger than the maximum size. 15586// 15587// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 15588// policies that you can have in an organization. 15589// 15590// * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 15591// tags that are not compliant with the tag policy requirements for this 15592// account. 15593type ConstraintViolationException struct { 15594 _ struct{} `type:"structure"` 15595 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 15596 15597 Message_ *string `locationName:"Message" type:"string"` 15598 15599 Reason *string `type:"string" enum:"ConstraintViolationExceptionReason"` 15600} 15601 15602// String returns the string representation 15603func (s ConstraintViolationException) String() string { 15604 return awsutil.Prettify(s) 15605} 15606 15607// GoString returns the string representation 15608func (s ConstraintViolationException) GoString() string { 15609 return s.String() 15610} 15611 15612func newErrorConstraintViolationException(v protocol.ResponseMetadata) error { 15613 return &ConstraintViolationException{ 15614 RespMetadata: v, 15615 } 15616} 15617 15618// Code returns the exception type name. 15619func (s *ConstraintViolationException) Code() string { 15620 return "ConstraintViolationException" 15621} 15622 15623// Message returns the exception's message. 15624func (s *ConstraintViolationException) Message() string { 15625 if s.Message_ != nil { 15626 return *s.Message_ 15627 } 15628 return "" 15629} 15630 15631// OrigErr always returns nil, satisfies awserr.Error interface. 15632func (s *ConstraintViolationException) OrigErr() error { 15633 return nil 15634} 15635 15636func (s *ConstraintViolationException) Error() string { 15637 return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) 15638} 15639 15640// Status code returns the HTTP status code for the request's response error. 15641func (s *ConstraintViolationException) StatusCode() int { 15642 return s.RespMetadata.StatusCode 15643} 15644 15645// RequestID returns the service's response RequestID for request. 15646func (s *ConstraintViolationException) RequestID() string { 15647 return s.RespMetadata.RequestID 15648} 15649 15650type CreateAccountInput struct { 15651 _ struct{} `type:"structure"` 15652 15653 // The friendly name of the member account. 15654 // 15655 // AccountName is a required field 15656 AccountName *string `min:"1" type:"string" required:"true" sensitive:"true"` 15657 15658 // The email address of the owner to assign to the new member account. This 15659 // email address must not already be associated with another AWS account. You 15660 // must use a valid email address to complete account creation. You can't access 15661 // the root user of the account or remove an account that was created with an 15662 // invalid email address. 15663 // 15664 // Email is a required field 15665 Email *string `min:"6" type:"string" required:"true" sensitive:"true"` 15666 15667 // If set to ALLOW, the new account enables IAM users to access account billing 15668 // information if they have the required permissions. If set to DENY, only the 15669 // root user of the new account can access account billing information. For 15670 // more information, see Activating Access to the Billing and Cost Management 15671 // Console (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate) 15672 // in the AWS Billing and Cost Management User Guide. 15673 // 15674 // If you don't specify this parameter, the value defaults to ALLOW, and IAM 15675 // users and roles with the required permissions can access billing information 15676 // for the new account. 15677 IamUserAccessToBilling *string `type:"string" enum:"IAMUserAccessToBilling"` 15678 15679 // (Optional) 15680 // 15681 // The name of an IAM role that AWS Organizations automatically preconfigures 15682 // in the new member account. This role trusts the management account, allowing 15683 // users in the management account to assume the role, as permitted by the management 15684 // account administrator. The role has administrator permissions in the new 15685 // member account. 15686 // 15687 // If you don't specify this parameter, the role name defaults to OrganizationAccountAccessRole. 15688 // 15689 // For more information about how to use this role to access the member account, 15690 // see the following links: 15691 // 15692 // * Accessing and Administering the Member Accounts in Your Organization 15693 // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role) 15694 // in the AWS Organizations User Guide 15695 // 15696 // * Steps 2 and 3 in Tutorial: Delegate Access Across AWS Accounts Using 15697 // IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html) 15698 // in the IAM User Guide 15699 // 15700 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 15701 // this parameter. The pattern can include uppercase letters, lowercase letters, 15702 // digits with no spaces, and any of the following characters: =,.@- 15703 RoleName *string `type:"string"` 15704 15705 // A list of tags that you want to attach to the newly created account. For 15706 // each tag in the list, you must specify both a tag key and a value. You can 15707 // set the value to an empty string, but you can't set it to null. For more 15708 // information about tagging, see Tagging AWS Organizations resources (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html) 15709 // in the AWS Organizations User Guide. 15710 // 15711 // If any one of the tags is invalid or if you exceed the allowed number of 15712 // tags for an account, then the entire request fails and the account is not 15713 // created. 15714 Tags []*Tag `type:"list"` 15715} 15716 15717// String returns the string representation 15718func (s CreateAccountInput) String() string { 15719 return awsutil.Prettify(s) 15720} 15721 15722// GoString returns the string representation 15723func (s CreateAccountInput) GoString() string { 15724 return s.String() 15725} 15726 15727// Validate inspects the fields of the type to determine if they are valid. 15728func (s *CreateAccountInput) Validate() error { 15729 invalidParams := request.ErrInvalidParams{Context: "CreateAccountInput"} 15730 if s.AccountName == nil { 15731 invalidParams.Add(request.NewErrParamRequired("AccountName")) 15732 } 15733 if s.AccountName != nil && len(*s.AccountName) < 1 { 15734 invalidParams.Add(request.NewErrParamMinLen("AccountName", 1)) 15735 } 15736 if s.Email == nil { 15737 invalidParams.Add(request.NewErrParamRequired("Email")) 15738 } 15739 if s.Email != nil && len(*s.Email) < 6 { 15740 invalidParams.Add(request.NewErrParamMinLen("Email", 6)) 15741 } 15742 if s.Tags != nil { 15743 for i, v := range s.Tags { 15744 if v == nil { 15745 continue 15746 } 15747 if err := v.Validate(); err != nil { 15748 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 15749 } 15750 } 15751 } 15752 15753 if invalidParams.Len() > 0 { 15754 return invalidParams 15755 } 15756 return nil 15757} 15758 15759// SetAccountName sets the AccountName field's value. 15760func (s *CreateAccountInput) SetAccountName(v string) *CreateAccountInput { 15761 s.AccountName = &v 15762 return s 15763} 15764 15765// SetEmail sets the Email field's value. 15766func (s *CreateAccountInput) SetEmail(v string) *CreateAccountInput { 15767 s.Email = &v 15768 return s 15769} 15770 15771// SetIamUserAccessToBilling sets the IamUserAccessToBilling field's value. 15772func (s *CreateAccountInput) SetIamUserAccessToBilling(v string) *CreateAccountInput { 15773 s.IamUserAccessToBilling = &v 15774 return s 15775} 15776 15777// SetRoleName sets the RoleName field's value. 15778func (s *CreateAccountInput) SetRoleName(v string) *CreateAccountInput { 15779 s.RoleName = &v 15780 return s 15781} 15782 15783// SetTags sets the Tags field's value. 15784func (s *CreateAccountInput) SetTags(v []*Tag) *CreateAccountInput { 15785 s.Tags = v 15786 return s 15787} 15788 15789type CreateAccountOutput struct { 15790 _ struct{} `type:"structure"` 15791 15792 // A structure that contains details about the request to create an account. 15793 // This response structure might not be fully populated when you first receive 15794 // it because account creation is an asynchronous process. You can pass the 15795 // returned CreateAccountStatus ID as a parameter to DescribeCreateAccountStatus 15796 // to get status about the progress of the request at later times. You can also 15797 // check the AWS CloudTrail log for the CreateAccountResult event. For more 15798 // information, see Monitoring the Activity in Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_monitoring.html) 15799 // in the AWS Organizations User Guide. 15800 CreateAccountStatus *CreateAccountStatus `type:"structure"` 15801} 15802 15803// String returns the string representation 15804func (s CreateAccountOutput) String() string { 15805 return awsutil.Prettify(s) 15806} 15807 15808// GoString returns the string representation 15809func (s CreateAccountOutput) GoString() string { 15810 return s.String() 15811} 15812 15813// SetCreateAccountStatus sets the CreateAccountStatus field's value. 15814func (s *CreateAccountOutput) SetCreateAccountStatus(v *CreateAccountStatus) *CreateAccountOutput { 15815 s.CreateAccountStatus = v 15816 return s 15817} 15818 15819// Contains the status about a CreateAccount or CreateGovCloudAccount request 15820// to create an AWS account or an AWS GovCloud (US) account in an organization. 15821type CreateAccountStatus struct { 15822 _ struct{} `type:"structure"` 15823 15824 // If the account was created successfully, the unique identifier (ID) of the 15825 // new account. 15826 // 15827 // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string 15828 // requires exactly 12 digits. 15829 AccountId *string `type:"string"` 15830 15831 // The account name given to the account when it was created. 15832 AccountName *string `min:"1" type:"string" sensitive:"true"` 15833 15834 // The date and time that the account was created and the request completed. 15835 CompletedTimestamp *time.Time `type:"timestamp"` 15836 15837 // If the request failed, a description of the reason for the failure. 15838 // 15839 // * ACCOUNT_LIMIT_EXCEEDED: The account couldn't be created because you 15840 // reached the limit on the number of accounts in your organization. 15841 // 15842 // * CONCURRENT_ACCOUNT_MODIFICATION: You already submitted a request with 15843 // the same information. 15844 // 15845 // * EMAIL_ALREADY_EXISTS: The account could not be created because another 15846 // AWS account with that email address already exists. 15847 // 15848 // * FAILED_BUSINESS_VALIDATION: The AWS account that owns your organization 15849 // failed to receive business license validation. 15850 // 15851 // * GOVCLOUD_ACCOUNT_ALREADY_EXISTS: The account in the AWS GovCloud (US) 15852 // Region could not be created because this Region already includes an account 15853 // with that email address. 15854 // 15855 // * IDENTITY_INVALID_BUSINESS_VALIDATION: The AWS account that owns your 15856 // organization can't complete business license validation because it doesn't 15857 // have valid identity data. 15858 // 15859 // * INVALID_ADDRESS: The account could not be created because the address 15860 // you provided is not valid. 15861 // 15862 // * INVALID_EMAIL: The account could not be created because the email address 15863 // you provided is not valid. 15864 // 15865 // * INTERNAL_FAILURE: The account could not be created because of an internal 15866 // failure. Try again later. If the problem persists, contact AWS Customer 15867 // Support. 15868 // 15869 // * MISSING_BUSINESS_VALIDATION: The AWS account that owns your organization 15870 // has not received Business Validation. 15871 // 15872 // * MISSING_PAYMENT_INSTRUMENT: You must configure the management account 15873 // with a valid payment method, such as a credit card. 15874 // 15875 // * PENDING_BUSINESS_VALIDATION: The AWS account that owns your organization 15876 // is still in the process of completing business license validation. 15877 // 15878 // * UNKNOWN_BUSINESS_VALIDATION: The AWS account that owns your organization 15879 // has an unknown issue with business license validation. 15880 FailureReason *string `type:"string" enum:"CreateAccountFailureReason"` 15881 15882 // If the account was created successfully, the unique identifier (ID) of the 15883 // new account in the AWS GovCloud (US) Region. 15884 GovCloudAccountId *string `type:"string"` 15885 15886 // The unique identifier (ID) that references this request. You get this value 15887 // from the response of the initial CreateAccount request to create the account. 15888 // 15889 // The regex pattern (http://wikipedia.org/wiki/regex) for a create account 15890 // request ID string requires "car-" followed by from 8 to 32 lowercase letters 15891 // or digits. 15892 Id *string `type:"string"` 15893 15894 // The date and time that the request was made for the account creation. 15895 RequestedTimestamp *time.Time `type:"timestamp"` 15896 15897 // The status of the asynchronous request to create an AWS account. 15898 State *string `type:"string" enum:"CreateAccountState"` 15899} 15900 15901// String returns the string representation 15902func (s CreateAccountStatus) String() string { 15903 return awsutil.Prettify(s) 15904} 15905 15906// GoString returns the string representation 15907func (s CreateAccountStatus) GoString() string { 15908 return s.String() 15909} 15910 15911// SetAccountId sets the AccountId field's value. 15912func (s *CreateAccountStatus) SetAccountId(v string) *CreateAccountStatus { 15913 s.AccountId = &v 15914 return s 15915} 15916 15917// SetAccountName sets the AccountName field's value. 15918func (s *CreateAccountStatus) SetAccountName(v string) *CreateAccountStatus { 15919 s.AccountName = &v 15920 return s 15921} 15922 15923// SetCompletedTimestamp sets the CompletedTimestamp field's value. 15924func (s *CreateAccountStatus) SetCompletedTimestamp(v time.Time) *CreateAccountStatus { 15925 s.CompletedTimestamp = &v 15926 return s 15927} 15928 15929// SetFailureReason sets the FailureReason field's value. 15930func (s *CreateAccountStatus) SetFailureReason(v string) *CreateAccountStatus { 15931 s.FailureReason = &v 15932 return s 15933} 15934 15935// SetGovCloudAccountId sets the GovCloudAccountId field's value. 15936func (s *CreateAccountStatus) SetGovCloudAccountId(v string) *CreateAccountStatus { 15937 s.GovCloudAccountId = &v 15938 return s 15939} 15940 15941// SetId sets the Id field's value. 15942func (s *CreateAccountStatus) SetId(v string) *CreateAccountStatus { 15943 s.Id = &v 15944 return s 15945} 15946 15947// SetRequestedTimestamp sets the RequestedTimestamp field's value. 15948func (s *CreateAccountStatus) SetRequestedTimestamp(v time.Time) *CreateAccountStatus { 15949 s.RequestedTimestamp = &v 15950 return s 15951} 15952 15953// SetState sets the State field's value. 15954func (s *CreateAccountStatus) SetState(v string) *CreateAccountStatus { 15955 s.State = &v 15956 return s 15957} 15958 15959// We can't find an create account request with the CreateAccountRequestId that 15960// you specified. 15961type CreateAccountStatusNotFoundException struct { 15962 _ struct{} `type:"structure"` 15963 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 15964 15965 Message_ *string `locationName:"Message" type:"string"` 15966} 15967 15968// String returns the string representation 15969func (s CreateAccountStatusNotFoundException) String() string { 15970 return awsutil.Prettify(s) 15971} 15972 15973// GoString returns the string representation 15974func (s CreateAccountStatusNotFoundException) GoString() string { 15975 return s.String() 15976} 15977 15978func newErrorCreateAccountStatusNotFoundException(v protocol.ResponseMetadata) error { 15979 return &CreateAccountStatusNotFoundException{ 15980 RespMetadata: v, 15981 } 15982} 15983 15984// Code returns the exception type name. 15985func (s *CreateAccountStatusNotFoundException) Code() string { 15986 return "CreateAccountStatusNotFoundException" 15987} 15988 15989// Message returns the exception's message. 15990func (s *CreateAccountStatusNotFoundException) Message() string { 15991 if s.Message_ != nil { 15992 return *s.Message_ 15993 } 15994 return "" 15995} 15996 15997// OrigErr always returns nil, satisfies awserr.Error interface. 15998func (s *CreateAccountStatusNotFoundException) OrigErr() error { 15999 return nil 16000} 16001 16002func (s *CreateAccountStatusNotFoundException) Error() string { 16003 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 16004} 16005 16006// Status code returns the HTTP status code for the request's response error. 16007func (s *CreateAccountStatusNotFoundException) StatusCode() int { 16008 return s.RespMetadata.StatusCode 16009} 16010 16011// RequestID returns the service's response RequestID for request. 16012func (s *CreateAccountStatusNotFoundException) RequestID() string { 16013 return s.RespMetadata.RequestID 16014} 16015 16016type CreateGovCloudAccountInput struct { 16017 _ struct{} `type:"structure"` 16018 16019 // The friendly name of the member account. 16020 // 16021 // AccountName is a required field 16022 AccountName *string `min:"1" type:"string" required:"true" sensitive:"true"` 16023 16024 // The email address of the owner to assign to the new member account in the 16025 // commercial Region. This email address must not already be associated with 16026 // another AWS account. You must use a valid email address to complete account 16027 // creation. You can't access the root user of the account or remove an account 16028 // that was created with an invalid email address. Like all request parameters 16029 // for CreateGovCloudAccount, the request for the email address for the AWS 16030 // GovCloud (US) account originates from the commercial Region, not from the 16031 // AWS GovCloud (US) Region. 16032 // 16033 // Email is a required field 16034 Email *string `min:"6" type:"string" required:"true" sensitive:"true"` 16035 16036 // If set to ALLOW, the new linked account in the commercial Region enables 16037 // IAM users to access account billing information if they have the required 16038 // permissions. If set to DENY, only the root user of the new account can access 16039 // account billing information. For more information, see Activating Access 16040 // to the Billing and Cost Management Console (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate) 16041 // in the AWS Billing and Cost Management User Guide. 16042 // 16043 // If you don't specify this parameter, the value defaults to ALLOW, and IAM 16044 // users and roles with the required permissions can access billing information 16045 // for the new account. 16046 IamUserAccessToBilling *string `type:"string" enum:"IAMUserAccessToBilling"` 16047 16048 // (Optional) 16049 // 16050 // The name of an IAM role that AWS Organizations automatically preconfigures 16051 // in the new member accounts in both the AWS GovCloud (US) Region and in the 16052 // commercial Region. This role trusts the management account, allowing users 16053 // in the management account to assume the role, as permitted by the management 16054 // account administrator. The role has administrator permissions in the new 16055 // member account. 16056 // 16057 // If you don't specify this parameter, the role name defaults to OrganizationAccountAccessRole. 16058 // 16059 // For more information about how to use this role to access the member account, 16060 // see Accessing and Administering the Member Accounts in Your Organization 16061 // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role) 16062 // in the AWS Organizations User Guide and steps 2 and 3 in Tutorial: Delegate 16063 // Access Across AWS Accounts Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html) 16064 // in the IAM User Guide. 16065 // 16066 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 16067 // this parameter. The pattern can include uppercase letters, lowercase letters, 16068 // digits with no spaces, and any of the following characters: =,.@- 16069 RoleName *string `type:"string"` 16070 16071 // A list of tags that you want to attach to the newly created account. These 16072 // tags are attached to the commercial account associated with the GovCloud 16073 // account, and not to the GovCloud account itself. To add tags to the actual 16074 // GovCloud account, call the TagResource operation in the GovCloud region after 16075 // the new GovCloud account exists. 16076 // 16077 // For each tag in the list, you must specify both a tag key and a value. You 16078 // can set the value to an empty string, but you can't set it to null. For more 16079 // information about tagging, see Tagging AWS Organizations resources (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html) 16080 // in the AWS Organizations User Guide. 16081 // 16082 // If any one of the tags is invalid or if you exceed the allowed number of 16083 // tags for an account, then the entire request fails and the account is not 16084 // created. 16085 Tags []*Tag `type:"list"` 16086} 16087 16088// String returns the string representation 16089func (s CreateGovCloudAccountInput) String() string { 16090 return awsutil.Prettify(s) 16091} 16092 16093// GoString returns the string representation 16094func (s CreateGovCloudAccountInput) GoString() string { 16095 return s.String() 16096} 16097 16098// Validate inspects the fields of the type to determine if they are valid. 16099func (s *CreateGovCloudAccountInput) Validate() error { 16100 invalidParams := request.ErrInvalidParams{Context: "CreateGovCloudAccountInput"} 16101 if s.AccountName == nil { 16102 invalidParams.Add(request.NewErrParamRequired("AccountName")) 16103 } 16104 if s.AccountName != nil && len(*s.AccountName) < 1 { 16105 invalidParams.Add(request.NewErrParamMinLen("AccountName", 1)) 16106 } 16107 if s.Email == nil { 16108 invalidParams.Add(request.NewErrParamRequired("Email")) 16109 } 16110 if s.Email != nil && len(*s.Email) < 6 { 16111 invalidParams.Add(request.NewErrParamMinLen("Email", 6)) 16112 } 16113 if s.Tags != nil { 16114 for i, v := range s.Tags { 16115 if v == nil { 16116 continue 16117 } 16118 if err := v.Validate(); err != nil { 16119 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 16120 } 16121 } 16122 } 16123 16124 if invalidParams.Len() > 0 { 16125 return invalidParams 16126 } 16127 return nil 16128} 16129 16130// SetAccountName sets the AccountName field's value. 16131func (s *CreateGovCloudAccountInput) SetAccountName(v string) *CreateGovCloudAccountInput { 16132 s.AccountName = &v 16133 return s 16134} 16135 16136// SetEmail sets the Email field's value. 16137func (s *CreateGovCloudAccountInput) SetEmail(v string) *CreateGovCloudAccountInput { 16138 s.Email = &v 16139 return s 16140} 16141 16142// SetIamUserAccessToBilling sets the IamUserAccessToBilling field's value. 16143func (s *CreateGovCloudAccountInput) SetIamUserAccessToBilling(v string) *CreateGovCloudAccountInput { 16144 s.IamUserAccessToBilling = &v 16145 return s 16146} 16147 16148// SetRoleName sets the RoleName field's value. 16149func (s *CreateGovCloudAccountInput) SetRoleName(v string) *CreateGovCloudAccountInput { 16150 s.RoleName = &v 16151 return s 16152} 16153 16154// SetTags sets the Tags field's value. 16155func (s *CreateGovCloudAccountInput) SetTags(v []*Tag) *CreateGovCloudAccountInput { 16156 s.Tags = v 16157 return s 16158} 16159 16160type CreateGovCloudAccountOutput struct { 16161 _ struct{} `type:"structure"` 16162 16163 // Contains the status about a CreateAccount or CreateGovCloudAccount request 16164 // to create an AWS account or an AWS GovCloud (US) account in an organization. 16165 CreateAccountStatus *CreateAccountStatus `type:"structure"` 16166} 16167 16168// String returns the string representation 16169func (s CreateGovCloudAccountOutput) String() string { 16170 return awsutil.Prettify(s) 16171} 16172 16173// GoString returns the string representation 16174func (s CreateGovCloudAccountOutput) GoString() string { 16175 return s.String() 16176} 16177 16178// SetCreateAccountStatus sets the CreateAccountStatus field's value. 16179func (s *CreateGovCloudAccountOutput) SetCreateAccountStatus(v *CreateAccountStatus) *CreateGovCloudAccountOutput { 16180 s.CreateAccountStatus = v 16181 return s 16182} 16183 16184type CreateOrganizationInput struct { 16185 _ struct{} `type:"structure"` 16186 16187 // Specifies the feature set supported by the new organization. Each feature 16188 // set supports different levels of functionality. 16189 // 16190 // * CONSOLIDATED_BILLING: All member accounts have their bills consolidated 16191 // to and paid by the management account. For more information, see Consolidated 16192 // billing (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-cb-only) 16193 // in the AWS Organizations User Guide. The consolidated billing feature 16194 // subset isn't available for organizations in the AWS GovCloud (US) Region. 16195 // 16196 // * ALL: In addition to all the features supported by the consolidated billing 16197 // feature set, the management account can also apply any policy type to 16198 // any member account in the organization. For more information, see All 16199 // features (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-all) 16200 // in the AWS Organizations User Guide. 16201 FeatureSet *string `type:"string" enum:"OrganizationFeatureSet"` 16202} 16203 16204// String returns the string representation 16205func (s CreateOrganizationInput) String() string { 16206 return awsutil.Prettify(s) 16207} 16208 16209// GoString returns the string representation 16210func (s CreateOrganizationInput) GoString() string { 16211 return s.String() 16212} 16213 16214// SetFeatureSet sets the FeatureSet field's value. 16215func (s *CreateOrganizationInput) SetFeatureSet(v string) *CreateOrganizationInput { 16216 s.FeatureSet = &v 16217 return s 16218} 16219 16220type CreateOrganizationOutput struct { 16221 _ struct{} `type:"structure"` 16222 16223 // A structure that contains details about the newly created organization. 16224 Organization *Organization `type:"structure"` 16225} 16226 16227// String returns the string representation 16228func (s CreateOrganizationOutput) String() string { 16229 return awsutil.Prettify(s) 16230} 16231 16232// GoString returns the string representation 16233func (s CreateOrganizationOutput) GoString() string { 16234 return s.String() 16235} 16236 16237// SetOrganization sets the Organization field's value. 16238func (s *CreateOrganizationOutput) SetOrganization(v *Organization) *CreateOrganizationOutput { 16239 s.Organization = v 16240 return s 16241} 16242 16243type CreateOrganizationalUnitInput struct { 16244 _ struct{} `type:"structure"` 16245 16246 // The friendly name to assign to the new OU. 16247 // 16248 // Name is a required field 16249 Name *string `min:"1" type:"string" required:"true"` 16250 16251 // The unique identifier (ID) of the parent root or OU that you want to create 16252 // the new OU in. 16253 // 16254 // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string 16255 // requires one of the following: 16256 // 16257 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 16258 // letters or digits. 16259 // 16260 // * Organizational unit (OU) - A string that begins with "ou-" followed 16261 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 16262 // OU is in). This string is followed by a second "-" dash and from 8 to 16263 // 32 additional lowercase letters or digits. 16264 // 16265 // ParentId is a required field 16266 ParentId *string `type:"string" required:"true"` 16267 16268 // A list of tags that you want to attach to the newly created OU. For each 16269 // tag in the list, you must specify both a tag key and a value. You can set 16270 // the value to an empty string, but you can't set it to null. For more information 16271 // about tagging, see Tagging AWS Organizations resources (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html) 16272 // in the AWS Organizations User Guide. 16273 // 16274 // If any one of the tags is invalid or if you exceed the allowed number of 16275 // tags for an OU, then the entire request fails and the OU is not created. 16276 Tags []*Tag `type:"list"` 16277} 16278 16279// String returns the string representation 16280func (s CreateOrganizationalUnitInput) String() string { 16281 return awsutil.Prettify(s) 16282} 16283 16284// GoString returns the string representation 16285func (s CreateOrganizationalUnitInput) GoString() string { 16286 return s.String() 16287} 16288 16289// Validate inspects the fields of the type to determine if they are valid. 16290func (s *CreateOrganizationalUnitInput) Validate() error { 16291 invalidParams := request.ErrInvalidParams{Context: "CreateOrganizationalUnitInput"} 16292 if s.Name == nil { 16293 invalidParams.Add(request.NewErrParamRequired("Name")) 16294 } 16295 if s.Name != nil && len(*s.Name) < 1 { 16296 invalidParams.Add(request.NewErrParamMinLen("Name", 1)) 16297 } 16298 if s.ParentId == nil { 16299 invalidParams.Add(request.NewErrParamRequired("ParentId")) 16300 } 16301 if s.Tags != nil { 16302 for i, v := range s.Tags { 16303 if v == nil { 16304 continue 16305 } 16306 if err := v.Validate(); err != nil { 16307 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 16308 } 16309 } 16310 } 16311 16312 if invalidParams.Len() > 0 { 16313 return invalidParams 16314 } 16315 return nil 16316} 16317 16318// SetName sets the Name field's value. 16319func (s *CreateOrganizationalUnitInput) SetName(v string) *CreateOrganizationalUnitInput { 16320 s.Name = &v 16321 return s 16322} 16323 16324// SetParentId sets the ParentId field's value. 16325func (s *CreateOrganizationalUnitInput) SetParentId(v string) *CreateOrganizationalUnitInput { 16326 s.ParentId = &v 16327 return s 16328} 16329 16330// SetTags sets the Tags field's value. 16331func (s *CreateOrganizationalUnitInput) SetTags(v []*Tag) *CreateOrganizationalUnitInput { 16332 s.Tags = v 16333 return s 16334} 16335 16336type CreateOrganizationalUnitOutput struct { 16337 _ struct{} `type:"structure"` 16338 16339 // A structure that contains details about the newly created OU. 16340 OrganizationalUnit *OrganizationalUnit `type:"structure"` 16341} 16342 16343// String returns the string representation 16344func (s CreateOrganizationalUnitOutput) String() string { 16345 return awsutil.Prettify(s) 16346} 16347 16348// GoString returns the string representation 16349func (s CreateOrganizationalUnitOutput) GoString() string { 16350 return s.String() 16351} 16352 16353// SetOrganizationalUnit sets the OrganizationalUnit field's value. 16354func (s *CreateOrganizationalUnitOutput) SetOrganizationalUnit(v *OrganizationalUnit) *CreateOrganizationalUnitOutput { 16355 s.OrganizationalUnit = v 16356 return s 16357} 16358 16359type CreatePolicyInput struct { 16360 _ struct{} `type:"structure"` 16361 16362 // The policy text content to add to the new policy. The text that you supply 16363 // must adhere to the rules of the policy type you specify in the Type parameter. 16364 // 16365 // Content is a required field 16366 Content *string `min:"1" type:"string" required:"true"` 16367 16368 // An optional description to assign to the policy. 16369 // 16370 // Description is a required field 16371 Description *string `type:"string" required:"true"` 16372 16373 // The friendly name to assign to the policy. 16374 // 16375 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 16376 // this parameter is a string of any of the characters in the ASCII character 16377 // range. 16378 // 16379 // Name is a required field 16380 Name *string `min:"1" type:"string" required:"true"` 16381 16382 // A list of tags that you want to attach to the newly created policy. For each 16383 // tag in the list, you must specify both a tag key and a value. You can set 16384 // the value to an empty string, but you can't set it to null. For more information 16385 // about tagging, see Tagging AWS Organizations resources (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html) 16386 // in the AWS Organizations User Guide. 16387 // 16388 // If any one of the tags is invalid or if you exceed the allowed number of 16389 // tags for a policy, then the entire request fails and the policy is not created. 16390 Tags []*Tag `type:"list"` 16391 16392 // The type of policy to create. You can specify one of the following values: 16393 // 16394 // * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html) 16395 // 16396 // * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html) 16397 // 16398 // * SERVICE_CONTROL_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html) 16399 // 16400 // * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html) 16401 // 16402 // Type is a required field 16403 Type *string `type:"string" required:"true" enum:"PolicyType"` 16404} 16405 16406// String returns the string representation 16407func (s CreatePolicyInput) String() string { 16408 return awsutil.Prettify(s) 16409} 16410 16411// GoString returns the string representation 16412func (s CreatePolicyInput) GoString() string { 16413 return s.String() 16414} 16415 16416// Validate inspects the fields of the type to determine if they are valid. 16417func (s *CreatePolicyInput) Validate() error { 16418 invalidParams := request.ErrInvalidParams{Context: "CreatePolicyInput"} 16419 if s.Content == nil { 16420 invalidParams.Add(request.NewErrParamRequired("Content")) 16421 } 16422 if s.Content != nil && len(*s.Content) < 1 { 16423 invalidParams.Add(request.NewErrParamMinLen("Content", 1)) 16424 } 16425 if s.Description == nil { 16426 invalidParams.Add(request.NewErrParamRequired("Description")) 16427 } 16428 if s.Name == nil { 16429 invalidParams.Add(request.NewErrParamRequired("Name")) 16430 } 16431 if s.Name != nil && len(*s.Name) < 1 { 16432 invalidParams.Add(request.NewErrParamMinLen("Name", 1)) 16433 } 16434 if s.Type == nil { 16435 invalidParams.Add(request.NewErrParamRequired("Type")) 16436 } 16437 if s.Tags != nil { 16438 for i, v := range s.Tags { 16439 if v == nil { 16440 continue 16441 } 16442 if err := v.Validate(); err != nil { 16443 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 16444 } 16445 } 16446 } 16447 16448 if invalidParams.Len() > 0 { 16449 return invalidParams 16450 } 16451 return nil 16452} 16453 16454// SetContent sets the Content field's value. 16455func (s *CreatePolicyInput) SetContent(v string) *CreatePolicyInput { 16456 s.Content = &v 16457 return s 16458} 16459 16460// SetDescription sets the Description field's value. 16461func (s *CreatePolicyInput) SetDescription(v string) *CreatePolicyInput { 16462 s.Description = &v 16463 return s 16464} 16465 16466// SetName sets the Name field's value. 16467func (s *CreatePolicyInput) SetName(v string) *CreatePolicyInput { 16468 s.Name = &v 16469 return s 16470} 16471 16472// SetTags sets the Tags field's value. 16473func (s *CreatePolicyInput) SetTags(v []*Tag) *CreatePolicyInput { 16474 s.Tags = v 16475 return s 16476} 16477 16478// SetType sets the Type field's value. 16479func (s *CreatePolicyInput) SetType(v string) *CreatePolicyInput { 16480 s.Type = &v 16481 return s 16482} 16483 16484type CreatePolicyOutput struct { 16485 _ struct{} `type:"structure"` 16486 16487 // A structure that contains details about the newly created policy. 16488 Policy *Policy `type:"structure"` 16489} 16490 16491// String returns the string representation 16492func (s CreatePolicyOutput) String() string { 16493 return awsutil.Prettify(s) 16494} 16495 16496// GoString returns the string representation 16497func (s CreatePolicyOutput) GoString() string { 16498 return s.String() 16499} 16500 16501// SetPolicy sets the Policy field's value. 16502func (s *CreatePolicyOutput) SetPolicy(v *Policy) *CreatePolicyOutput { 16503 s.Policy = v 16504 return s 16505} 16506 16507type DeclineHandshakeInput struct { 16508 _ struct{} `type:"structure"` 16509 16510 // The unique identifier (ID) of the handshake that you want to decline. You 16511 // can get the ID from the ListHandshakesForAccount operation. 16512 // 16513 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 16514 // requires "h-" followed by from 8 to 32 lowercase letters or digits. 16515 // 16516 // HandshakeId is a required field 16517 HandshakeId *string `type:"string" required:"true"` 16518} 16519 16520// String returns the string representation 16521func (s DeclineHandshakeInput) String() string { 16522 return awsutil.Prettify(s) 16523} 16524 16525// GoString returns the string representation 16526func (s DeclineHandshakeInput) GoString() string { 16527 return s.String() 16528} 16529 16530// Validate inspects the fields of the type to determine if they are valid. 16531func (s *DeclineHandshakeInput) Validate() error { 16532 invalidParams := request.ErrInvalidParams{Context: "DeclineHandshakeInput"} 16533 if s.HandshakeId == nil { 16534 invalidParams.Add(request.NewErrParamRequired("HandshakeId")) 16535 } 16536 16537 if invalidParams.Len() > 0 { 16538 return invalidParams 16539 } 16540 return nil 16541} 16542 16543// SetHandshakeId sets the HandshakeId field's value. 16544func (s *DeclineHandshakeInput) SetHandshakeId(v string) *DeclineHandshakeInput { 16545 s.HandshakeId = &v 16546 return s 16547} 16548 16549type DeclineHandshakeOutput struct { 16550 _ struct{} `type:"structure"` 16551 16552 // A structure that contains details about the declined handshake. The state 16553 // is updated to show the value DECLINED. 16554 Handshake *Handshake `type:"structure"` 16555} 16556 16557// String returns the string representation 16558func (s DeclineHandshakeOutput) String() string { 16559 return awsutil.Prettify(s) 16560} 16561 16562// GoString returns the string representation 16563func (s DeclineHandshakeOutput) GoString() string { 16564 return s.String() 16565} 16566 16567// SetHandshake sets the Handshake field's value. 16568func (s *DeclineHandshakeOutput) SetHandshake(v *Handshake) *DeclineHandshakeOutput { 16569 s.Handshake = v 16570 return s 16571} 16572 16573// Contains information about the delegated administrator. 16574type DelegatedAdministrator struct { 16575 _ struct{} `type:"structure"` 16576 16577 // The Amazon Resource Name (ARN) of the delegated administrator's account. 16578 Arn *string `type:"string"` 16579 16580 // The date when the account was made a delegated administrator. 16581 DelegationEnabledDate *time.Time `type:"timestamp"` 16582 16583 // The email address that is associated with the delegated administrator's AWS 16584 // account. 16585 Email *string `min:"6" type:"string" sensitive:"true"` 16586 16587 // The unique identifier (ID) of the delegated administrator's account. 16588 Id *string `type:"string"` 16589 16590 // The method by which the delegated administrator's account joined the organization. 16591 JoinedMethod *string `type:"string" enum:"AccountJoinedMethod"` 16592 16593 // The date when the delegated administrator's account became a part of the 16594 // organization. 16595 JoinedTimestamp *time.Time `type:"timestamp"` 16596 16597 // The friendly name of the delegated administrator's account. 16598 Name *string `min:"1" type:"string" sensitive:"true"` 16599 16600 // The status of the delegated administrator's account in the organization. 16601 Status *string `type:"string" enum:"AccountStatus"` 16602} 16603 16604// String returns the string representation 16605func (s DelegatedAdministrator) String() string { 16606 return awsutil.Prettify(s) 16607} 16608 16609// GoString returns the string representation 16610func (s DelegatedAdministrator) GoString() string { 16611 return s.String() 16612} 16613 16614// SetArn sets the Arn field's value. 16615func (s *DelegatedAdministrator) SetArn(v string) *DelegatedAdministrator { 16616 s.Arn = &v 16617 return s 16618} 16619 16620// SetDelegationEnabledDate sets the DelegationEnabledDate field's value. 16621func (s *DelegatedAdministrator) SetDelegationEnabledDate(v time.Time) *DelegatedAdministrator { 16622 s.DelegationEnabledDate = &v 16623 return s 16624} 16625 16626// SetEmail sets the Email field's value. 16627func (s *DelegatedAdministrator) SetEmail(v string) *DelegatedAdministrator { 16628 s.Email = &v 16629 return s 16630} 16631 16632// SetId sets the Id field's value. 16633func (s *DelegatedAdministrator) SetId(v string) *DelegatedAdministrator { 16634 s.Id = &v 16635 return s 16636} 16637 16638// SetJoinedMethod sets the JoinedMethod field's value. 16639func (s *DelegatedAdministrator) SetJoinedMethod(v string) *DelegatedAdministrator { 16640 s.JoinedMethod = &v 16641 return s 16642} 16643 16644// SetJoinedTimestamp sets the JoinedTimestamp field's value. 16645func (s *DelegatedAdministrator) SetJoinedTimestamp(v time.Time) *DelegatedAdministrator { 16646 s.JoinedTimestamp = &v 16647 return s 16648} 16649 16650// SetName sets the Name field's value. 16651func (s *DelegatedAdministrator) SetName(v string) *DelegatedAdministrator { 16652 s.Name = &v 16653 return s 16654} 16655 16656// SetStatus sets the Status field's value. 16657func (s *DelegatedAdministrator) SetStatus(v string) *DelegatedAdministrator { 16658 s.Status = &v 16659 return s 16660} 16661 16662// Contains information about the AWS service for which the account is a delegated 16663// administrator. 16664type DelegatedService struct { 16665 _ struct{} `type:"structure"` 16666 16667 // The date that the account became a delegated administrator for this service. 16668 DelegationEnabledDate *time.Time `type:"timestamp"` 16669 16670 // The name of an AWS service that can request an operation for the specified 16671 // service. This is typically in the form of a URL, such as: servicename.amazonaws.com. 16672 ServicePrincipal *string `min:"1" type:"string"` 16673} 16674 16675// String returns the string representation 16676func (s DelegatedService) String() string { 16677 return awsutil.Prettify(s) 16678} 16679 16680// GoString returns the string representation 16681func (s DelegatedService) GoString() string { 16682 return s.String() 16683} 16684 16685// SetDelegationEnabledDate sets the DelegationEnabledDate field's value. 16686func (s *DelegatedService) SetDelegationEnabledDate(v time.Time) *DelegatedService { 16687 s.DelegationEnabledDate = &v 16688 return s 16689} 16690 16691// SetServicePrincipal sets the ServicePrincipal field's value. 16692func (s *DelegatedService) SetServicePrincipal(v string) *DelegatedService { 16693 s.ServicePrincipal = &v 16694 return s 16695} 16696 16697type DeleteOrganizationInput struct { 16698 _ struct{} `type:"structure"` 16699} 16700 16701// String returns the string representation 16702func (s DeleteOrganizationInput) String() string { 16703 return awsutil.Prettify(s) 16704} 16705 16706// GoString returns the string representation 16707func (s DeleteOrganizationInput) GoString() string { 16708 return s.String() 16709} 16710 16711type DeleteOrganizationOutput struct { 16712 _ struct{} `type:"structure"` 16713} 16714 16715// String returns the string representation 16716func (s DeleteOrganizationOutput) String() string { 16717 return awsutil.Prettify(s) 16718} 16719 16720// GoString returns the string representation 16721func (s DeleteOrganizationOutput) GoString() string { 16722 return s.String() 16723} 16724 16725type DeleteOrganizationalUnitInput struct { 16726 _ struct{} `type:"structure"` 16727 16728 // The unique identifier (ID) of the organizational unit that you want to delete. 16729 // You can get the ID from the ListOrganizationalUnitsForParent operation. 16730 // 16731 // The regex pattern (http://wikipedia.org/wiki/regex) for an organizational 16732 // unit ID string requires "ou-" followed by from 4 to 32 lowercase letters 16733 // or digits (the ID of the root that contains the OU). This string is followed 16734 // by a second "-" dash and from 8 to 32 additional lowercase letters or digits. 16735 // 16736 // OrganizationalUnitId is a required field 16737 OrganizationalUnitId *string `type:"string" required:"true"` 16738} 16739 16740// String returns the string representation 16741func (s DeleteOrganizationalUnitInput) String() string { 16742 return awsutil.Prettify(s) 16743} 16744 16745// GoString returns the string representation 16746func (s DeleteOrganizationalUnitInput) GoString() string { 16747 return s.String() 16748} 16749 16750// Validate inspects the fields of the type to determine if they are valid. 16751func (s *DeleteOrganizationalUnitInput) Validate() error { 16752 invalidParams := request.ErrInvalidParams{Context: "DeleteOrganizationalUnitInput"} 16753 if s.OrganizationalUnitId == nil { 16754 invalidParams.Add(request.NewErrParamRequired("OrganizationalUnitId")) 16755 } 16756 16757 if invalidParams.Len() > 0 { 16758 return invalidParams 16759 } 16760 return nil 16761} 16762 16763// SetOrganizationalUnitId sets the OrganizationalUnitId field's value. 16764func (s *DeleteOrganizationalUnitInput) SetOrganizationalUnitId(v string) *DeleteOrganizationalUnitInput { 16765 s.OrganizationalUnitId = &v 16766 return s 16767} 16768 16769type DeleteOrganizationalUnitOutput struct { 16770 _ struct{} `type:"structure"` 16771} 16772 16773// String returns the string representation 16774func (s DeleteOrganizationalUnitOutput) String() string { 16775 return awsutil.Prettify(s) 16776} 16777 16778// GoString returns the string representation 16779func (s DeleteOrganizationalUnitOutput) GoString() string { 16780 return s.String() 16781} 16782 16783type DeletePolicyInput struct { 16784 _ struct{} `type:"structure"` 16785 16786 // The unique identifier (ID) of the policy that you want to delete. You can 16787 // get the ID from the ListPolicies or ListPoliciesForTarget operations. 16788 // 16789 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 16790 // requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits, 16791 // or the underscore character (_). 16792 // 16793 // PolicyId is a required field 16794 PolicyId *string `type:"string" required:"true"` 16795} 16796 16797// String returns the string representation 16798func (s DeletePolicyInput) String() string { 16799 return awsutil.Prettify(s) 16800} 16801 16802// GoString returns the string representation 16803func (s DeletePolicyInput) GoString() string { 16804 return s.String() 16805} 16806 16807// Validate inspects the fields of the type to determine if they are valid. 16808func (s *DeletePolicyInput) Validate() error { 16809 invalidParams := request.ErrInvalidParams{Context: "DeletePolicyInput"} 16810 if s.PolicyId == nil { 16811 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 16812 } 16813 16814 if invalidParams.Len() > 0 { 16815 return invalidParams 16816 } 16817 return nil 16818} 16819 16820// SetPolicyId sets the PolicyId field's value. 16821func (s *DeletePolicyInput) SetPolicyId(v string) *DeletePolicyInput { 16822 s.PolicyId = &v 16823 return s 16824} 16825 16826type DeletePolicyOutput struct { 16827 _ struct{} `type:"structure"` 16828} 16829 16830// String returns the string representation 16831func (s DeletePolicyOutput) String() string { 16832 return awsutil.Prettify(s) 16833} 16834 16835// GoString returns the string representation 16836func (s DeletePolicyOutput) GoString() string { 16837 return s.String() 16838} 16839 16840type DeregisterDelegatedAdministratorInput struct { 16841 _ struct{} `type:"structure"` 16842 16843 // The account ID number of the member account in the organization that you 16844 // want to deregister as a delegated administrator. 16845 // 16846 // AccountId is a required field 16847 AccountId *string `type:"string" required:"true"` 16848 16849 // The service principal name of an AWS service for which the account is a delegated 16850 // administrator. 16851 // 16852 // Delegated administrator privileges are revoked for only the specified AWS 16853 // service from the member account. If the specified service is the only service 16854 // for which the member account is a delegated administrator, the operation 16855 // also revokes Organizations read action permissions. 16856 // 16857 // ServicePrincipal is a required field 16858 ServicePrincipal *string `min:"1" type:"string" required:"true"` 16859} 16860 16861// String returns the string representation 16862func (s DeregisterDelegatedAdministratorInput) String() string { 16863 return awsutil.Prettify(s) 16864} 16865 16866// GoString returns the string representation 16867func (s DeregisterDelegatedAdministratorInput) GoString() string { 16868 return s.String() 16869} 16870 16871// Validate inspects the fields of the type to determine if they are valid. 16872func (s *DeregisterDelegatedAdministratorInput) Validate() error { 16873 invalidParams := request.ErrInvalidParams{Context: "DeregisterDelegatedAdministratorInput"} 16874 if s.AccountId == nil { 16875 invalidParams.Add(request.NewErrParamRequired("AccountId")) 16876 } 16877 if s.ServicePrincipal == nil { 16878 invalidParams.Add(request.NewErrParamRequired("ServicePrincipal")) 16879 } 16880 if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 { 16881 invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1)) 16882 } 16883 16884 if invalidParams.Len() > 0 { 16885 return invalidParams 16886 } 16887 return nil 16888} 16889 16890// SetAccountId sets the AccountId field's value. 16891func (s *DeregisterDelegatedAdministratorInput) SetAccountId(v string) *DeregisterDelegatedAdministratorInput { 16892 s.AccountId = &v 16893 return s 16894} 16895 16896// SetServicePrincipal sets the ServicePrincipal field's value. 16897func (s *DeregisterDelegatedAdministratorInput) SetServicePrincipal(v string) *DeregisterDelegatedAdministratorInput { 16898 s.ServicePrincipal = &v 16899 return s 16900} 16901 16902type DeregisterDelegatedAdministratorOutput struct { 16903 _ struct{} `type:"structure"` 16904} 16905 16906// String returns the string representation 16907func (s DeregisterDelegatedAdministratorOutput) String() string { 16908 return awsutil.Prettify(s) 16909} 16910 16911// GoString returns the string representation 16912func (s DeregisterDelegatedAdministratorOutput) GoString() string { 16913 return s.String() 16914} 16915 16916type DescribeAccountInput struct { 16917 _ struct{} `type:"structure"` 16918 16919 // The unique identifier (ID) of the AWS account that you want information about. 16920 // You can get the ID from the ListAccounts or ListAccountsForParent operations. 16921 // 16922 // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string 16923 // requires exactly 12 digits. 16924 // 16925 // AccountId is a required field 16926 AccountId *string `type:"string" required:"true"` 16927} 16928 16929// String returns the string representation 16930func (s DescribeAccountInput) String() string { 16931 return awsutil.Prettify(s) 16932} 16933 16934// GoString returns the string representation 16935func (s DescribeAccountInput) GoString() string { 16936 return s.String() 16937} 16938 16939// Validate inspects the fields of the type to determine if they are valid. 16940func (s *DescribeAccountInput) Validate() error { 16941 invalidParams := request.ErrInvalidParams{Context: "DescribeAccountInput"} 16942 if s.AccountId == nil { 16943 invalidParams.Add(request.NewErrParamRequired("AccountId")) 16944 } 16945 16946 if invalidParams.Len() > 0 { 16947 return invalidParams 16948 } 16949 return nil 16950} 16951 16952// SetAccountId sets the AccountId field's value. 16953func (s *DescribeAccountInput) SetAccountId(v string) *DescribeAccountInput { 16954 s.AccountId = &v 16955 return s 16956} 16957 16958type DescribeAccountOutput struct { 16959 _ struct{} `type:"structure"` 16960 16961 // A structure that contains information about the requested account. 16962 Account *Account `type:"structure"` 16963} 16964 16965// String returns the string representation 16966func (s DescribeAccountOutput) String() string { 16967 return awsutil.Prettify(s) 16968} 16969 16970// GoString returns the string representation 16971func (s DescribeAccountOutput) GoString() string { 16972 return s.String() 16973} 16974 16975// SetAccount sets the Account field's value. 16976func (s *DescribeAccountOutput) SetAccount(v *Account) *DescribeAccountOutput { 16977 s.Account = v 16978 return s 16979} 16980 16981type DescribeCreateAccountStatusInput struct { 16982 _ struct{} `type:"structure"` 16983 16984 // Specifies the Id value that uniquely identifies the CreateAccount request. 16985 // You can get the value from the CreateAccountStatus.Id response in an earlier 16986 // CreateAccount request, or from the ListCreateAccountStatus operation. 16987 // 16988 // The regex pattern (http://wikipedia.org/wiki/regex) for a create account 16989 // request ID string requires "car-" followed by from 8 to 32 lowercase letters 16990 // or digits. 16991 // 16992 // CreateAccountRequestId is a required field 16993 CreateAccountRequestId *string `type:"string" required:"true"` 16994} 16995 16996// String returns the string representation 16997func (s DescribeCreateAccountStatusInput) String() string { 16998 return awsutil.Prettify(s) 16999} 17000 17001// GoString returns the string representation 17002func (s DescribeCreateAccountStatusInput) GoString() string { 17003 return s.String() 17004} 17005 17006// Validate inspects the fields of the type to determine if they are valid. 17007func (s *DescribeCreateAccountStatusInput) Validate() error { 17008 invalidParams := request.ErrInvalidParams{Context: "DescribeCreateAccountStatusInput"} 17009 if s.CreateAccountRequestId == nil { 17010 invalidParams.Add(request.NewErrParamRequired("CreateAccountRequestId")) 17011 } 17012 17013 if invalidParams.Len() > 0 { 17014 return invalidParams 17015 } 17016 return nil 17017} 17018 17019// SetCreateAccountRequestId sets the CreateAccountRequestId field's value. 17020func (s *DescribeCreateAccountStatusInput) SetCreateAccountRequestId(v string) *DescribeCreateAccountStatusInput { 17021 s.CreateAccountRequestId = &v 17022 return s 17023} 17024 17025type DescribeCreateAccountStatusOutput struct { 17026 _ struct{} `type:"structure"` 17027 17028 // A structure that contains the current status of an account creation request. 17029 CreateAccountStatus *CreateAccountStatus `type:"structure"` 17030} 17031 17032// String returns the string representation 17033func (s DescribeCreateAccountStatusOutput) String() string { 17034 return awsutil.Prettify(s) 17035} 17036 17037// GoString returns the string representation 17038func (s DescribeCreateAccountStatusOutput) GoString() string { 17039 return s.String() 17040} 17041 17042// SetCreateAccountStatus sets the CreateAccountStatus field's value. 17043func (s *DescribeCreateAccountStatusOutput) SetCreateAccountStatus(v *CreateAccountStatus) *DescribeCreateAccountStatusOutput { 17044 s.CreateAccountStatus = v 17045 return s 17046} 17047 17048type DescribeEffectivePolicyInput struct { 17049 _ struct{} `type:"structure"` 17050 17051 // The type of policy that you want information about. You can specify one of 17052 // the following values: 17053 // 17054 // * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html) 17055 // 17056 // * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html) 17057 // 17058 // * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html) 17059 // 17060 // PolicyType is a required field 17061 PolicyType *string `type:"string" required:"true" enum:"EffectivePolicyType"` 17062 17063 // When you're signed in as the management account, specify the ID of the account 17064 // that you want details about. Specifying an organization root or organizational 17065 // unit (OU) as the target is not supported. 17066 TargetId *string `type:"string"` 17067} 17068 17069// String returns the string representation 17070func (s DescribeEffectivePolicyInput) String() string { 17071 return awsutil.Prettify(s) 17072} 17073 17074// GoString returns the string representation 17075func (s DescribeEffectivePolicyInput) GoString() string { 17076 return s.String() 17077} 17078 17079// Validate inspects the fields of the type to determine if they are valid. 17080func (s *DescribeEffectivePolicyInput) Validate() error { 17081 invalidParams := request.ErrInvalidParams{Context: "DescribeEffectivePolicyInput"} 17082 if s.PolicyType == nil { 17083 invalidParams.Add(request.NewErrParamRequired("PolicyType")) 17084 } 17085 17086 if invalidParams.Len() > 0 { 17087 return invalidParams 17088 } 17089 return nil 17090} 17091 17092// SetPolicyType sets the PolicyType field's value. 17093func (s *DescribeEffectivePolicyInput) SetPolicyType(v string) *DescribeEffectivePolicyInput { 17094 s.PolicyType = &v 17095 return s 17096} 17097 17098// SetTargetId sets the TargetId field's value. 17099func (s *DescribeEffectivePolicyInput) SetTargetId(v string) *DescribeEffectivePolicyInput { 17100 s.TargetId = &v 17101 return s 17102} 17103 17104type DescribeEffectivePolicyOutput struct { 17105 _ struct{} `type:"structure"` 17106 17107 // The contents of the effective policy. 17108 EffectivePolicy *EffectivePolicy `type:"structure"` 17109} 17110 17111// String returns the string representation 17112func (s DescribeEffectivePolicyOutput) String() string { 17113 return awsutil.Prettify(s) 17114} 17115 17116// GoString returns the string representation 17117func (s DescribeEffectivePolicyOutput) GoString() string { 17118 return s.String() 17119} 17120 17121// SetEffectivePolicy sets the EffectivePolicy field's value. 17122func (s *DescribeEffectivePolicyOutput) SetEffectivePolicy(v *EffectivePolicy) *DescribeEffectivePolicyOutput { 17123 s.EffectivePolicy = v 17124 return s 17125} 17126 17127type DescribeHandshakeInput struct { 17128 _ struct{} `type:"structure"` 17129 17130 // The unique identifier (ID) of the handshake that you want information about. 17131 // You can get the ID from the original call to InviteAccountToOrganization, 17132 // or from a call to ListHandshakesForAccount or ListHandshakesForOrganization. 17133 // 17134 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 17135 // requires "h-" followed by from 8 to 32 lowercase letters or digits. 17136 // 17137 // HandshakeId is a required field 17138 HandshakeId *string `type:"string" required:"true"` 17139} 17140 17141// String returns the string representation 17142func (s DescribeHandshakeInput) String() string { 17143 return awsutil.Prettify(s) 17144} 17145 17146// GoString returns the string representation 17147func (s DescribeHandshakeInput) GoString() string { 17148 return s.String() 17149} 17150 17151// Validate inspects the fields of the type to determine if they are valid. 17152func (s *DescribeHandshakeInput) Validate() error { 17153 invalidParams := request.ErrInvalidParams{Context: "DescribeHandshakeInput"} 17154 if s.HandshakeId == nil { 17155 invalidParams.Add(request.NewErrParamRequired("HandshakeId")) 17156 } 17157 17158 if invalidParams.Len() > 0 { 17159 return invalidParams 17160 } 17161 return nil 17162} 17163 17164// SetHandshakeId sets the HandshakeId field's value. 17165func (s *DescribeHandshakeInput) SetHandshakeId(v string) *DescribeHandshakeInput { 17166 s.HandshakeId = &v 17167 return s 17168} 17169 17170type DescribeHandshakeOutput struct { 17171 _ struct{} `type:"structure"` 17172 17173 // A structure that contains information about the specified handshake. 17174 Handshake *Handshake `type:"structure"` 17175} 17176 17177// String returns the string representation 17178func (s DescribeHandshakeOutput) String() string { 17179 return awsutil.Prettify(s) 17180} 17181 17182// GoString returns the string representation 17183func (s DescribeHandshakeOutput) GoString() string { 17184 return s.String() 17185} 17186 17187// SetHandshake sets the Handshake field's value. 17188func (s *DescribeHandshakeOutput) SetHandshake(v *Handshake) *DescribeHandshakeOutput { 17189 s.Handshake = v 17190 return s 17191} 17192 17193type DescribeOrganizationInput struct { 17194 _ struct{} `type:"structure"` 17195} 17196 17197// String returns the string representation 17198func (s DescribeOrganizationInput) String() string { 17199 return awsutil.Prettify(s) 17200} 17201 17202// GoString returns the string representation 17203func (s DescribeOrganizationInput) GoString() string { 17204 return s.String() 17205} 17206 17207type DescribeOrganizationOutput struct { 17208 _ struct{} `type:"structure"` 17209 17210 // A structure that contains information about the organization. 17211 // 17212 // The AvailablePolicyTypes part of the response is deprecated, and you shouldn't 17213 // use it in your apps. It doesn't include any policy type supported by Organizations 17214 // other than SCPs. To determine which policy types are enabled in your organization, 17215 // use the ListRoots operation. 17216 Organization *Organization `type:"structure"` 17217} 17218 17219// String returns the string representation 17220func (s DescribeOrganizationOutput) String() string { 17221 return awsutil.Prettify(s) 17222} 17223 17224// GoString returns the string representation 17225func (s DescribeOrganizationOutput) GoString() string { 17226 return s.String() 17227} 17228 17229// SetOrganization sets the Organization field's value. 17230func (s *DescribeOrganizationOutput) SetOrganization(v *Organization) *DescribeOrganizationOutput { 17231 s.Organization = v 17232 return s 17233} 17234 17235type DescribeOrganizationalUnitInput struct { 17236 _ struct{} `type:"structure"` 17237 17238 // The unique identifier (ID) of the organizational unit that you want details 17239 // about. You can get the ID from the ListOrganizationalUnitsForParent operation. 17240 // 17241 // The regex pattern (http://wikipedia.org/wiki/regex) for an organizational 17242 // unit ID string requires "ou-" followed by from 4 to 32 lowercase letters 17243 // or digits (the ID of the root that contains the OU). This string is followed 17244 // by a second "-" dash and from 8 to 32 additional lowercase letters or digits. 17245 // 17246 // OrganizationalUnitId is a required field 17247 OrganizationalUnitId *string `type:"string" required:"true"` 17248} 17249 17250// String returns the string representation 17251func (s DescribeOrganizationalUnitInput) String() string { 17252 return awsutil.Prettify(s) 17253} 17254 17255// GoString returns the string representation 17256func (s DescribeOrganizationalUnitInput) GoString() string { 17257 return s.String() 17258} 17259 17260// Validate inspects the fields of the type to determine if they are valid. 17261func (s *DescribeOrganizationalUnitInput) Validate() error { 17262 invalidParams := request.ErrInvalidParams{Context: "DescribeOrganizationalUnitInput"} 17263 if s.OrganizationalUnitId == nil { 17264 invalidParams.Add(request.NewErrParamRequired("OrganizationalUnitId")) 17265 } 17266 17267 if invalidParams.Len() > 0 { 17268 return invalidParams 17269 } 17270 return nil 17271} 17272 17273// SetOrganizationalUnitId sets the OrganizationalUnitId field's value. 17274func (s *DescribeOrganizationalUnitInput) SetOrganizationalUnitId(v string) *DescribeOrganizationalUnitInput { 17275 s.OrganizationalUnitId = &v 17276 return s 17277} 17278 17279type DescribeOrganizationalUnitOutput struct { 17280 _ struct{} `type:"structure"` 17281 17282 // A structure that contains details about the specified OU. 17283 OrganizationalUnit *OrganizationalUnit `type:"structure"` 17284} 17285 17286// String returns the string representation 17287func (s DescribeOrganizationalUnitOutput) String() string { 17288 return awsutil.Prettify(s) 17289} 17290 17291// GoString returns the string representation 17292func (s DescribeOrganizationalUnitOutput) GoString() string { 17293 return s.String() 17294} 17295 17296// SetOrganizationalUnit sets the OrganizationalUnit field's value. 17297func (s *DescribeOrganizationalUnitOutput) SetOrganizationalUnit(v *OrganizationalUnit) *DescribeOrganizationalUnitOutput { 17298 s.OrganizationalUnit = v 17299 return s 17300} 17301 17302type DescribePolicyInput struct { 17303 _ struct{} `type:"structure"` 17304 17305 // The unique identifier (ID) of the policy that you want details about. You 17306 // can get the ID from the ListPolicies or ListPoliciesForTarget operations. 17307 // 17308 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 17309 // requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits, 17310 // or the underscore character (_). 17311 // 17312 // PolicyId is a required field 17313 PolicyId *string `type:"string" required:"true"` 17314} 17315 17316// String returns the string representation 17317func (s DescribePolicyInput) String() string { 17318 return awsutil.Prettify(s) 17319} 17320 17321// GoString returns the string representation 17322func (s DescribePolicyInput) GoString() string { 17323 return s.String() 17324} 17325 17326// Validate inspects the fields of the type to determine if they are valid. 17327func (s *DescribePolicyInput) Validate() error { 17328 invalidParams := request.ErrInvalidParams{Context: "DescribePolicyInput"} 17329 if s.PolicyId == nil { 17330 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 17331 } 17332 17333 if invalidParams.Len() > 0 { 17334 return invalidParams 17335 } 17336 return nil 17337} 17338 17339// SetPolicyId sets the PolicyId field's value. 17340func (s *DescribePolicyInput) SetPolicyId(v string) *DescribePolicyInput { 17341 s.PolicyId = &v 17342 return s 17343} 17344 17345type DescribePolicyOutput struct { 17346 _ struct{} `type:"structure"` 17347 17348 // A structure that contains details about the specified policy. 17349 Policy *Policy `type:"structure"` 17350} 17351 17352// String returns the string representation 17353func (s DescribePolicyOutput) String() string { 17354 return awsutil.Prettify(s) 17355} 17356 17357// GoString returns the string representation 17358func (s DescribePolicyOutput) GoString() string { 17359 return s.String() 17360} 17361 17362// SetPolicy sets the Policy field's value. 17363func (s *DescribePolicyOutput) SetPolicy(v *Policy) *DescribePolicyOutput { 17364 s.Policy = v 17365 return s 17366} 17367 17368// We can't find the destination container (a root or OU) with the ParentId 17369// that you specified. 17370type DestinationParentNotFoundException struct { 17371 _ struct{} `type:"structure"` 17372 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 17373 17374 Message_ *string `locationName:"Message" type:"string"` 17375} 17376 17377// String returns the string representation 17378func (s DestinationParentNotFoundException) String() string { 17379 return awsutil.Prettify(s) 17380} 17381 17382// GoString returns the string representation 17383func (s DestinationParentNotFoundException) GoString() string { 17384 return s.String() 17385} 17386 17387func newErrorDestinationParentNotFoundException(v protocol.ResponseMetadata) error { 17388 return &DestinationParentNotFoundException{ 17389 RespMetadata: v, 17390 } 17391} 17392 17393// Code returns the exception type name. 17394func (s *DestinationParentNotFoundException) Code() string { 17395 return "DestinationParentNotFoundException" 17396} 17397 17398// Message returns the exception's message. 17399func (s *DestinationParentNotFoundException) Message() string { 17400 if s.Message_ != nil { 17401 return *s.Message_ 17402 } 17403 return "" 17404} 17405 17406// OrigErr always returns nil, satisfies awserr.Error interface. 17407func (s *DestinationParentNotFoundException) OrigErr() error { 17408 return nil 17409} 17410 17411func (s *DestinationParentNotFoundException) Error() string { 17412 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 17413} 17414 17415// Status code returns the HTTP status code for the request's response error. 17416func (s *DestinationParentNotFoundException) StatusCode() int { 17417 return s.RespMetadata.StatusCode 17418} 17419 17420// RequestID returns the service's response RequestID for request. 17421func (s *DestinationParentNotFoundException) RequestID() string { 17422 return s.RespMetadata.RequestID 17423} 17424 17425type DetachPolicyInput struct { 17426 _ struct{} `type:"structure"` 17427 17428 // The unique identifier (ID) of the policy you want to detach. You can get 17429 // the ID from the ListPolicies or ListPoliciesForTarget operations. 17430 // 17431 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 17432 // requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits, 17433 // or the underscore character (_). 17434 // 17435 // PolicyId is a required field 17436 PolicyId *string `type:"string" required:"true"` 17437 17438 // The unique identifier (ID) of the root, OU, or account that you want to detach 17439 // the policy from. You can get the ID from the ListRoots, ListOrganizationalUnitsForParent, 17440 // or ListAccounts operations. 17441 // 17442 // The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string 17443 // requires one of the following: 17444 // 17445 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 17446 // letters or digits. 17447 // 17448 // * Account - A string that consists of exactly 12 digits. 17449 // 17450 // * Organizational unit (OU) - A string that begins with "ou-" followed 17451 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 17452 // OU is in). This string is followed by a second "-" dash and from 8 to 17453 // 32 additional lowercase letters or digits. 17454 // 17455 // TargetId is a required field 17456 TargetId *string `type:"string" required:"true"` 17457} 17458 17459// String returns the string representation 17460func (s DetachPolicyInput) String() string { 17461 return awsutil.Prettify(s) 17462} 17463 17464// GoString returns the string representation 17465func (s DetachPolicyInput) GoString() string { 17466 return s.String() 17467} 17468 17469// Validate inspects the fields of the type to determine if they are valid. 17470func (s *DetachPolicyInput) Validate() error { 17471 invalidParams := request.ErrInvalidParams{Context: "DetachPolicyInput"} 17472 if s.PolicyId == nil { 17473 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 17474 } 17475 if s.TargetId == nil { 17476 invalidParams.Add(request.NewErrParamRequired("TargetId")) 17477 } 17478 17479 if invalidParams.Len() > 0 { 17480 return invalidParams 17481 } 17482 return nil 17483} 17484 17485// SetPolicyId sets the PolicyId field's value. 17486func (s *DetachPolicyInput) SetPolicyId(v string) *DetachPolicyInput { 17487 s.PolicyId = &v 17488 return s 17489} 17490 17491// SetTargetId sets the TargetId field's value. 17492func (s *DetachPolicyInput) SetTargetId(v string) *DetachPolicyInput { 17493 s.TargetId = &v 17494 return s 17495} 17496 17497type DetachPolicyOutput struct { 17498 _ struct{} `type:"structure"` 17499} 17500 17501// String returns the string representation 17502func (s DetachPolicyOutput) String() string { 17503 return awsutil.Prettify(s) 17504} 17505 17506// GoString returns the string representation 17507func (s DetachPolicyOutput) GoString() string { 17508 return s.String() 17509} 17510 17511type DisableAWSServiceAccessInput struct { 17512 _ struct{} `type:"structure"` 17513 17514 // The service principal name of the AWS service for which you want to disable 17515 // integration with your organization. This is typically in the form of a URL, 17516 // such as service-abbreviation.amazonaws.com. 17517 // 17518 // ServicePrincipal is a required field 17519 ServicePrincipal *string `min:"1" type:"string" required:"true"` 17520} 17521 17522// String returns the string representation 17523func (s DisableAWSServiceAccessInput) String() string { 17524 return awsutil.Prettify(s) 17525} 17526 17527// GoString returns the string representation 17528func (s DisableAWSServiceAccessInput) GoString() string { 17529 return s.String() 17530} 17531 17532// Validate inspects the fields of the type to determine if they are valid. 17533func (s *DisableAWSServiceAccessInput) Validate() error { 17534 invalidParams := request.ErrInvalidParams{Context: "DisableAWSServiceAccessInput"} 17535 if s.ServicePrincipal == nil { 17536 invalidParams.Add(request.NewErrParamRequired("ServicePrincipal")) 17537 } 17538 if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 { 17539 invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1)) 17540 } 17541 17542 if invalidParams.Len() > 0 { 17543 return invalidParams 17544 } 17545 return nil 17546} 17547 17548// SetServicePrincipal sets the ServicePrincipal field's value. 17549func (s *DisableAWSServiceAccessInput) SetServicePrincipal(v string) *DisableAWSServiceAccessInput { 17550 s.ServicePrincipal = &v 17551 return s 17552} 17553 17554type DisableAWSServiceAccessOutput struct { 17555 _ struct{} `type:"structure"` 17556} 17557 17558// String returns the string representation 17559func (s DisableAWSServiceAccessOutput) String() string { 17560 return awsutil.Prettify(s) 17561} 17562 17563// GoString returns the string representation 17564func (s DisableAWSServiceAccessOutput) GoString() string { 17565 return s.String() 17566} 17567 17568type DisablePolicyTypeInput struct { 17569 _ struct{} `type:"structure"` 17570 17571 // The policy type that you want to disable in this root. You can specify one 17572 // of the following values: 17573 // 17574 // * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html) 17575 // 17576 // * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html) 17577 // 17578 // * SERVICE_CONTROL_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html) 17579 // 17580 // * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html) 17581 // 17582 // PolicyType is a required field 17583 PolicyType *string `type:"string" required:"true" enum:"PolicyType"` 17584 17585 // The unique identifier (ID) of the root in which you want to disable a policy 17586 // type. You can get the ID from the ListRoots operation. 17587 // 17588 // The regex pattern (http://wikipedia.org/wiki/regex) for a root ID string 17589 // requires "r-" followed by from 4 to 32 lowercase letters or digits. 17590 // 17591 // RootId is a required field 17592 RootId *string `type:"string" required:"true"` 17593} 17594 17595// String returns the string representation 17596func (s DisablePolicyTypeInput) String() string { 17597 return awsutil.Prettify(s) 17598} 17599 17600// GoString returns the string representation 17601func (s DisablePolicyTypeInput) GoString() string { 17602 return s.String() 17603} 17604 17605// Validate inspects the fields of the type to determine if they are valid. 17606func (s *DisablePolicyTypeInput) Validate() error { 17607 invalidParams := request.ErrInvalidParams{Context: "DisablePolicyTypeInput"} 17608 if s.PolicyType == nil { 17609 invalidParams.Add(request.NewErrParamRequired("PolicyType")) 17610 } 17611 if s.RootId == nil { 17612 invalidParams.Add(request.NewErrParamRequired("RootId")) 17613 } 17614 17615 if invalidParams.Len() > 0 { 17616 return invalidParams 17617 } 17618 return nil 17619} 17620 17621// SetPolicyType sets the PolicyType field's value. 17622func (s *DisablePolicyTypeInput) SetPolicyType(v string) *DisablePolicyTypeInput { 17623 s.PolicyType = &v 17624 return s 17625} 17626 17627// SetRootId sets the RootId field's value. 17628func (s *DisablePolicyTypeInput) SetRootId(v string) *DisablePolicyTypeInput { 17629 s.RootId = &v 17630 return s 17631} 17632 17633type DisablePolicyTypeOutput struct { 17634 _ struct{} `type:"structure"` 17635 17636 // A structure that shows the root with the updated list of enabled policy types. 17637 Root *Root `type:"structure"` 17638} 17639 17640// String returns the string representation 17641func (s DisablePolicyTypeOutput) String() string { 17642 return awsutil.Prettify(s) 17643} 17644 17645// GoString returns the string representation 17646func (s DisablePolicyTypeOutput) GoString() string { 17647 return s.String() 17648} 17649 17650// SetRoot sets the Root field's value. 17651func (s *DisablePolicyTypeOutput) SetRoot(v *Root) *DisablePolicyTypeOutput { 17652 s.Root = v 17653 return s 17654} 17655 17656// That account is already present in the specified destination. 17657type DuplicateAccountException struct { 17658 _ struct{} `type:"structure"` 17659 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 17660 17661 Message_ *string `locationName:"Message" type:"string"` 17662} 17663 17664// String returns the string representation 17665func (s DuplicateAccountException) String() string { 17666 return awsutil.Prettify(s) 17667} 17668 17669// GoString returns the string representation 17670func (s DuplicateAccountException) GoString() string { 17671 return s.String() 17672} 17673 17674func newErrorDuplicateAccountException(v protocol.ResponseMetadata) error { 17675 return &DuplicateAccountException{ 17676 RespMetadata: v, 17677 } 17678} 17679 17680// Code returns the exception type name. 17681func (s *DuplicateAccountException) Code() string { 17682 return "DuplicateAccountException" 17683} 17684 17685// Message returns the exception's message. 17686func (s *DuplicateAccountException) Message() string { 17687 if s.Message_ != nil { 17688 return *s.Message_ 17689 } 17690 return "" 17691} 17692 17693// OrigErr always returns nil, satisfies awserr.Error interface. 17694func (s *DuplicateAccountException) OrigErr() error { 17695 return nil 17696} 17697 17698func (s *DuplicateAccountException) Error() string { 17699 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 17700} 17701 17702// Status code returns the HTTP status code for the request's response error. 17703func (s *DuplicateAccountException) StatusCode() int { 17704 return s.RespMetadata.StatusCode 17705} 17706 17707// RequestID returns the service's response RequestID for request. 17708func (s *DuplicateAccountException) RequestID() string { 17709 return s.RespMetadata.RequestID 17710} 17711 17712// A handshake with the same action and target already exists. For example, 17713// if you invited an account to join your organization, the invited account 17714// might already have a pending invitation from this organization. If you intend 17715// to resend an invitation to an account, ensure that existing handshakes that 17716// might be considered duplicates are canceled or declined. 17717type DuplicateHandshakeException struct { 17718 _ struct{} `type:"structure"` 17719 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 17720 17721 Message_ *string `locationName:"Message" type:"string"` 17722} 17723 17724// String returns the string representation 17725func (s DuplicateHandshakeException) String() string { 17726 return awsutil.Prettify(s) 17727} 17728 17729// GoString returns the string representation 17730func (s DuplicateHandshakeException) GoString() string { 17731 return s.String() 17732} 17733 17734func newErrorDuplicateHandshakeException(v protocol.ResponseMetadata) error { 17735 return &DuplicateHandshakeException{ 17736 RespMetadata: v, 17737 } 17738} 17739 17740// Code returns the exception type name. 17741func (s *DuplicateHandshakeException) Code() string { 17742 return "DuplicateHandshakeException" 17743} 17744 17745// Message returns the exception's message. 17746func (s *DuplicateHandshakeException) Message() string { 17747 if s.Message_ != nil { 17748 return *s.Message_ 17749 } 17750 return "" 17751} 17752 17753// OrigErr always returns nil, satisfies awserr.Error interface. 17754func (s *DuplicateHandshakeException) OrigErr() error { 17755 return nil 17756} 17757 17758func (s *DuplicateHandshakeException) Error() string { 17759 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 17760} 17761 17762// Status code returns the HTTP status code for the request's response error. 17763func (s *DuplicateHandshakeException) StatusCode() int { 17764 return s.RespMetadata.StatusCode 17765} 17766 17767// RequestID returns the service's response RequestID for request. 17768func (s *DuplicateHandshakeException) RequestID() string { 17769 return s.RespMetadata.RequestID 17770} 17771 17772// An OU with the same name already exists. 17773type DuplicateOrganizationalUnitException struct { 17774 _ struct{} `type:"structure"` 17775 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 17776 17777 Message_ *string `locationName:"Message" type:"string"` 17778} 17779 17780// String returns the string representation 17781func (s DuplicateOrganizationalUnitException) String() string { 17782 return awsutil.Prettify(s) 17783} 17784 17785// GoString returns the string representation 17786func (s DuplicateOrganizationalUnitException) GoString() string { 17787 return s.String() 17788} 17789 17790func newErrorDuplicateOrganizationalUnitException(v protocol.ResponseMetadata) error { 17791 return &DuplicateOrganizationalUnitException{ 17792 RespMetadata: v, 17793 } 17794} 17795 17796// Code returns the exception type name. 17797func (s *DuplicateOrganizationalUnitException) Code() string { 17798 return "DuplicateOrganizationalUnitException" 17799} 17800 17801// Message returns the exception's message. 17802func (s *DuplicateOrganizationalUnitException) Message() string { 17803 if s.Message_ != nil { 17804 return *s.Message_ 17805 } 17806 return "" 17807} 17808 17809// OrigErr always returns nil, satisfies awserr.Error interface. 17810func (s *DuplicateOrganizationalUnitException) OrigErr() error { 17811 return nil 17812} 17813 17814func (s *DuplicateOrganizationalUnitException) Error() string { 17815 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 17816} 17817 17818// Status code returns the HTTP status code for the request's response error. 17819func (s *DuplicateOrganizationalUnitException) StatusCode() int { 17820 return s.RespMetadata.StatusCode 17821} 17822 17823// RequestID returns the service's response RequestID for request. 17824func (s *DuplicateOrganizationalUnitException) RequestID() string { 17825 return s.RespMetadata.RequestID 17826} 17827 17828// The selected policy is already attached to the specified target. 17829type DuplicatePolicyAttachmentException struct { 17830 _ struct{} `type:"structure"` 17831 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 17832 17833 Message_ *string `locationName:"Message" type:"string"` 17834} 17835 17836// String returns the string representation 17837func (s DuplicatePolicyAttachmentException) String() string { 17838 return awsutil.Prettify(s) 17839} 17840 17841// GoString returns the string representation 17842func (s DuplicatePolicyAttachmentException) GoString() string { 17843 return s.String() 17844} 17845 17846func newErrorDuplicatePolicyAttachmentException(v protocol.ResponseMetadata) error { 17847 return &DuplicatePolicyAttachmentException{ 17848 RespMetadata: v, 17849 } 17850} 17851 17852// Code returns the exception type name. 17853func (s *DuplicatePolicyAttachmentException) Code() string { 17854 return "DuplicatePolicyAttachmentException" 17855} 17856 17857// Message returns the exception's message. 17858func (s *DuplicatePolicyAttachmentException) Message() string { 17859 if s.Message_ != nil { 17860 return *s.Message_ 17861 } 17862 return "" 17863} 17864 17865// OrigErr always returns nil, satisfies awserr.Error interface. 17866func (s *DuplicatePolicyAttachmentException) OrigErr() error { 17867 return nil 17868} 17869 17870func (s *DuplicatePolicyAttachmentException) Error() string { 17871 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 17872} 17873 17874// Status code returns the HTTP status code for the request's response error. 17875func (s *DuplicatePolicyAttachmentException) StatusCode() int { 17876 return s.RespMetadata.StatusCode 17877} 17878 17879// RequestID returns the service's response RequestID for request. 17880func (s *DuplicatePolicyAttachmentException) RequestID() string { 17881 return s.RespMetadata.RequestID 17882} 17883 17884// A policy with the same name already exists. 17885type DuplicatePolicyException struct { 17886 _ struct{} `type:"structure"` 17887 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 17888 17889 Message_ *string `locationName:"Message" type:"string"` 17890} 17891 17892// String returns the string representation 17893func (s DuplicatePolicyException) String() string { 17894 return awsutil.Prettify(s) 17895} 17896 17897// GoString returns the string representation 17898func (s DuplicatePolicyException) GoString() string { 17899 return s.String() 17900} 17901 17902func newErrorDuplicatePolicyException(v protocol.ResponseMetadata) error { 17903 return &DuplicatePolicyException{ 17904 RespMetadata: v, 17905 } 17906} 17907 17908// Code returns the exception type name. 17909func (s *DuplicatePolicyException) Code() string { 17910 return "DuplicatePolicyException" 17911} 17912 17913// Message returns the exception's message. 17914func (s *DuplicatePolicyException) Message() string { 17915 if s.Message_ != nil { 17916 return *s.Message_ 17917 } 17918 return "" 17919} 17920 17921// OrigErr always returns nil, satisfies awserr.Error interface. 17922func (s *DuplicatePolicyException) OrigErr() error { 17923 return nil 17924} 17925 17926func (s *DuplicatePolicyException) Error() string { 17927 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 17928} 17929 17930// Status code returns the HTTP status code for the request's response error. 17931func (s *DuplicatePolicyException) StatusCode() int { 17932 return s.RespMetadata.StatusCode 17933} 17934 17935// RequestID returns the service's response RequestID for request. 17936func (s *DuplicatePolicyException) RequestID() string { 17937 return s.RespMetadata.RequestID 17938} 17939 17940// Contains rules to be applied to the affected accounts. The effective policy 17941// is the aggregation of any policies the account inherits, plus any policy 17942// directly attached to the account. 17943type EffectivePolicy struct { 17944 _ struct{} `type:"structure"` 17945 17946 // The time of the last update to this policy. 17947 LastUpdatedTimestamp *time.Time `type:"timestamp"` 17948 17949 // The text content of the policy. 17950 PolicyContent *string `min:"1" type:"string"` 17951 17952 // The policy type. 17953 PolicyType *string `type:"string" enum:"EffectivePolicyType"` 17954 17955 // The account ID of the policy target. 17956 TargetId *string `type:"string"` 17957} 17958 17959// String returns the string representation 17960func (s EffectivePolicy) String() string { 17961 return awsutil.Prettify(s) 17962} 17963 17964// GoString returns the string representation 17965func (s EffectivePolicy) GoString() string { 17966 return s.String() 17967} 17968 17969// SetLastUpdatedTimestamp sets the LastUpdatedTimestamp field's value. 17970func (s *EffectivePolicy) SetLastUpdatedTimestamp(v time.Time) *EffectivePolicy { 17971 s.LastUpdatedTimestamp = &v 17972 return s 17973} 17974 17975// SetPolicyContent sets the PolicyContent field's value. 17976func (s *EffectivePolicy) SetPolicyContent(v string) *EffectivePolicy { 17977 s.PolicyContent = &v 17978 return s 17979} 17980 17981// SetPolicyType sets the PolicyType field's value. 17982func (s *EffectivePolicy) SetPolicyType(v string) *EffectivePolicy { 17983 s.PolicyType = &v 17984 return s 17985} 17986 17987// SetTargetId sets the TargetId field's value. 17988func (s *EffectivePolicy) SetTargetId(v string) *EffectivePolicy { 17989 s.TargetId = &v 17990 return s 17991} 17992 17993// If you ran this action on the management account, this policy type is not 17994// enabled. If you ran the action on a member account, the account doesn't have 17995// an effective policy of this type. Contact the administrator of your organization 17996// about attaching a policy of this type to the account. 17997type EffectivePolicyNotFoundException struct { 17998 _ struct{} `type:"structure"` 17999 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 18000 18001 Message_ *string `locationName:"Message" type:"string"` 18002} 18003 18004// String returns the string representation 18005func (s EffectivePolicyNotFoundException) String() string { 18006 return awsutil.Prettify(s) 18007} 18008 18009// GoString returns the string representation 18010func (s EffectivePolicyNotFoundException) GoString() string { 18011 return s.String() 18012} 18013 18014func newErrorEffectivePolicyNotFoundException(v protocol.ResponseMetadata) error { 18015 return &EffectivePolicyNotFoundException{ 18016 RespMetadata: v, 18017 } 18018} 18019 18020// Code returns the exception type name. 18021func (s *EffectivePolicyNotFoundException) Code() string { 18022 return "EffectivePolicyNotFoundException" 18023} 18024 18025// Message returns the exception's message. 18026func (s *EffectivePolicyNotFoundException) Message() string { 18027 if s.Message_ != nil { 18028 return *s.Message_ 18029 } 18030 return "" 18031} 18032 18033// OrigErr always returns nil, satisfies awserr.Error interface. 18034func (s *EffectivePolicyNotFoundException) OrigErr() error { 18035 return nil 18036} 18037 18038func (s *EffectivePolicyNotFoundException) Error() string { 18039 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 18040} 18041 18042// Status code returns the HTTP status code for the request's response error. 18043func (s *EffectivePolicyNotFoundException) StatusCode() int { 18044 return s.RespMetadata.StatusCode 18045} 18046 18047// RequestID returns the service's response RequestID for request. 18048func (s *EffectivePolicyNotFoundException) RequestID() string { 18049 return s.RespMetadata.RequestID 18050} 18051 18052type EnableAWSServiceAccessInput struct { 18053 _ struct{} `type:"structure"` 18054 18055 // The service principal name of the AWS service for which you want to enable 18056 // integration with your organization. This is typically in the form of a URL, 18057 // such as service-abbreviation.amazonaws.com. 18058 // 18059 // ServicePrincipal is a required field 18060 ServicePrincipal *string `min:"1" type:"string" required:"true"` 18061} 18062 18063// String returns the string representation 18064func (s EnableAWSServiceAccessInput) String() string { 18065 return awsutil.Prettify(s) 18066} 18067 18068// GoString returns the string representation 18069func (s EnableAWSServiceAccessInput) GoString() string { 18070 return s.String() 18071} 18072 18073// Validate inspects the fields of the type to determine if they are valid. 18074func (s *EnableAWSServiceAccessInput) Validate() error { 18075 invalidParams := request.ErrInvalidParams{Context: "EnableAWSServiceAccessInput"} 18076 if s.ServicePrincipal == nil { 18077 invalidParams.Add(request.NewErrParamRequired("ServicePrincipal")) 18078 } 18079 if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 { 18080 invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1)) 18081 } 18082 18083 if invalidParams.Len() > 0 { 18084 return invalidParams 18085 } 18086 return nil 18087} 18088 18089// SetServicePrincipal sets the ServicePrincipal field's value. 18090func (s *EnableAWSServiceAccessInput) SetServicePrincipal(v string) *EnableAWSServiceAccessInput { 18091 s.ServicePrincipal = &v 18092 return s 18093} 18094 18095type EnableAWSServiceAccessOutput struct { 18096 _ struct{} `type:"structure"` 18097} 18098 18099// String returns the string representation 18100func (s EnableAWSServiceAccessOutput) String() string { 18101 return awsutil.Prettify(s) 18102} 18103 18104// GoString returns the string representation 18105func (s EnableAWSServiceAccessOutput) GoString() string { 18106 return s.String() 18107} 18108 18109type EnableAllFeaturesInput struct { 18110 _ struct{} `type:"structure"` 18111} 18112 18113// String returns the string representation 18114func (s EnableAllFeaturesInput) String() string { 18115 return awsutil.Prettify(s) 18116} 18117 18118// GoString returns the string representation 18119func (s EnableAllFeaturesInput) GoString() string { 18120 return s.String() 18121} 18122 18123type EnableAllFeaturesOutput struct { 18124 _ struct{} `type:"structure"` 18125 18126 // A structure that contains details about the handshake created to support 18127 // this request to enable all features in the organization. 18128 Handshake *Handshake `type:"structure"` 18129} 18130 18131// String returns the string representation 18132func (s EnableAllFeaturesOutput) String() string { 18133 return awsutil.Prettify(s) 18134} 18135 18136// GoString returns the string representation 18137func (s EnableAllFeaturesOutput) GoString() string { 18138 return s.String() 18139} 18140 18141// SetHandshake sets the Handshake field's value. 18142func (s *EnableAllFeaturesOutput) SetHandshake(v *Handshake) *EnableAllFeaturesOutput { 18143 s.Handshake = v 18144 return s 18145} 18146 18147type EnablePolicyTypeInput struct { 18148 _ struct{} `type:"structure"` 18149 18150 // The policy type that you want to enable. You can specify one of the following 18151 // values: 18152 // 18153 // * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html) 18154 // 18155 // * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html) 18156 // 18157 // * SERVICE_CONTROL_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html) 18158 // 18159 // * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html) 18160 // 18161 // PolicyType is a required field 18162 PolicyType *string `type:"string" required:"true" enum:"PolicyType"` 18163 18164 // The unique identifier (ID) of the root in which you want to enable a policy 18165 // type. You can get the ID from the ListRoots operation. 18166 // 18167 // The regex pattern (http://wikipedia.org/wiki/regex) for a root ID string 18168 // requires "r-" followed by from 4 to 32 lowercase letters or digits. 18169 // 18170 // RootId is a required field 18171 RootId *string `type:"string" required:"true"` 18172} 18173 18174// String returns the string representation 18175func (s EnablePolicyTypeInput) String() string { 18176 return awsutil.Prettify(s) 18177} 18178 18179// GoString returns the string representation 18180func (s EnablePolicyTypeInput) GoString() string { 18181 return s.String() 18182} 18183 18184// Validate inspects the fields of the type to determine if they are valid. 18185func (s *EnablePolicyTypeInput) Validate() error { 18186 invalidParams := request.ErrInvalidParams{Context: "EnablePolicyTypeInput"} 18187 if s.PolicyType == nil { 18188 invalidParams.Add(request.NewErrParamRequired("PolicyType")) 18189 } 18190 if s.RootId == nil { 18191 invalidParams.Add(request.NewErrParamRequired("RootId")) 18192 } 18193 18194 if invalidParams.Len() > 0 { 18195 return invalidParams 18196 } 18197 return nil 18198} 18199 18200// SetPolicyType sets the PolicyType field's value. 18201func (s *EnablePolicyTypeInput) SetPolicyType(v string) *EnablePolicyTypeInput { 18202 s.PolicyType = &v 18203 return s 18204} 18205 18206// SetRootId sets the RootId field's value. 18207func (s *EnablePolicyTypeInput) SetRootId(v string) *EnablePolicyTypeInput { 18208 s.RootId = &v 18209 return s 18210} 18211 18212type EnablePolicyTypeOutput struct { 18213 _ struct{} `type:"structure"` 18214 18215 // A structure that shows the root with the updated list of enabled policy types. 18216 Root *Root `type:"structure"` 18217} 18218 18219// String returns the string representation 18220func (s EnablePolicyTypeOutput) String() string { 18221 return awsutil.Prettify(s) 18222} 18223 18224// GoString returns the string representation 18225func (s EnablePolicyTypeOutput) GoString() string { 18226 return s.String() 18227} 18228 18229// SetRoot sets the Root field's value. 18230func (s *EnablePolicyTypeOutput) SetRoot(v *Root) *EnablePolicyTypeOutput { 18231 s.Root = v 18232 return s 18233} 18234 18235// A structure that contains details of a service principal that represents 18236// an AWS service that is enabled to integrate with AWS Organizations. 18237type EnabledServicePrincipal struct { 18238 _ struct{} `type:"structure"` 18239 18240 // The date that the service principal was enabled for integration with AWS 18241 // Organizations. 18242 DateEnabled *time.Time `type:"timestamp"` 18243 18244 // The name of the service principal. This is typically in the form of a URL, 18245 // such as: servicename.amazonaws.com. 18246 ServicePrincipal *string `min:"1" type:"string"` 18247} 18248 18249// String returns the string representation 18250func (s EnabledServicePrincipal) String() string { 18251 return awsutil.Prettify(s) 18252} 18253 18254// GoString returns the string representation 18255func (s EnabledServicePrincipal) GoString() string { 18256 return s.String() 18257} 18258 18259// SetDateEnabled sets the DateEnabled field's value. 18260func (s *EnabledServicePrincipal) SetDateEnabled(v time.Time) *EnabledServicePrincipal { 18261 s.DateEnabled = &v 18262 return s 18263} 18264 18265// SetServicePrincipal sets the ServicePrincipal field's value. 18266func (s *EnabledServicePrincipal) SetServicePrincipal(v string) *EnabledServicePrincipal { 18267 s.ServicePrincipal = &v 18268 return s 18269} 18270 18271// AWS Organizations couldn't perform the operation because your organization 18272// hasn't finished initializing. This can take up to an hour. Try again later. 18273// If after one hour you continue to receive this error, contact AWS Support 18274// (https://console.aws.amazon.com/support/home#/). 18275type FinalizingOrganizationException struct { 18276 _ struct{} `type:"structure"` 18277 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 18278 18279 Message_ *string `locationName:"Message" type:"string"` 18280} 18281 18282// String returns the string representation 18283func (s FinalizingOrganizationException) String() string { 18284 return awsutil.Prettify(s) 18285} 18286 18287// GoString returns the string representation 18288func (s FinalizingOrganizationException) GoString() string { 18289 return s.String() 18290} 18291 18292func newErrorFinalizingOrganizationException(v protocol.ResponseMetadata) error { 18293 return &FinalizingOrganizationException{ 18294 RespMetadata: v, 18295 } 18296} 18297 18298// Code returns the exception type name. 18299func (s *FinalizingOrganizationException) Code() string { 18300 return "FinalizingOrganizationException" 18301} 18302 18303// Message returns the exception's message. 18304func (s *FinalizingOrganizationException) Message() string { 18305 if s.Message_ != nil { 18306 return *s.Message_ 18307 } 18308 return "" 18309} 18310 18311// OrigErr always returns nil, satisfies awserr.Error interface. 18312func (s *FinalizingOrganizationException) OrigErr() error { 18313 return nil 18314} 18315 18316func (s *FinalizingOrganizationException) Error() string { 18317 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 18318} 18319 18320// Status code returns the HTTP status code for the request's response error. 18321func (s *FinalizingOrganizationException) StatusCode() int { 18322 return s.RespMetadata.StatusCode 18323} 18324 18325// RequestID returns the service's response RequestID for request. 18326func (s *FinalizingOrganizationException) RequestID() string { 18327 return s.RespMetadata.RequestID 18328} 18329 18330// Contains information that must be exchanged to securely establish a relationship 18331// between two accounts (an originator and a recipient). For example, when a 18332// management account (the originator) invites another account (the recipient) 18333// to join its organization, the two accounts exchange information as a series 18334// of handshake requests and responses. 18335// 18336// Note: Handshakes that are CANCELED, ACCEPTED, or DECLINED show up in lists 18337// for only 30 days after entering that state After that they are deleted. 18338type Handshake struct { 18339 _ struct{} `type:"structure"` 18340 18341 // The type of handshake, indicating what action occurs when the recipient accepts 18342 // the handshake. The following handshake types are supported: 18343 // 18344 // * INVITE: This type of handshake represents a request to join an organization. 18345 // It is always sent from the management account to only non-member accounts. 18346 // 18347 // * ENABLE_ALL_FEATURES: This type of handshake represents a request to 18348 // enable all features in an organization. It is always sent from the management 18349 // account to only invited member accounts. Created accounts do not receive 18350 // this because those accounts were created by the organization's management 18351 // account and approval is inferred. 18352 // 18353 // * APPROVE_ALL_FEATURES: This type of handshake is sent from the Organizations 18354 // service when all member accounts have approved the ENABLE_ALL_FEATURES 18355 // invitation. It is sent only to the management account and signals the 18356 // master that it can finalize the process to enable all features. 18357 Action *string `type:"string" enum:"ActionType"` 18358 18359 // The Amazon Resource Name (ARN) of a handshake. 18360 // 18361 // For more information about ARNs in Organizations, see ARN Formats Supported 18362 // by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) 18363 // in the AWS Service Authorization Reference. 18364 Arn *string `type:"string"` 18365 18366 // The date and time that the handshake expires. If the recipient of the handshake 18367 // request fails to respond before the specified date and time, the handshake 18368 // becomes inactive and is no longer valid. 18369 ExpirationTimestamp *time.Time `type:"timestamp"` 18370 18371 // The unique identifier (ID) of a handshake. The originating account creates 18372 // the ID when it initiates the handshake. 18373 // 18374 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 18375 // requires "h-" followed by from 8 to 32 lowercase letters or digits. 18376 Id *string `type:"string"` 18377 18378 // Information about the two accounts that are participating in the handshake. 18379 Parties []*HandshakeParty `type:"list"` 18380 18381 // The date and time that the handshake request was made. 18382 RequestedTimestamp *time.Time `type:"timestamp"` 18383 18384 // Additional information that is needed to process the handshake. 18385 Resources []*HandshakeResource `type:"list"` 18386 18387 // The current state of the handshake. Use the state to trace the flow of the 18388 // handshake through the process from its creation to its acceptance. The meaning 18389 // of each of the valid values is as follows: 18390 // 18391 // * REQUESTED: This handshake was sent to multiple recipients (applicable 18392 // to only some handshake types) and not all recipients have responded yet. 18393 // The request stays in this state until all recipients respond. 18394 // 18395 // * OPEN: This handshake was sent to multiple recipients (applicable to 18396 // only some policy types) and all recipients have responded, allowing the 18397 // originator to complete the handshake action. 18398 // 18399 // * CANCELED: This handshake is no longer active because it was canceled 18400 // by the originating account. 18401 // 18402 // * ACCEPTED: This handshake is complete because it has been accepted by 18403 // the recipient. 18404 // 18405 // * DECLINED: This handshake is no longer active because it was declined 18406 // by the recipient account. 18407 // 18408 // * EXPIRED: This handshake is no longer active because the originator did 18409 // not receive a response of any kind from the recipient before the expiration 18410 // time (15 days). 18411 State *string `type:"string" enum:"HandshakeState"` 18412} 18413 18414// String returns the string representation 18415func (s Handshake) String() string { 18416 return awsutil.Prettify(s) 18417} 18418 18419// GoString returns the string representation 18420func (s Handshake) GoString() string { 18421 return s.String() 18422} 18423 18424// SetAction sets the Action field's value. 18425func (s *Handshake) SetAction(v string) *Handshake { 18426 s.Action = &v 18427 return s 18428} 18429 18430// SetArn sets the Arn field's value. 18431func (s *Handshake) SetArn(v string) *Handshake { 18432 s.Arn = &v 18433 return s 18434} 18435 18436// SetExpirationTimestamp sets the ExpirationTimestamp field's value. 18437func (s *Handshake) SetExpirationTimestamp(v time.Time) *Handshake { 18438 s.ExpirationTimestamp = &v 18439 return s 18440} 18441 18442// SetId sets the Id field's value. 18443func (s *Handshake) SetId(v string) *Handshake { 18444 s.Id = &v 18445 return s 18446} 18447 18448// SetParties sets the Parties field's value. 18449func (s *Handshake) SetParties(v []*HandshakeParty) *Handshake { 18450 s.Parties = v 18451 return s 18452} 18453 18454// SetRequestedTimestamp sets the RequestedTimestamp field's value. 18455func (s *Handshake) SetRequestedTimestamp(v time.Time) *Handshake { 18456 s.RequestedTimestamp = &v 18457 return s 18458} 18459 18460// SetResources sets the Resources field's value. 18461func (s *Handshake) SetResources(v []*HandshakeResource) *Handshake { 18462 s.Resources = v 18463 return s 18464} 18465 18466// SetState sets the State field's value. 18467func (s *Handshake) SetState(v string) *Handshake { 18468 s.State = &v 18469 return s 18470} 18471 18472// The specified handshake is already in the requested state. For example, you 18473// can't accept a handshake that was already accepted. 18474type HandshakeAlreadyInStateException struct { 18475 _ struct{} `type:"structure"` 18476 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 18477 18478 Message_ *string `locationName:"Message" type:"string"` 18479} 18480 18481// String returns the string representation 18482func (s HandshakeAlreadyInStateException) String() string { 18483 return awsutil.Prettify(s) 18484} 18485 18486// GoString returns the string representation 18487func (s HandshakeAlreadyInStateException) GoString() string { 18488 return s.String() 18489} 18490 18491func newErrorHandshakeAlreadyInStateException(v protocol.ResponseMetadata) error { 18492 return &HandshakeAlreadyInStateException{ 18493 RespMetadata: v, 18494 } 18495} 18496 18497// Code returns the exception type name. 18498func (s *HandshakeAlreadyInStateException) Code() string { 18499 return "HandshakeAlreadyInStateException" 18500} 18501 18502// Message returns the exception's message. 18503func (s *HandshakeAlreadyInStateException) Message() string { 18504 if s.Message_ != nil { 18505 return *s.Message_ 18506 } 18507 return "" 18508} 18509 18510// OrigErr always returns nil, satisfies awserr.Error interface. 18511func (s *HandshakeAlreadyInStateException) OrigErr() error { 18512 return nil 18513} 18514 18515func (s *HandshakeAlreadyInStateException) Error() string { 18516 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 18517} 18518 18519// Status code returns the HTTP status code for the request's response error. 18520func (s *HandshakeAlreadyInStateException) StatusCode() int { 18521 return s.RespMetadata.StatusCode 18522} 18523 18524// RequestID returns the service's response RequestID for request. 18525func (s *HandshakeAlreadyInStateException) RequestID() string { 18526 return s.RespMetadata.RequestID 18527} 18528 18529// The requested operation would violate the constraint identified in the reason 18530// code. 18531// 18532// Some of the reasons in the following list might not be applicable to this 18533// specific API or operation: 18534// 18535// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 18536// the number of accounts in an organization. Note that deleted and closed 18537// accounts still count toward your limit. If you get this exception immediately 18538// after creating the organization, wait one hour and try again. If after 18539// an hour it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/). 18540// 18541// * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because 18542// the invited account is already a member of an organization. 18543// 18544// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 18545// handshakes that you can send in one day. 18546// 18547// * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations 18548// to join an organization while it's in the process of enabling all features. 18549// You can resume inviting accounts after you finalize the process when all 18550// accounts have agreed to the change. 18551// 18552// * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid 18553// because the organization has already enabled all features. 18554// 18555// * ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake 18556// request is invalid because the organization has already started the process 18557// to enable all features. 18558// 18559// * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because 18560// the account is from a different marketplace than the accounts in the organization. 18561// For example, accounts with India addresses must be associated with the 18562// AISPL marketplace. All accounts in an organization must be from the same 18563// marketplace. 18564// 18565// * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to 18566// change the membership of an account too quickly after its previous change. 18567// 18568// * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an 18569// account that doesn't have a payment instrument, such as a credit card, 18570// associated with it. 18571type HandshakeConstraintViolationException struct { 18572 _ struct{} `type:"structure"` 18573 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 18574 18575 Message_ *string `locationName:"Message" type:"string"` 18576 18577 Reason *string `type:"string" enum:"HandshakeConstraintViolationExceptionReason"` 18578} 18579 18580// String returns the string representation 18581func (s HandshakeConstraintViolationException) String() string { 18582 return awsutil.Prettify(s) 18583} 18584 18585// GoString returns the string representation 18586func (s HandshakeConstraintViolationException) GoString() string { 18587 return s.String() 18588} 18589 18590func newErrorHandshakeConstraintViolationException(v protocol.ResponseMetadata) error { 18591 return &HandshakeConstraintViolationException{ 18592 RespMetadata: v, 18593 } 18594} 18595 18596// Code returns the exception type name. 18597func (s *HandshakeConstraintViolationException) Code() string { 18598 return "HandshakeConstraintViolationException" 18599} 18600 18601// Message returns the exception's message. 18602func (s *HandshakeConstraintViolationException) Message() string { 18603 if s.Message_ != nil { 18604 return *s.Message_ 18605 } 18606 return "" 18607} 18608 18609// OrigErr always returns nil, satisfies awserr.Error interface. 18610func (s *HandshakeConstraintViolationException) OrigErr() error { 18611 return nil 18612} 18613 18614func (s *HandshakeConstraintViolationException) Error() string { 18615 return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) 18616} 18617 18618// Status code returns the HTTP status code for the request's response error. 18619func (s *HandshakeConstraintViolationException) StatusCode() int { 18620 return s.RespMetadata.StatusCode 18621} 18622 18623// RequestID returns the service's response RequestID for request. 18624func (s *HandshakeConstraintViolationException) RequestID() string { 18625 return s.RespMetadata.RequestID 18626} 18627 18628// Specifies the criteria that are used to select the handshakes for the operation. 18629type HandshakeFilter struct { 18630 _ struct{} `type:"structure"` 18631 18632 // Specifies the type of handshake action. 18633 // 18634 // If you specify ActionType, you cannot also specify ParentHandshakeId. 18635 ActionType *string `type:"string" enum:"ActionType"` 18636 18637 // Specifies the parent handshake. Only used for handshake types that are a 18638 // child of another type. 18639 // 18640 // If you specify ParentHandshakeId, you cannot also specify ActionType. 18641 // 18642 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 18643 // requires "h-" followed by from 8 to 32 lowercase letters or digits. 18644 ParentHandshakeId *string `type:"string"` 18645} 18646 18647// String returns the string representation 18648func (s HandshakeFilter) String() string { 18649 return awsutil.Prettify(s) 18650} 18651 18652// GoString returns the string representation 18653func (s HandshakeFilter) GoString() string { 18654 return s.String() 18655} 18656 18657// SetActionType sets the ActionType field's value. 18658func (s *HandshakeFilter) SetActionType(v string) *HandshakeFilter { 18659 s.ActionType = &v 18660 return s 18661} 18662 18663// SetParentHandshakeId sets the ParentHandshakeId field's value. 18664func (s *HandshakeFilter) SetParentHandshakeId(v string) *HandshakeFilter { 18665 s.ParentHandshakeId = &v 18666 return s 18667} 18668 18669// We can't find a handshake with the HandshakeId that you specified. 18670type HandshakeNotFoundException struct { 18671 _ struct{} `type:"structure"` 18672 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 18673 18674 Message_ *string `locationName:"Message" type:"string"` 18675} 18676 18677// String returns the string representation 18678func (s HandshakeNotFoundException) String() string { 18679 return awsutil.Prettify(s) 18680} 18681 18682// GoString returns the string representation 18683func (s HandshakeNotFoundException) GoString() string { 18684 return s.String() 18685} 18686 18687func newErrorHandshakeNotFoundException(v protocol.ResponseMetadata) error { 18688 return &HandshakeNotFoundException{ 18689 RespMetadata: v, 18690 } 18691} 18692 18693// Code returns the exception type name. 18694func (s *HandshakeNotFoundException) Code() string { 18695 return "HandshakeNotFoundException" 18696} 18697 18698// Message returns the exception's message. 18699func (s *HandshakeNotFoundException) Message() string { 18700 if s.Message_ != nil { 18701 return *s.Message_ 18702 } 18703 return "" 18704} 18705 18706// OrigErr always returns nil, satisfies awserr.Error interface. 18707func (s *HandshakeNotFoundException) OrigErr() error { 18708 return nil 18709} 18710 18711func (s *HandshakeNotFoundException) Error() string { 18712 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 18713} 18714 18715// Status code returns the HTTP status code for the request's response error. 18716func (s *HandshakeNotFoundException) StatusCode() int { 18717 return s.RespMetadata.StatusCode 18718} 18719 18720// RequestID returns the service's response RequestID for request. 18721func (s *HandshakeNotFoundException) RequestID() string { 18722 return s.RespMetadata.RequestID 18723} 18724 18725// Identifies a participant in a handshake. 18726type HandshakeParty struct { 18727 _ struct{} `type:"structure"` 18728 18729 // The unique identifier (ID) for the party. 18730 // 18731 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 18732 // requires "h-" followed by from 8 to 32 lowercase letters or digits. 18733 // 18734 // Id is a required field 18735 Id *string `min:"1" type:"string" required:"true" sensitive:"true"` 18736 18737 // The type of party. 18738 // 18739 // Type is a required field 18740 Type *string `type:"string" required:"true" enum:"HandshakePartyType"` 18741} 18742 18743// String returns the string representation 18744func (s HandshakeParty) String() string { 18745 return awsutil.Prettify(s) 18746} 18747 18748// GoString returns the string representation 18749func (s HandshakeParty) GoString() string { 18750 return s.String() 18751} 18752 18753// Validate inspects the fields of the type to determine if they are valid. 18754func (s *HandshakeParty) Validate() error { 18755 invalidParams := request.ErrInvalidParams{Context: "HandshakeParty"} 18756 if s.Id == nil { 18757 invalidParams.Add(request.NewErrParamRequired("Id")) 18758 } 18759 if s.Id != nil && len(*s.Id) < 1 { 18760 invalidParams.Add(request.NewErrParamMinLen("Id", 1)) 18761 } 18762 if s.Type == nil { 18763 invalidParams.Add(request.NewErrParamRequired("Type")) 18764 } 18765 18766 if invalidParams.Len() > 0 { 18767 return invalidParams 18768 } 18769 return nil 18770} 18771 18772// SetId sets the Id field's value. 18773func (s *HandshakeParty) SetId(v string) *HandshakeParty { 18774 s.Id = &v 18775 return s 18776} 18777 18778// SetType sets the Type field's value. 18779func (s *HandshakeParty) SetType(v string) *HandshakeParty { 18780 s.Type = &v 18781 return s 18782} 18783 18784// Contains additional data that is needed to process a handshake. 18785type HandshakeResource struct { 18786 _ struct{} `type:"structure"` 18787 18788 // When needed, contains an additional array of HandshakeResource objects. 18789 Resources []*HandshakeResource `type:"list"` 18790 18791 // The type of information being passed, specifying how the value is to be interpreted 18792 // by the other party: 18793 // 18794 // * ACCOUNT - Specifies an AWS account ID number. 18795 // 18796 // * ORGANIZATION - Specifies an organization ID number. 18797 // 18798 // * EMAIL - Specifies the email address that is associated with the account 18799 // that receives the handshake. 18800 // 18801 // * OWNER_EMAIL - Specifies the email address associated with the management 18802 // account. Included as information about an organization. 18803 // 18804 // * OWNER_NAME - Specifies the name associated with the management account. 18805 // Included as information about an organization. 18806 // 18807 // * NOTES - Additional text provided by the handshake initiator and intended 18808 // for the recipient to read. 18809 Type *string `type:"string" enum:"HandshakeResourceType"` 18810 18811 // The information that is passed to the other party in the handshake. The format 18812 // of the value string must match the requirements of the specified type. 18813 Value *string `type:"string" sensitive:"true"` 18814} 18815 18816// String returns the string representation 18817func (s HandshakeResource) String() string { 18818 return awsutil.Prettify(s) 18819} 18820 18821// GoString returns the string representation 18822func (s HandshakeResource) GoString() string { 18823 return s.String() 18824} 18825 18826// SetResources sets the Resources field's value. 18827func (s *HandshakeResource) SetResources(v []*HandshakeResource) *HandshakeResource { 18828 s.Resources = v 18829 return s 18830} 18831 18832// SetType sets the Type field's value. 18833func (s *HandshakeResource) SetType(v string) *HandshakeResource { 18834 s.Type = &v 18835 return s 18836} 18837 18838// SetValue sets the Value field's value. 18839func (s *HandshakeResource) SetValue(v string) *HandshakeResource { 18840 s.Value = &v 18841 return s 18842} 18843 18844// You can't perform the operation on the handshake in its current state. For 18845// example, you can't cancel a handshake that was already accepted or accept 18846// a handshake that was already declined. 18847type InvalidHandshakeTransitionException struct { 18848 _ struct{} `type:"structure"` 18849 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 18850 18851 Message_ *string `locationName:"Message" type:"string"` 18852} 18853 18854// String returns the string representation 18855func (s InvalidHandshakeTransitionException) String() string { 18856 return awsutil.Prettify(s) 18857} 18858 18859// GoString returns the string representation 18860func (s InvalidHandshakeTransitionException) GoString() string { 18861 return s.String() 18862} 18863 18864func newErrorInvalidHandshakeTransitionException(v protocol.ResponseMetadata) error { 18865 return &InvalidHandshakeTransitionException{ 18866 RespMetadata: v, 18867 } 18868} 18869 18870// Code returns the exception type name. 18871func (s *InvalidHandshakeTransitionException) Code() string { 18872 return "InvalidHandshakeTransitionException" 18873} 18874 18875// Message returns the exception's message. 18876func (s *InvalidHandshakeTransitionException) Message() string { 18877 if s.Message_ != nil { 18878 return *s.Message_ 18879 } 18880 return "" 18881} 18882 18883// OrigErr always returns nil, satisfies awserr.Error interface. 18884func (s *InvalidHandshakeTransitionException) OrigErr() error { 18885 return nil 18886} 18887 18888func (s *InvalidHandshakeTransitionException) Error() string { 18889 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 18890} 18891 18892// Status code returns the HTTP status code for the request's response error. 18893func (s *InvalidHandshakeTransitionException) StatusCode() int { 18894 return s.RespMetadata.StatusCode 18895} 18896 18897// RequestID returns the service's response RequestID for request. 18898func (s *InvalidHandshakeTransitionException) RequestID() string { 18899 return s.RespMetadata.RequestID 18900} 18901 18902// The requested operation failed because you provided invalid values for one 18903// or more of the request parameters. This exception includes a reason that 18904// contains additional information about the violated limit: 18905// 18906// Some of the reasons in the following list might not be applicable to this 18907// specific API or operation. 18908// 18909// * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 18910// the same entity. 18911// 18912// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 18913// can't be modified. 18914// 18915// * INPUT_REQUIRED: You must include a value for all required parameters. 18916// 18917// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 18918// for the invited account owner. 18919// 18920// * INVALID_ENUM: You specified an invalid value. 18921// 18922// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 18923// 18924// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 18925// characters. 18926// 18927// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 18928// at least one invalid value. 18929// 18930// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 18931// from the response to a previous call of the operation. 18932// 18933// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 18934// organization, or email) as a party. 18935// 18936// * INVALID_PATTERN: You provided a value that doesn't match the required 18937// pattern. 18938// 18939// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 18940// match the required pattern. 18941// 18942// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 18943// name can't begin with the reserved prefix AWSServiceRoleFor. 18944// 18945// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 18946// Name (ARN) for the organization. 18947// 18948// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 18949// 18950// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 18951// tag. You can’t add, edit, or delete system tag keys because they're 18952// reserved for AWS use. System tags don’t count against your tags per 18953// resource limit. 18954// 18955// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 18956// for the operation. 18957// 18958// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 18959// than allowed. 18960// 18961// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 18962// value than allowed. 18963// 18964// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 18965// than allowed. 18966// 18967// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 18968// value than allowed. 18969// 18970// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 18971// between entities in the same root. 18972// 18973// * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 18974// target entity. 18975// 18976// * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 18977// isn't recognized. 18978type InvalidInputException struct { 18979 _ struct{} `type:"structure"` 18980 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 18981 18982 Message_ *string `locationName:"Message" type:"string"` 18983 18984 Reason *string `type:"string" enum:"InvalidInputExceptionReason"` 18985} 18986 18987// String returns the string representation 18988func (s InvalidInputException) String() string { 18989 return awsutil.Prettify(s) 18990} 18991 18992// GoString returns the string representation 18993func (s InvalidInputException) GoString() string { 18994 return s.String() 18995} 18996 18997func newErrorInvalidInputException(v protocol.ResponseMetadata) error { 18998 return &InvalidInputException{ 18999 RespMetadata: v, 19000 } 19001} 19002 19003// Code returns the exception type name. 19004func (s *InvalidInputException) Code() string { 19005 return "InvalidInputException" 19006} 19007 19008// Message returns the exception's message. 19009func (s *InvalidInputException) Message() string { 19010 if s.Message_ != nil { 19011 return *s.Message_ 19012 } 19013 return "" 19014} 19015 19016// OrigErr always returns nil, satisfies awserr.Error interface. 19017func (s *InvalidInputException) OrigErr() error { 19018 return nil 19019} 19020 19021func (s *InvalidInputException) Error() string { 19022 return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) 19023} 19024 19025// Status code returns the HTTP status code for the request's response error. 19026func (s *InvalidInputException) StatusCode() int { 19027 return s.RespMetadata.StatusCode 19028} 19029 19030// RequestID returns the service's response RequestID for request. 19031func (s *InvalidInputException) RequestID() string { 19032 return s.RespMetadata.RequestID 19033} 19034 19035type InviteAccountToOrganizationInput struct { 19036 _ struct{} `type:"structure"` 19037 19038 // Additional information that you want to include in the generated email to 19039 // the recipient account owner. 19040 Notes *string `type:"string" sensitive:"true"` 19041 19042 // A list of tags that you want to attach to the account when it becomes a member 19043 // of the organization. For each tag in the list, you must specify both a tag 19044 // key and a value. You can set the value to an empty string, but you can't 19045 // set it to null. For more information about tagging, see Tagging AWS Organizations 19046 // resources (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html) 19047 // in the AWS Organizations User Guide. 19048 // 19049 // Any tags in the request are checked for compliance with any applicable tag 19050 // policies when the request is made. The request is rejected if the tags in 19051 // the request don't match the requirements of the policy at that time. Tag 19052 // policy compliance is not checked again when the invitation is accepted and 19053 // the tags are actually attached to the account. That means that if the tag 19054 // policy changes between the invitation and the acceptance, then that tags 19055 // could potentially be non-compliant. 19056 // 19057 // If any one of the tags is invalid or if you exceed the allowed number of 19058 // tags for an account, then the entire request fails and invitations are not 19059 // sent. 19060 Tags []*Tag `type:"list"` 19061 19062 // The identifier (ID) of the AWS account that you want to invite to join your 19063 // organization. This is a JSON object that contains the following elements: 19064 // 19065 // { "Type": "ACCOUNT", "Id": "< account id number >" } 19066 // 19067 // If you use the AWS CLI, you can submit this as a single string, similar to 19068 // the following example: 19069 // 19070 // --target Id=123456789012,Type=ACCOUNT 19071 // 19072 // If you specify "Type": "ACCOUNT", you must provide the AWS account ID number 19073 // as the Id. If you specify "Type": "EMAIL", you must specify the email address 19074 // that is associated with the account. 19075 // 19076 // --target Id=diego@example.com,Type=EMAIL 19077 // 19078 // Target is a required field 19079 Target *HandshakeParty `type:"structure" required:"true"` 19080} 19081 19082// String returns the string representation 19083func (s InviteAccountToOrganizationInput) String() string { 19084 return awsutil.Prettify(s) 19085} 19086 19087// GoString returns the string representation 19088func (s InviteAccountToOrganizationInput) GoString() string { 19089 return s.String() 19090} 19091 19092// Validate inspects the fields of the type to determine if they are valid. 19093func (s *InviteAccountToOrganizationInput) Validate() error { 19094 invalidParams := request.ErrInvalidParams{Context: "InviteAccountToOrganizationInput"} 19095 if s.Target == nil { 19096 invalidParams.Add(request.NewErrParamRequired("Target")) 19097 } 19098 if s.Tags != nil { 19099 for i, v := range s.Tags { 19100 if v == nil { 19101 continue 19102 } 19103 if err := v.Validate(); err != nil { 19104 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 19105 } 19106 } 19107 } 19108 if s.Target != nil { 19109 if err := s.Target.Validate(); err != nil { 19110 invalidParams.AddNested("Target", err.(request.ErrInvalidParams)) 19111 } 19112 } 19113 19114 if invalidParams.Len() > 0 { 19115 return invalidParams 19116 } 19117 return nil 19118} 19119 19120// SetNotes sets the Notes field's value. 19121func (s *InviteAccountToOrganizationInput) SetNotes(v string) *InviteAccountToOrganizationInput { 19122 s.Notes = &v 19123 return s 19124} 19125 19126// SetTags sets the Tags field's value. 19127func (s *InviteAccountToOrganizationInput) SetTags(v []*Tag) *InviteAccountToOrganizationInput { 19128 s.Tags = v 19129 return s 19130} 19131 19132// SetTarget sets the Target field's value. 19133func (s *InviteAccountToOrganizationInput) SetTarget(v *HandshakeParty) *InviteAccountToOrganizationInput { 19134 s.Target = v 19135 return s 19136} 19137 19138type InviteAccountToOrganizationOutput struct { 19139 _ struct{} `type:"structure"` 19140 19141 // A structure that contains details about the handshake that is created to 19142 // support this invitation request. 19143 Handshake *Handshake `type:"structure"` 19144} 19145 19146// String returns the string representation 19147func (s InviteAccountToOrganizationOutput) String() string { 19148 return awsutil.Prettify(s) 19149} 19150 19151// GoString returns the string representation 19152func (s InviteAccountToOrganizationOutput) GoString() string { 19153 return s.String() 19154} 19155 19156// SetHandshake sets the Handshake field's value. 19157func (s *InviteAccountToOrganizationOutput) SetHandshake(v *Handshake) *InviteAccountToOrganizationOutput { 19158 s.Handshake = v 19159 return s 19160} 19161 19162type LeaveOrganizationInput struct { 19163 _ struct{} `type:"structure"` 19164} 19165 19166// String returns the string representation 19167func (s LeaveOrganizationInput) String() string { 19168 return awsutil.Prettify(s) 19169} 19170 19171// GoString returns the string representation 19172func (s LeaveOrganizationInput) GoString() string { 19173 return s.String() 19174} 19175 19176type LeaveOrganizationOutput struct { 19177 _ struct{} `type:"structure"` 19178} 19179 19180// String returns the string representation 19181func (s LeaveOrganizationOutput) String() string { 19182 return awsutil.Prettify(s) 19183} 19184 19185// GoString returns the string representation 19186func (s LeaveOrganizationOutput) GoString() string { 19187 return s.String() 19188} 19189 19190type ListAWSServiceAccessForOrganizationInput struct { 19191 _ struct{} `type:"structure"` 19192 19193 // The total number of results that you want included on each page of the response. 19194 // If you do not include this parameter, it defaults to a value that is specific 19195 // to the operation. If additional items exist beyond the maximum you specify, 19196 // the NextToken response element is present and has a value (is not null). 19197 // Include that value as the NextToken request parameter in the next call to 19198 // the operation to get the next part of the results. Note that Organizations 19199 // might return fewer results than the maximum even when there are more results 19200 // available. You should check NextToken after every operation to ensure that 19201 // you receive all of the results. 19202 MaxResults *int64 `min:"1" type:"integer"` 19203 19204 // The parameter for receiving additional results if you receive a NextToken 19205 // response in a previous request. A NextToken response indicates that more 19206 // output is available. Set this parameter to the value of the previous call's 19207 // NextToken response to indicate where the output should continue from. 19208 NextToken *string `type:"string"` 19209} 19210 19211// String returns the string representation 19212func (s ListAWSServiceAccessForOrganizationInput) String() string { 19213 return awsutil.Prettify(s) 19214} 19215 19216// GoString returns the string representation 19217func (s ListAWSServiceAccessForOrganizationInput) GoString() string { 19218 return s.String() 19219} 19220 19221// Validate inspects the fields of the type to determine if they are valid. 19222func (s *ListAWSServiceAccessForOrganizationInput) Validate() error { 19223 invalidParams := request.ErrInvalidParams{Context: "ListAWSServiceAccessForOrganizationInput"} 19224 if s.MaxResults != nil && *s.MaxResults < 1 { 19225 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 19226 } 19227 19228 if invalidParams.Len() > 0 { 19229 return invalidParams 19230 } 19231 return nil 19232} 19233 19234// SetMaxResults sets the MaxResults field's value. 19235func (s *ListAWSServiceAccessForOrganizationInput) SetMaxResults(v int64) *ListAWSServiceAccessForOrganizationInput { 19236 s.MaxResults = &v 19237 return s 19238} 19239 19240// SetNextToken sets the NextToken field's value. 19241func (s *ListAWSServiceAccessForOrganizationInput) SetNextToken(v string) *ListAWSServiceAccessForOrganizationInput { 19242 s.NextToken = &v 19243 return s 19244} 19245 19246type ListAWSServiceAccessForOrganizationOutput struct { 19247 _ struct{} `type:"structure"` 19248 19249 // A list of the service principals for the services that are enabled to integrate 19250 // with your organization. Each principal is a structure that includes the name 19251 // and the date that it was enabled for integration with AWS Organizations. 19252 EnabledServicePrincipals []*EnabledServicePrincipal `type:"list"` 19253 19254 // If present, indicates that more output is available than is included in the 19255 // current response. Use this value in the NextToken request parameter in a 19256 // subsequent call to the operation to get the next part of the output. You 19257 // should repeat this until the NextToken response element comes back as null. 19258 NextToken *string `type:"string"` 19259} 19260 19261// String returns the string representation 19262func (s ListAWSServiceAccessForOrganizationOutput) String() string { 19263 return awsutil.Prettify(s) 19264} 19265 19266// GoString returns the string representation 19267func (s ListAWSServiceAccessForOrganizationOutput) GoString() string { 19268 return s.String() 19269} 19270 19271// SetEnabledServicePrincipals sets the EnabledServicePrincipals field's value. 19272func (s *ListAWSServiceAccessForOrganizationOutput) SetEnabledServicePrincipals(v []*EnabledServicePrincipal) *ListAWSServiceAccessForOrganizationOutput { 19273 s.EnabledServicePrincipals = v 19274 return s 19275} 19276 19277// SetNextToken sets the NextToken field's value. 19278func (s *ListAWSServiceAccessForOrganizationOutput) SetNextToken(v string) *ListAWSServiceAccessForOrganizationOutput { 19279 s.NextToken = &v 19280 return s 19281} 19282 19283type ListAccountsForParentInput struct { 19284 _ struct{} `type:"structure"` 19285 19286 // The total number of results that you want included on each page of the response. 19287 // If you do not include this parameter, it defaults to a value that is specific 19288 // to the operation. If additional items exist beyond the maximum you specify, 19289 // the NextToken response element is present and has a value (is not null). 19290 // Include that value as the NextToken request parameter in the next call to 19291 // the operation to get the next part of the results. Note that Organizations 19292 // might return fewer results than the maximum even when there are more results 19293 // available. You should check NextToken after every operation to ensure that 19294 // you receive all of the results. 19295 MaxResults *int64 `min:"1" type:"integer"` 19296 19297 // The parameter for receiving additional results if you receive a NextToken 19298 // response in a previous request. A NextToken response indicates that more 19299 // output is available. Set this parameter to the value of the previous call's 19300 // NextToken response to indicate where the output should continue from. 19301 NextToken *string `type:"string"` 19302 19303 // The unique identifier (ID) for the parent root or organization unit (OU) 19304 // whose accounts you want to list. 19305 // 19306 // ParentId is a required field 19307 ParentId *string `type:"string" required:"true"` 19308} 19309 19310// String returns the string representation 19311func (s ListAccountsForParentInput) String() string { 19312 return awsutil.Prettify(s) 19313} 19314 19315// GoString returns the string representation 19316func (s ListAccountsForParentInput) GoString() string { 19317 return s.String() 19318} 19319 19320// Validate inspects the fields of the type to determine if they are valid. 19321func (s *ListAccountsForParentInput) Validate() error { 19322 invalidParams := request.ErrInvalidParams{Context: "ListAccountsForParentInput"} 19323 if s.MaxResults != nil && *s.MaxResults < 1 { 19324 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 19325 } 19326 if s.ParentId == nil { 19327 invalidParams.Add(request.NewErrParamRequired("ParentId")) 19328 } 19329 19330 if invalidParams.Len() > 0 { 19331 return invalidParams 19332 } 19333 return nil 19334} 19335 19336// SetMaxResults sets the MaxResults field's value. 19337func (s *ListAccountsForParentInput) SetMaxResults(v int64) *ListAccountsForParentInput { 19338 s.MaxResults = &v 19339 return s 19340} 19341 19342// SetNextToken sets the NextToken field's value. 19343func (s *ListAccountsForParentInput) SetNextToken(v string) *ListAccountsForParentInput { 19344 s.NextToken = &v 19345 return s 19346} 19347 19348// SetParentId sets the ParentId field's value. 19349func (s *ListAccountsForParentInput) SetParentId(v string) *ListAccountsForParentInput { 19350 s.ParentId = &v 19351 return s 19352} 19353 19354type ListAccountsForParentOutput struct { 19355 _ struct{} `type:"structure"` 19356 19357 // A list of the accounts in the specified root or OU. 19358 Accounts []*Account `type:"list"` 19359 19360 // If present, indicates that more output is available than is included in the 19361 // current response. Use this value in the NextToken request parameter in a 19362 // subsequent call to the operation to get the next part of the output. You 19363 // should repeat this until the NextToken response element comes back as null. 19364 NextToken *string `type:"string"` 19365} 19366 19367// String returns the string representation 19368func (s ListAccountsForParentOutput) String() string { 19369 return awsutil.Prettify(s) 19370} 19371 19372// GoString returns the string representation 19373func (s ListAccountsForParentOutput) GoString() string { 19374 return s.String() 19375} 19376 19377// SetAccounts sets the Accounts field's value. 19378func (s *ListAccountsForParentOutput) SetAccounts(v []*Account) *ListAccountsForParentOutput { 19379 s.Accounts = v 19380 return s 19381} 19382 19383// SetNextToken sets the NextToken field's value. 19384func (s *ListAccountsForParentOutput) SetNextToken(v string) *ListAccountsForParentOutput { 19385 s.NextToken = &v 19386 return s 19387} 19388 19389type ListAccountsInput struct { 19390 _ struct{} `type:"structure"` 19391 19392 // The total number of results that you want included on each page of the response. 19393 // If you do not include this parameter, it defaults to a value that is specific 19394 // to the operation. If additional items exist beyond the maximum you specify, 19395 // the NextToken response element is present and has a value (is not null). 19396 // Include that value as the NextToken request parameter in the next call to 19397 // the operation to get the next part of the results. Note that Organizations 19398 // might return fewer results than the maximum even when there are more results 19399 // available. You should check NextToken after every operation to ensure that 19400 // you receive all of the results. 19401 MaxResults *int64 `min:"1" type:"integer"` 19402 19403 // The parameter for receiving additional results if you receive a NextToken 19404 // response in a previous request. A NextToken response indicates that more 19405 // output is available. Set this parameter to the value of the previous call's 19406 // NextToken response to indicate where the output should continue from. 19407 NextToken *string `type:"string"` 19408} 19409 19410// String returns the string representation 19411func (s ListAccountsInput) String() string { 19412 return awsutil.Prettify(s) 19413} 19414 19415// GoString returns the string representation 19416func (s ListAccountsInput) GoString() string { 19417 return s.String() 19418} 19419 19420// Validate inspects the fields of the type to determine if they are valid. 19421func (s *ListAccountsInput) Validate() error { 19422 invalidParams := request.ErrInvalidParams{Context: "ListAccountsInput"} 19423 if s.MaxResults != nil && *s.MaxResults < 1 { 19424 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 19425 } 19426 19427 if invalidParams.Len() > 0 { 19428 return invalidParams 19429 } 19430 return nil 19431} 19432 19433// SetMaxResults sets the MaxResults field's value. 19434func (s *ListAccountsInput) SetMaxResults(v int64) *ListAccountsInput { 19435 s.MaxResults = &v 19436 return s 19437} 19438 19439// SetNextToken sets the NextToken field's value. 19440func (s *ListAccountsInput) SetNextToken(v string) *ListAccountsInput { 19441 s.NextToken = &v 19442 return s 19443} 19444 19445type ListAccountsOutput struct { 19446 _ struct{} `type:"structure"` 19447 19448 // A list of objects in the organization. 19449 Accounts []*Account `type:"list"` 19450 19451 // If present, indicates that more output is available than is included in the 19452 // current response. Use this value in the NextToken request parameter in a 19453 // subsequent call to the operation to get the next part of the output. You 19454 // should repeat this until the NextToken response element comes back as null. 19455 NextToken *string `type:"string"` 19456} 19457 19458// String returns the string representation 19459func (s ListAccountsOutput) String() string { 19460 return awsutil.Prettify(s) 19461} 19462 19463// GoString returns the string representation 19464func (s ListAccountsOutput) GoString() string { 19465 return s.String() 19466} 19467 19468// SetAccounts sets the Accounts field's value. 19469func (s *ListAccountsOutput) SetAccounts(v []*Account) *ListAccountsOutput { 19470 s.Accounts = v 19471 return s 19472} 19473 19474// SetNextToken sets the NextToken field's value. 19475func (s *ListAccountsOutput) SetNextToken(v string) *ListAccountsOutput { 19476 s.NextToken = &v 19477 return s 19478} 19479 19480type ListChildrenInput struct { 19481 _ struct{} `type:"structure"` 19482 19483 // Filters the output to include only the specified child type. 19484 // 19485 // ChildType is a required field 19486 ChildType *string `type:"string" required:"true" enum:"ChildType"` 19487 19488 // The total number of results that you want included on each page of the response. 19489 // If you do not include this parameter, it defaults to a value that is specific 19490 // to the operation. If additional items exist beyond the maximum you specify, 19491 // the NextToken response element is present and has a value (is not null). 19492 // Include that value as the NextToken request parameter in the next call to 19493 // the operation to get the next part of the results. Note that Organizations 19494 // might return fewer results than the maximum even when there are more results 19495 // available. You should check NextToken after every operation to ensure that 19496 // you receive all of the results. 19497 MaxResults *int64 `min:"1" type:"integer"` 19498 19499 // The parameter for receiving additional results if you receive a NextToken 19500 // response in a previous request. A NextToken response indicates that more 19501 // output is available. Set this parameter to the value of the previous call's 19502 // NextToken response to indicate where the output should continue from. 19503 NextToken *string `type:"string"` 19504 19505 // The unique identifier (ID) for the parent root or OU whose children you want 19506 // to list. 19507 // 19508 // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string 19509 // requires one of the following: 19510 // 19511 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 19512 // letters or digits. 19513 // 19514 // * Organizational unit (OU) - A string that begins with "ou-" followed 19515 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 19516 // OU is in). This string is followed by a second "-" dash and from 8 to 19517 // 32 additional lowercase letters or digits. 19518 // 19519 // ParentId is a required field 19520 ParentId *string `type:"string" required:"true"` 19521} 19522 19523// String returns the string representation 19524func (s ListChildrenInput) String() string { 19525 return awsutil.Prettify(s) 19526} 19527 19528// GoString returns the string representation 19529func (s ListChildrenInput) GoString() string { 19530 return s.String() 19531} 19532 19533// Validate inspects the fields of the type to determine if they are valid. 19534func (s *ListChildrenInput) Validate() error { 19535 invalidParams := request.ErrInvalidParams{Context: "ListChildrenInput"} 19536 if s.ChildType == nil { 19537 invalidParams.Add(request.NewErrParamRequired("ChildType")) 19538 } 19539 if s.MaxResults != nil && *s.MaxResults < 1 { 19540 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 19541 } 19542 if s.ParentId == nil { 19543 invalidParams.Add(request.NewErrParamRequired("ParentId")) 19544 } 19545 19546 if invalidParams.Len() > 0 { 19547 return invalidParams 19548 } 19549 return nil 19550} 19551 19552// SetChildType sets the ChildType field's value. 19553func (s *ListChildrenInput) SetChildType(v string) *ListChildrenInput { 19554 s.ChildType = &v 19555 return s 19556} 19557 19558// SetMaxResults sets the MaxResults field's value. 19559func (s *ListChildrenInput) SetMaxResults(v int64) *ListChildrenInput { 19560 s.MaxResults = &v 19561 return s 19562} 19563 19564// SetNextToken sets the NextToken field's value. 19565func (s *ListChildrenInput) SetNextToken(v string) *ListChildrenInput { 19566 s.NextToken = &v 19567 return s 19568} 19569 19570// SetParentId sets the ParentId field's value. 19571func (s *ListChildrenInput) SetParentId(v string) *ListChildrenInput { 19572 s.ParentId = &v 19573 return s 19574} 19575 19576type ListChildrenOutput struct { 19577 _ struct{} `type:"structure"` 19578 19579 // The list of children of the specified parent container. 19580 Children []*Child `type:"list"` 19581 19582 // If present, indicates that more output is available than is included in the 19583 // current response. Use this value in the NextToken request parameter in a 19584 // subsequent call to the operation to get the next part of the output. You 19585 // should repeat this until the NextToken response element comes back as null. 19586 NextToken *string `type:"string"` 19587} 19588 19589// String returns the string representation 19590func (s ListChildrenOutput) String() string { 19591 return awsutil.Prettify(s) 19592} 19593 19594// GoString returns the string representation 19595func (s ListChildrenOutput) GoString() string { 19596 return s.String() 19597} 19598 19599// SetChildren sets the Children field's value. 19600func (s *ListChildrenOutput) SetChildren(v []*Child) *ListChildrenOutput { 19601 s.Children = v 19602 return s 19603} 19604 19605// SetNextToken sets the NextToken field's value. 19606func (s *ListChildrenOutput) SetNextToken(v string) *ListChildrenOutput { 19607 s.NextToken = &v 19608 return s 19609} 19610 19611type ListCreateAccountStatusInput struct { 19612 _ struct{} `type:"structure"` 19613 19614 // The total number of results that you want included on each page of the response. 19615 // If you do not include this parameter, it defaults to a value that is specific 19616 // to the operation. If additional items exist beyond the maximum you specify, 19617 // the NextToken response element is present and has a value (is not null). 19618 // Include that value as the NextToken request parameter in the next call to 19619 // the operation to get the next part of the results. Note that Organizations 19620 // might return fewer results than the maximum even when there are more results 19621 // available. You should check NextToken after every operation to ensure that 19622 // you receive all of the results. 19623 MaxResults *int64 `min:"1" type:"integer"` 19624 19625 // The parameter for receiving additional results if you receive a NextToken 19626 // response in a previous request. A NextToken response indicates that more 19627 // output is available. Set this parameter to the value of the previous call's 19628 // NextToken response to indicate where the output should continue from. 19629 NextToken *string `type:"string"` 19630 19631 // A list of one or more states that you want included in the response. If this 19632 // parameter isn't present, all requests are included in the response. 19633 States []*string `type:"list"` 19634} 19635 19636// String returns the string representation 19637func (s ListCreateAccountStatusInput) String() string { 19638 return awsutil.Prettify(s) 19639} 19640 19641// GoString returns the string representation 19642func (s ListCreateAccountStatusInput) GoString() string { 19643 return s.String() 19644} 19645 19646// Validate inspects the fields of the type to determine if they are valid. 19647func (s *ListCreateAccountStatusInput) Validate() error { 19648 invalidParams := request.ErrInvalidParams{Context: "ListCreateAccountStatusInput"} 19649 if s.MaxResults != nil && *s.MaxResults < 1 { 19650 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 19651 } 19652 19653 if invalidParams.Len() > 0 { 19654 return invalidParams 19655 } 19656 return nil 19657} 19658 19659// SetMaxResults sets the MaxResults field's value. 19660func (s *ListCreateAccountStatusInput) SetMaxResults(v int64) *ListCreateAccountStatusInput { 19661 s.MaxResults = &v 19662 return s 19663} 19664 19665// SetNextToken sets the NextToken field's value. 19666func (s *ListCreateAccountStatusInput) SetNextToken(v string) *ListCreateAccountStatusInput { 19667 s.NextToken = &v 19668 return s 19669} 19670 19671// SetStates sets the States field's value. 19672func (s *ListCreateAccountStatusInput) SetStates(v []*string) *ListCreateAccountStatusInput { 19673 s.States = v 19674 return s 19675} 19676 19677type ListCreateAccountStatusOutput struct { 19678 _ struct{} `type:"structure"` 19679 19680 // A list of objects with details about the requests. Certain elements, such 19681 // as the accountId number, are present in the output only after the account 19682 // has been successfully created. 19683 CreateAccountStatuses []*CreateAccountStatus `type:"list"` 19684 19685 // If present, indicates that more output is available than is included in the 19686 // current response. Use this value in the NextToken request parameter in a 19687 // subsequent call to the operation to get the next part of the output. You 19688 // should repeat this until the NextToken response element comes back as null. 19689 NextToken *string `type:"string"` 19690} 19691 19692// String returns the string representation 19693func (s ListCreateAccountStatusOutput) String() string { 19694 return awsutil.Prettify(s) 19695} 19696 19697// GoString returns the string representation 19698func (s ListCreateAccountStatusOutput) GoString() string { 19699 return s.String() 19700} 19701 19702// SetCreateAccountStatuses sets the CreateAccountStatuses field's value. 19703func (s *ListCreateAccountStatusOutput) SetCreateAccountStatuses(v []*CreateAccountStatus) *ListCreateAccountStatusOutput { 19704 s.CreateAccountStatuses = v 19705 return s 19706} 19707 19708// SetNextToken sets the NextToken field's value. 19709func (s *ListCreateAccountStatusOutput) SetNextToken(v string) *ListCreateAccountStatusOutput { 19710 s.NextToken = &v 19711 return s 19712} 19713 19714type ListDelegatedAdministratorsInput struct { 19715 _ struct{} `type:"structure"` 19716 19717 // The total number of results that you want included on each page of the response. 19718 // If you do not include this parameter, it defaults to a value that is specific 19719 // to the operation. If additional items exist beyond the maximum you specify, 19720 // the NextToken response element is present and has a value (is not null). 19721 // Include that value as the NextToken request parameter in the next call to 19722 // the operation to get the next part of the results. Note that Organizations 19723 // might return fewer results than the maximum even when there are more results 19724 // available. You should check NextToken after every operation to ensure that 19725 // you receive all of the results. 19726 MaxResults *int64 `min:"1" type:"integer"` 19727 19728 // The parameter for receiving additional results if you receive a NextToken 19729 // response in a previous request. A NextToken response indicates that more 19730 // output is available. Set this parameter to the value of the previous call's 19731 // NextToken response to indicate where the output should continue from. 19732 NextToken *string `type:"string"` 19733 19734 // Specifies a service principal name. If specified, then the operation lists 19735 // the delegated administrators only for the specified service. 19736 // 19737 // If you don't specify a service principal, the operation lists all delegated 19738 // administrators for all services in your organization. 19739 ServicePrincipal *string `min:"1" type:"string"` 19740} 19741 19742// String returns the string representation 19743func (s ListDelegatedAdministratorsInput) String() string { 19744 return awsutil.Prettify(s) 19745} 19746 19747// GoString returns the string representation 19748func (s ListDelegatedAdministratorsInput) GoString() string { 19749 return s.String() 19750} 19751 19752// Validate inspects the fields of the type to determine if they are valid. 19753func (s *ListDelegatedAdministratorsInput) Validate() error { 19754 invalidParams := request.ErrInvalidParams{Context: "ListDelegatedAdministratorsInput"} 19755 if s.MaxResults != nil && *s.MaxResults < 1 { 19756 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 19757 } 19758 if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 { 19759 invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1)) 19760 } 19761 19762 if invalidParams.Len() > 0 { 19763 return invalidParams 19764 } 19765 return nil 19766} 19767 19768// SetMaxResults sets the MaxResults field's value. 19769func (s *ListDelegatedAdministratorsInput) SetMaxResults(v int64) *ListDelegatedAdministratorsInput { 19770 s.MaxResults = &v 19771 return s 19772} 19773 19774// SetNextToken sets the NextToken field's value. 19775func (s *ListDelegatedAdministratorsInput) SetNextToken(v string) *ListDelegatedAdministratorsInput { 19776 s.NextToken = &v 19777 return s 19778} 19779 19780// SetServicePrincipal sets the ServicePrincipal field's value. 19781func (s *ListDelegatedAdministratorsInput) SetServicePrincipal(v string) *ListDelegatedAdministratorsInput { 19782 s.ServicePrincipal = &v 19783 return s 19784} 19785 19786type ListDelegatedAdministratorsOutput struct { 19787 _ struct{} `type:"structure"` 19788 19789 // The list of delegated administrators in your organization. 19790 DelegatedAdministrators []*DelegatedAdministrator `type:"list"` 19791 19792 // If present, indicates that more output is available than is included in the 19793 // current response. Use this value in the NextToken request parameter in a 19794 // subsequent call to the operation to get the next part of the output. You 19795 // should repeat this until the NextToken response element comes back as null. 19796 NextToken *string `type:"string"` 19797} 19798 19799// String returns the string representation 19800func (s ListDelegatedAdministratorsOutput) String() string { 19801 return awsutil.Prettify(s) 19802} 19803 19804// GoString returns the string representation 19805func (s ListDelegatedAdministratorsOutput) GoString() string { 19806 return s.String() 19807} 19808 19809// SetDelegatedAdministrators sets the DelegatedAdministrators field's value. 19810func (s *ListDelegatedAdministratorsOutput) SetDelegatedAdministrators(v []*DelegatedAdministrator) *ListDelegatedAdministratorsOutput { 19811 s.DelegatedAdministrators = v 19812 return s 19813} 19814 19815// SetNextToken sets the NextToken field's value. 19816func (s *ListDelegatedAdministratorsOutput) SetNextToken(v string) *ListDelegatedAdministratorsOutput { 19817 s.NextToken = &v 19818 return s 19819} 19820 19821type ListDelegatedServicesForAccountInput struct { 19822 _ struct{} `type:"structure"` 19823 19824 // The account ID number of a delegated administrator account in the organization. 19825 // 19826 // AccountId is a required field 19827 AccountId *string `type:"string" required:"true"` 19828 19829 // The total number of results that you want included on each page of the response. 19830 // If you do not include this parameter, it defaults to a value that is specific 19831 // to the operation. If additional items exist beyond the maximum you specify, 19832 // the NextToken response element is present and has a value (is not null). 19833 // Include that value as the NextToken request parameter in the next call to 19834 // the operation to get the next part of the results. Note that Organizations 19835 // might return fewer results than the maximum even when there are more results 19836 // available. You should check NextToken after every operation to ensure that 19837 // you receive all of the results. 19838 MaxResults *int64 `min:"1" type:"integer"` 19839 19840 // The parameter for receiving additional results if you receive a NextToken 19841 // response in a previous request. A NextToken response indicates that more 19842 // output is available. Set this parameter to the value of the previous call's 19843 // NextToken response to indicate where the output should continue from. 19844 NextToken *string `type:"string"` 19845} 19846 19847// String returns the string representation 19848func (s ListDelegatedServicesForAccountInput) String() string { 19849 return awsutil.Prettify(s) 19850} 19851 19852// GoString returns the string representation 19853func (s ListDelegatedServicesForAccountInput) GoString() string { 19854 return s.String() 19855} 19856 19857// Validate inspects the fields of the type to determine if they are valid. 19858func (s *ListDelegatedServicesForAccountInput) Validate() error { 19859 invalidParams := request.ErrInvalidParams{Context: "ListDelegatedServicesForAccountInput"} 19860 if s.AccountId == nil { 19861 invalidParams.Add(request.NewErrParamRequired("AccountId")) 19862 } 19863 if s.MaxResults != nil && *s.MaxResults < 1 { 19864 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 19865 } 19866 19867 if invalidParams.Len() > 0 { 19868 return invalidParams 19869 } 19870 return nil 19871} 19872 19873// SetAccountId sets the AccountId field's value. 19874func (s *ListDelegatedServicesForAccountInput) SetAccountId(v string) *ListDelegatedServicesForAccountInput { 19875 s.AccountId = &v 19876 return s 19877} 19878 19879// SetMaxResults sets the MaxResults field's value. 19880func (s *ListDelegatedServicesForAccountInput) SetMaxResults(v int64) *ListDelegatedServicesForAccountInput { 19881 s.MaxResults = &v 19882 return s 19883} 19884 19885// SetNextToken sets the NextToken field's value. 19886func (s *ListDelegatedServicesForAccountInput) SetNextToken(v string) *ListDelegatedServicesForAccountInput { 19887 s.NextToken = &v 19888 return s 19889} 19890 19891type ListDelegatedServicesForAccountOutput struct { 19892 _ struct{} `type:"structure"` 19893 19894 // The services for which the account is a delegated administrator. 19895 DelegatedServices []*DelegatedService `type:"list"` 19896 19897 // If present, indicates that more output is available than is included in the 19898 // current response. Use this value in the NextToken request parameter in a 19899 // subsequent call to the operation to get the next part of the output. You 19900 // should repeat this until the NextToken response element comes back as null. 19901 NextToken *string `type:"string"` 19902} 19903 19904// String returns the string representation 19905func (s ListDelegatedServicesForAccountOutput) String() string { 19906 return awsutil.Prettify(s) 19907} 19908 19909// GoString returns the string representation 19910func (s ListDelegatedServicesForAccountOutput) GoString() string { 19911 return s.String() 19912} 19913 19914// SetDelegatedServices sets the DelegatedServices field's value. 19915func (s *ListDelegatedServicesForAccountOutput) SetDelegatedServices(v []*DelegatedService) *ListDelegatedServicesForAccountOutput { 19916 s.DelegatedServices = v 19917 return s 19918} 19919 19920// SetNextToken sets the NextToken field's value. 19921func (s *ListDelegatedServicesForAccountOutput) SetNextToken(v string) *ListDelegatedServicesForAccountOutput { 19922 s.NextToken = &v 19923 return s 19924} 19925 19926type ListHandshakesForAccountInput struct { 19927 _ struct{} `type:"structure"` 19928 19929 // Filters the handshakes that you want included in the response. The default 19930 // is all types. Use the ActionType element to limit the output to only a specified 19931 // type, such as INVITE, ENABLE_ALL_FEATURES, or APPROVE_ALL_FEATURES. Alternatively, 19932 // for the ENABLE_ALL_FEATURES handshake that generates a separate child handshake 19933 // for each member account, you can specify ParentHandshakeId to see only the 19934 // handshakes that were generated by that parent request. 19935 Filter *HandshakeFilter `type:"structure"` 19936 19937 // The total number of results that you want included on each page of the response. 19938 // If you do not include this parameter, it defaults to a value that is specific 19939 // to the operation. If additional items exist beyond the maximum you specify, 19940 // the NextToken response element is present and has a value (is not null). 19941 // Include that value as the NextToken request parameter in the next call to 19942 // the operation to get the next part of the results. Note that Organizations 19943 // might return fewer results than the maximum even when there are more results 19944 // available. You should check NextToken after every operation to ensure that 19945 // you receive all of the results. 19946 MaxResults *int64 `min:"1" type:"integer"` 19947 19948 // The parameter for receiving additional results if you receive a NextToken 19949 // response in a previous request. A NextToken response indicates that more 19950 // output is available. Set this parameter to the value of the previous call's 19951 // NextToken response to indicate where the output should continue from. 19952 NextToken *string `type:"string"` 19953} 19954 19955// String returns the string representation 19956func (s ListHandshakesForAccountInput) String() string { 19957 return awsutil.Prettify(s) 19958} 19959 19960// GoString returns the string representation 19961func (s ListHandshakesForAccountInput) GoString() string { 19962 return s.String() 19963} 19964 19965// Validate inspects the fields of the type to determine if they are valid. 19966func (s *ListHandshakesForAccountInput) Validate() error { 19967 invalidParams := request.ErrInvalidParams{Context: "ListHandshakesForAccountInput"} 19968 if s.MaxResults != nil && *s.MaxResults < 1 { 19969 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 19970 } 19971 19972 if invalidParams.Len() > 0 { 19973 return invalidParams 19974 } 19975 return nil 19976} 19977 19978// SetFilter sets the Filter field's value. 19979func (s *ListHandshakesForAccountInput) SetFilter(v *HandshakeFilter) *ListHandshakesForAccountInput { 19980 s.Filter = v 19981 return s 19982} 19983 19984// SetMaxResults sets the MaxResults field's value. 19985func (s *ListHandshakesForAccountInput) SetMaxResults(v int64) *ListHandshakesForAccountInput { 19986 s.MaxResults = &v 19987 return s 19988} 19989 19990// SetNextToken sets the NextToken field's value. 19991func (s *ListHandshakesForAccountInput) SetNextToken(v string) *ListHandshakesForAccountInput { 19992 s.NextToken = &v 19993 return s 19994} 19995 19996type ListHandshakesForAccountOutput struct { 19997 _ struct{} `type:"structure"` 19998 19999 // A list of Handshake objects with details about each of the handshakes that 20000 // is associated with the specified account. 20001 Handshakes []*Handshake `type:"list"` 20002 20003 // If present, indicates that more output is available than is included in the 20004 // current response. Use this value in the NextToken request parameter in a 20005 // subsequent call to the operation to get the next part of the output. You 20006 // should repeat this until the NextToken response element comes back as null. 20007 NextToken *string `type:"string"` 20008} 20009 20010// String returns the string representation 20011func (s ListHandshakesForAccountOutput) String() string { 20012 return awsutil.Prettify(s) 20013} 20014 20015// GoString returns the string representation 20016func (s ListHandshakesForAccountOutput) GoString() string { 20017 return s.String() 20018} 20019 20020// SetHandshakes sets the Handshakes field's value. 20021func (s *ListHandshakesForAccountOutput) SetHandshakes(v []*Handshake) *ListHandshakesForAccountOutput { 20022 s.Handshakes = v 20023 return s 20024} 20025 20026// SetNextToken sets the NextToken field's value. 20027func (s *ListHandshakesForAccountOutput) SetNextToken(v string) *ListHandshakesForAccountOutput { 20028 s.NextToken = &v 20029 return s 20030} 20031 20032type ListHandshakesForOrganizationInput struct { 20033 _ struct{} `type:"structure"` 20034 20035 // A filter of the handshakes that you want included in the response. The default 20036 // is all types. Use the ActionType element to limit the output to only a specified 20037 // type, such as INVITE, ENABLE-ALL-FEATURES, or APPROVE-ALL-FEATURES. Alternatively, 20038 // for the ENABLE-ALL-FEATURES handshake that generates a separate child handshake 20039 // for each member account, you can specify the ParentHandshakeId to see only 20040 // the handshakes that were generated by that parent request. 20041 Filter *HandshakeFilter `type:"structure"` 20042 20043 // The total number of results that you want included on each page of the response. 20044 // If you do not include this parameter, it defaults to a value that is specific 20045 // to the operation. If additional items exist beyond the maximum you specify, 20046 // the NextToken response element is present and has a value (is not null). 20047 // Include that value as the NextToken request parameter in the next call to 20048 // the operation to get the next part of the results. Note that Organizations 20049 // might return fewer results than the maximum even when there are more results 20050 // available. You should check NextToken after every operation to ensure that 20051 // you receive all of the results. 20052 MaxResults *int64 `min:"1" type:"integer"` 20053 20054 // The parameter for receiving additional results if you receive a NextToken 20055 // response in a previous request. A NextToken response indicates that more 20056 // output is available. Set this parameter to the value of the previous call's 20057 // NextToken response to indicate where the output should continue from. 20058 NextToken *string `type:"string"` 20059} 20060 20061// String returns the string representation 20062func (s ListHandshakesForOrganizationInput) String() string { 20063 return awsutil.Prettify(s) 20064} 20065 20066// GoString returns the string representation 20067func (s ListHandshakesForOrganizationInput) GoString() string { 20068 return s.String() 20069} 20070 20071// Validate inspects the fields of the type to determine if they are valid. 20072func (s *ListHandshakesForOrganizationInput) Validate() error { 20073 invalidParams := request.ErrInvalidParams{Context: "ListHandshakesForOrganizationInput"} 20074 if s.MaxResults != nil && *s.MaxResults < 1 { 20075 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 20076 } 20077 20078 if invalidParams.Len() > 0 { 20079 return invalidParams 20080 } 20081 return nil 20082} 20083 20084// SetFilter sets the Filter field's value. 20085func (s *ListHandshakesForOrganizationInput) SetFilter(v *HandshakeFilter) *ListHandshakesForOrganizationInput { 20086 s.Filter = v 20087 return s 20088} 20089 20090// SetMaxResults sets the MaxResults field's value. 20091func (s *ListHandshakesForOrganizationInput) SetMaxResults(v int64) *ListHandshakesForOrganizationInput { 20092 s.MaxResults = &v 20093 return s 20094} 20095 20096// SetNextToken sets the NextToken field's value. 20097func (s *ListHandshakesForOrganizationInput) SetNextToken(v string) *ListHandshakesForOrganizationInput { 20098 s.NextToken = &v 20099 return s 20100} 20101 20102type ListHandshakesForOrganizationOutput struct { 20103 _ struct{} `type:"structure"` 20104 20105 // A list of Handshake objects with details about each of the handshakes that 20106 // are associated with an organization. 20107 Handshakes []*Handshake `type:"list"` 20108 20109 // If present, indicates that more output is available than is included in the 20110 // current response. Use this value in the NextToken request parameter in a 20111 // subsequent call to the operation to get the next part of the output. You 20112 // should repeat this until the NextToken response element comes back as null. 20113 NextToken *string `type:"string"` 20114} 20115 20116// String returns the string representation 20117func (s ListHandshakesForOrganizationOutput) String() string { 20118 return awsutil.Prettify(s) 20119} 20120 20121// GoString returns the string representation 20122func (s ListHandshakesForOrganizationOutput) GoString() string { 20123 return s.String() 20124} 20125 20126// SetHandshakes sets the Handshakes field's value. 20127func (s *ListHandshakesForOrganizationOutput) SetHandshakes(v []*Handshake) *ListHandshakesForOrganizationOutput { 20128 s.Handshakes = v 20129 return s 20130} 20131 20132// SetNextToken sets the NextToken field's value. 20133func (s *ListHandshakesForOrganizationOutput) SetNextToken(v string) *ListHandshakesForOrganizationOutput { 20134 s.NextToken = &v 20135 return s 20136} 20137 20138type ListOrganizationalUnitsForParentInput struct { 20139 _ struct{} `type:"structure"` 20140 20141 // The total number of results that you want included on each page of the response. 20142 // If you do not include this parameter, it defaults to a value that is specific 20143 // to the operation. If additional items exist beyond the maximum you specify, 20144 // the NextToken response element is present and has a value (is not null). 20145 // Include that value as the NextToken request parameter in the next call to 20146 // the operation to get the next part of the results. Note that Organizations 20147 // might return fewer results than the maximum even when there are more results 20148 // available. You should check NextToken after every operation to ensure that 20149 // you receive all of the results. 20150 MaxResults *int64 `min:"1" type:"integer"` 20151 20152 // The parameter for receiving additional results if you receive a NextToken 20153 // response in a previous request. A NextToken response indicates that more 20154 // output is available. Set this parameter to the value of the previous call's 20155 // NextToken response to indicate where the output should continue from. 20156 NextToken *string `type:"string"` 20157 20158 // The unique identifier (ID) of the root or OU whose child OUs you want to 20159 // list. 20160 // 20161 // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string 20162 // requires one of the following: 20163 // 20164 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 20165 // letters or digits. 20166 // 20167 // * Organizational unit (OU) - A string that begins with "ou-" followed 20168 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 20169 // OU is in). This string is followed by a second "-" dash and from 8 to 20170 // 32 additional lowercase letters or digits. 20171 // 20172 // ParentId is a required field 20173 ParentId *string `type:"string" required:"true"` 20174} 20175 20176// String returns the string representation 20177func (s ListOrganizationalUnitsForParentInput) String() string { 20178 return awsutil.Prettify(s) 20179} 20180 20181// GoString returns the string representation 20182func (s ListOrganizationalUnitsForParentInput) GoString() string { 20183 return s.String() 20184} 20185 20186// Validate inspects the fields of the type to determine if they are valid. 20187func (s *ListOrganizationalUnitsForParentInput) Validate() error { 20188 invalidParams := request.ErrInvalidParams{Context: "ListOrganizationalUnitsForParentInput"} 20189 if s.MaxResults != nil && *s.MaxResults < 1 { 20190 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 20191 } 20192 if s.ParentId == nil { 20193 invalidParams.Add(request.NewErrParamRequired("ParentId")) 20194 } 20195 20196 if invalidParams.Len() > 0 { 20197 return invalidParams 20198 } 20199 return nil 20200} 20201 20202// SetMaxResults sets the MaxResults field's value. 20203func (s *ListOrganizationalUnitsForParentInput) SetMaxResults(v int64) *ListOrganizationalUnitsForParentInput { 20204 s.MaxResults = &v 20205 return s 20206} 20207 20208// SetNextToken sets the NextToken field's value. 20209func (s *ListOrganizationalUnitsForParentInput) SetNextToken(v string) *ListOrganizationalUnitsForParentInput { 20210 s.NextToken = &v 20211 return s 20212} 20213 20214// SetParentId sets the ParentId field's value. 20215func (s *ListOrganizationalUnitsForParentInput) SetParentId(v string) *ListOrganizationalUnitsForParentInput { 20216 s.ParentId = &v 20217 return s 20218} 20219 20220type ListOrganizationalUnitsForParentOutput struct { 20221 _ struct{} `type:"structure"` 20222 20223 // If present, indicates that more output is available than is included in the 20224 // current response. Use this value in the NextToken request parameter in a 20225 // subsequent call to the operation to get the next part of the output. You 20226 // should repeat this until the NextToken response element comes back as null. 20227 NextToken *string `type:"string"` 20228 20229 // A list of the OUs in the specified root or parent OU. 20230 OrganizationalUnits []*OrganizationalUnit `type:"list"` 20231} 20232 20233// String returns the string representation 20234func (s ListOrganizationalUnitsForParentOutput) String() string { 20235 return awsutil.Prettify(s) 20236} 20237 20238// GoString returns the string representation 20239func (s ListOrganizationalUnitsForParentOutput) GoString() string { 20240 return s.String() 20241} 20242 20243// SetNextToken sets the NextToken field's value. 20244func (s *ListOrganizationalUnitsForParentOutput) SetNextToken(v string) *ListOrganizationalUnitsForParentOutput { 20245 s.NextToken = &v 20246 return s 20247} 20248 20249// SetOrganizationalUnits sets the OrganizationalUnits field's value. 20250func (s *ListOrganizationalUnitsForParentOutput) SetOrganizationalUnits(v []*OrganizationalUnit) *ListOrganizationalUnitsForParentOutput { 20251 s.OrganizationalUnits = v 20252 return s 20253} 20254 20255type ListParentsInput struct { 20256 _ struct{} `type:"structure"` 20257 20258 // The unique identifier (ID) of the OU or account whose parent containers you 20259 // want to list. Don't specify a root. 20260 // 20261 // The regex pattern (http://wikipedia.org/wiki/regex) for a child ID string 20262 // requires one of the following: 20263 // 20264 // * Account - A string that consists of exactly 12 digits. 20265 // 20266 // * Organizational unit (OU) - A string that begins with "ou-" followed 20267 // by from 4 to 32 lowercase letters or digits (the ID of the root that contains 20268 // the OU). This string is followed by a second "-" dash and from 8 to 32 20269 // additional lowercase letters or digits. 20270 // 20271 // ChildId is a required field 20272 ChildId *string `type:"string" required:"true"` 20273 20274 // The total number of results that you want included on each page of the response. 20275 // If you do not include this parameter, it defaults to a value that is specific 20276 // to the operation. If additional items exist beyond the maximum you specify, 20277 // the NextToken response element is present and has a value (is not null). 20278 // Include that value as the NextToken request parameter in the next call to 20279 // the operation to get the next part of the results. Note that Organizations 20280 // might return fewer results than the maximum even when there are more results 20281 // available. You should check NextToken after every operation to ensure that 20282 // you receive all of the results. 20283 MaxResults *int64 `min:"1" type:"integer"` 20284 20285 // The parameter for receiving additional results if you receive a NextToken 20286 // response in a previous request. A NextToken response indicates that more 20287 // output is available. Set this parameter to the value of the previous call's 20288 // NextToken response to indicate where the output should continue from. 20289 NextToken *string `type:"string"` 20290} 20291 20292// String returns the string representation 20293func (s ListParentsInput) String() string { 20294 return awsutil.Prettify(s) 20295} 20296 20297// GoString returns the string representation 20298func (s ListParentsInput) GoString() string { 20299 return s.String() 20300} 20301 20302// Validate inspects the fields of the type to determine if they are valid. 20303func (s *ListParentsInput) Validate() error { 20304 invalidParams := request.ErrInvalidParams{Context: "ListParentsInput"} 20305 if s.ChildId == nil { 20306 invalidParams.Add(request.NewErrParamRequired("ChildId")) 20307 } 20308 if s.MaxResults != nil && *s.MaxResults < 1 { 20309 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 20310 } 20311 20312 if invalidParams.Len() > 0 { 20313 return invalidParams 20314 } 20315 return nil 20316} 20317 20318// SetChildId sets the ChildId field's value. 20319func (s *ListParentsInput) SetChildId(v string) *ListParentsInput { 20320 s.ChildId = &v 20321 return s 20322} 20323 20324// SetMaxResults sets the MaxResults field's value. 20325func (s *ListParentsInput) SetMaxResults(v int64) *ListParentsInput { 20326 s.MaxResults = &v 20327 return s 20328} 20329 20330// SetNextToken sets the NextToken field's value. 20331func (s *ListParentsInput) SetNextToken(v string) *ListParentsInput { 20332 s.NextToken = &v 20333 return s 20334} 20335 20336type ListParentsOutput struct { 20337 _ struct{} `type:"structure"` 20338 20339 // If present, indicates that more output is available than is included in the 20340 // current response. Use this value in the NextToken request parameter in a 20341 // subsequent call to the operation to get the next part of the output. You 20342 // should repeat this until the NextToken response element comes back as null. 20343 NextToken *string `type:"string"` 20344 20345 // A list of parents for the specified child account or OU. 20346 Parents []*Parent `type:"list"` 20347} 20348 20349// String returns the string representation 20350func (s ListParentsOutput) String() string { 20351 return awsutil.Prettify(s) 20352} 20353 20354// GoString returns the string representation 20355func (s ListParentsOutput) GoString() string { 20356 return s.String() 20357} 20358 20359// SetNextToken sets the NextToken field's value. 20360func (s *ListParentsOutput) SetNextToken(v string) *ListParentsOutput { 20361 s.NextToken = &v 20362 return s 20363} 20364 20365// SetParents sets the Parents field's value. 20366func (s *ListParentsOutput) SetParents(v []*Parent) *ListParentsOutput { 20367 s.Parents = v 20368 return s 20369} 20370 20371type ListPoliciesForTargetInput struct { 20372 _ struct{} `type:"structure"` 20373 20374 // The type of policy that you want to include in the returned list. You must 20375 // specify one of the following values: 20376 // 20377 // * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html) 20378 // 20379 // * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html) 20380 // 20381 // * SERVICE_CONTROL_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html) 20382 // 20383 // * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html) 20384 // 20385 // Filter is a required field 20386 Filter *string `type:"string" required:"true" enum:"PolicyType"` 20387 20388 // The total number of results that you want included on each page of the response. 20389 // If you do not include this parameter, it defaults to a value that is specific 20390 // to the operation. If additional items exist beyond the maximum you specify, 20391 // the NextToken response element is present and has a value (is not null). 20392 // Include that value as the NextToken request parameter in the next call to 20393 // the operation to get the next part of the results. Note that Organizations 20394 // might return fewer results than the maximum even when there are more results 20395 // available. You should check NextToken after every operation to ensure that 20396 // you receive all of the results. 20397 MaxResults *int64 `min:"1" type:"integer"` 20398 20399 // The parameter for receiving additional results if you receive a NextToken 20400 // response in a previous request. A NextToken response indicates that more 20401 // output is available. Set this parameter to the value of the previous call's 20402 // NextToken response to indicate where the output should continue from. 20403 NextToken *string `type:"string"` 20404 20405 // The unique identifier (ID) of the root, organizational unit, or account whose 20406 // policies you want to list. 20407 // 20408 // The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string 20409 // requires one of the following: 20410 // 20411 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 20412 // letters or digits. 20413 // 20414 // * Account - A string that consists of exactly 12 digits. 20415 // 20416 // * Organizational unit (OU) - A string that begins with "ou-" followed 20417 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 20418 // OU is in). This string is followed by a second "-" dash and from 8 to 20419 // 32 additional lowercase letters or digits. 20420 // 20421 // TargetId is a required field 20422 TargetId *string `type:"string" required:"true"` 20423} 20424 20425// String returns the string representation 20426func (s ListPoliciesForTargetInput) String() string { 20427 return awsutil.Prettify(s) 20428} 20429 20430// GoString returns the string representation 20431func (s ListPoliciesForTargetInput) GoString() string { 20432 return s.String() 20433} 20434 20435// Validate inspects the fields of the type to determine if they are valid. 20436func (s *ListPoliciesForTargetInput) Validate() error { 20437 invalidParams := request.ErrInvalidParams{Context: "ListPoliciesForTargetInput"} 20438 if s.Filter == nil { 20439 invalidParams.Add(request.NewErrParamRequired("Filter")) 20440 } 20441 if s.MaxResults != nil && *s.MaxResults < 1 { 20442 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 20443 } 20444 if s.TargetId == nil { 20445 invalidParams.Add(request.NewErrParamRequired("TargetId")) 20446 } 20447 20448 if invalidParams.Len() > 0 { 20449 return invalidParams 20450 } 20451 return nil 20452} 20453 20454// SetFilter sets the Filter field's value. 20455func (s *ListPoliciesForTargetInput) SetFilter(v string) *ListPoliciesForTargetInput { 20456 s.Filter = &v 20457 return s 20458} 20459 20460// SetMaxResults sets the MaxResults field's value. 20461func (s *ListPoliciesForTargetInput) SetMaxResults(v int64) *ListPoliciesForTargetInput { 20462 s.MaxResults = &v 20463 return s 20464} 20465 20466// SetNextToken sets the NextToken field's value. 20467func (s *ListPoliciesForTargetInput) SetNextToken(v string) *ListPoliciesForTargetInput { 20468 s.NextToken = &v 20469 return s 20470} 20471 20472// SetTargetId sets the TargetId field's value. 20473func (s *ListPoliciesForTargetInput) SetTargetId(v string) *ListPoliciesForTargetInput { 20474 s.TargetId = &v 20475 return s 20476} 20477 20478type ListPoliciesForTargetOutput struct { 20479 _ struct{} `type:"structure"` 20480 20481 // If present, indicates that more output is available than is included in the 20482 // current response. Use this value in the NextToken request parameter in a 20483 // subsequent call to the operation to get the next part of the output. You 20484 // should repeat this until the NextToken response element comes back as null. 20485 NextToken *string `type:"string"` 20486 20487 // The list of policies that match the criteria in the request. 20488 Policies []*PolicySummary `type:"list"` 20489} 20490 20491// String returns the string representation 20492func (s ListPoliciesForTargetOutput) String() string { 20493 return awsutil.Prettify(s) 20494} 20495 20496// GoString returns the string representation 20497func (s ListPoliciesForTargetOutput) GoString() string { 20498 return s.String() 20499} 20500 20501// SetNextToken sets the NextToken field's value. 20502func (s *ListPoliciesForTargetOutput) SetNextToken(v string) *ListPoliciesForTargetOutput { 20503 s.NextToken = &v 20504 return s 20505} 20506 20507// SetPolicies sets the Policies field's value. 20508func (s *ListPoliciesForTargetOutput) SetPolicies(v []*PolicySummary) *ListPoliciesForTargetOutput { 20509 s.Policies = v 20510 return s 20511} 20512 20513type ListPoliciesInput struct { 20514 _ struct{} `type:"structure"` 20515 20516 // Specifies the type of policy that you want to include in the response. You 20517 // must specify one of the following values: 20518 // 20519 // * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html) 20520 // 20521 // * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html) 20522 // 20523 // * SERVICE_CONTROL_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html) 20524 // 20525 // * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html) 20526 // 20527 // Filter is a required field 20528 Filter *string `type:"string" required:"true" enum:"PolicyType"` 20529 20530 // The total number of results that you want included on each page of the response. 20531 // If you do not include this parameter, it defaults to a value that is specific 20532 // to the operation. If additional items exist beyond the maximum you specify, 20533 // the NextToken response element is present and has a value (is not null). 20534 // Include that value as the NextToken request parameter in the next call to 20535 // the operation to get the next part of the results. Note that Organizations 20536 // might return fewer results than the maximum even when there are more results 20537 // available. You should check NextToken after every operation to ensure that 20538 // you receive all of the results. 20539 MaxResults *int64 `min:"1" type:"integer"` 20540 20541 // The parameter for receiving additional results if you receive a NextToken 20542 // response in a previous request. A NextToken response indicates that more 20543 // output is available. Set this parameter to the value of the previous call's 20544 // NextToken response to indicate where the output should continue from. 20545 NextToken *string `type:"string"` 20546} 20547 20548// String returns the string representation 20549func (s ListPoliciesInput) String() string { 20550 return awsutil.Prettify(s) 20551} 20552 20553// GoString returns the string representation 20554func (s ListPoliciesInput) GoString() string { 20555 return s.String() 20556} 20557 20558// Validate inspects the fields of the type to determine if they are valid. 20559func (s *ListPoliciesInput) Validate() error { 20560 invalidParams := request.ErrInvalidParams{Context: "ListPoliciesInput"} 20561 if s.Filter == nil { 20562 invalidParams.Add(request.NewErrParamRequired("Filter")) 20563 } 20564 if s.MaxResults != nil && *s.MaxResults < 1 { 20565 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 20566 } 20567 20568 if invalidParams.Len() > 0 { 20569 return invalidParams 20570 } 20571 return nil 20572} 20573 20574// SetFilter sets the Filter field's value. 20575func (s *ListPoliciesInput) SetFilter(v string) *ListPoliciesInput { 20576 s.Filter = &v 20577 return s 20578} 20579 20580// SetMaxResults sets the MaxResults field's value. 20581func (s *ListPoliciesInput) SetMaxResults(v int64) *ListPoliciesInput { 20582 s.MaxResults = &v 20583 return s 20584} 20585 20586// SetNextToken sets the NextToken field's value. 20587func (s *ListPoliciesInput) SetNextToken(v string) *ListPoliciesInput { 20588 s.NextToken = &v 20589 return s 20590} 20591 20592type ListPoliciesOutput struct { 20593 _ struct{} `type:"structure"` 20594 20595 // If present, indicates that more output is available than is included in the 20596 // current response. Use this value in the NextToken request parameter in a 20597 // subsequent call to the operation to get the next part of the output. You 20598 // should repeat this until the NextToken response element comes back as null. 20599 NextToken *string `type:"string"` 20600 20601 // A list of policies that match the filter criteria in the request. The output 20602 // list doesn't include the policy contents. To see the content for a policy, 20603 // see DescribePolicy. 20604 Policies []*PolicySummary `type:"list"` 20605} 20606 20607// String returns the string representation 20608func (s ListPoliciesOutput) String() string { 20609 return awsutil.Prettify(s) 20610} 20611 20612// GoString returns the string representation 20613func (s ListPoliciesOutput) GoString() string { 20614 return s.String() 20615} 20616 20617// SetNextToken sets the NextToken field's value. 20618func (s *ListPoliciesOutput) SetNextToken(v string) *ListPoliciesOutput { 20619 s.NextToken = &v 20620 return s 20621} 20622 20623// SetPolicies sets the Policies field's value. 20624func (s *ListPoliciesOutput) SetPolicies(v []*PolicySummary) *ListPoliciesOutput { 20625 s.Policies = v 20626 return s 20627} 20628 20629type ListRootsInput struct { 20630 _ struct{} `type:"structure"` 20631 20632 // The total number of results that you want included on each page of the response. 20633 // If you do not include this parameter, it defaults to a value that is specific 20634 // to the operation. If additional items exist beyond the maximum you specify, 20635 // the NextToken response element is present and has a value (is not null). 20636 // Include that value as the NextToken request parameter in the next call to 20637 // the operation to get the next part of the results. Note that Organizations 20638 // might return fewer results than the maximum even when there are more results 20639 // available. You should check NextToken after every operation to ensure that 20640 // you receive all of the results. 20641 MaxResults *int64 `min:"1" type:"integer"` 20642 20643 // The parameter for receiving additional results if you receive a NextToken 20644 // response in a previous request. A NextToken response indicates that more 20645 // output is available. Set this parameter to the value of the previous call's 20646 // NextToken response to indicate where the output should continue from. 20647 NextToken *string `type:"string"` 20648} 20649 20650// String returns the string representation 20651func (s ListRootsInput) String() string { 20652 return awsutil.Prettify(s) 20653} 20654 20655// GoString returns the string representation 20656func (s ListRootsInput) GoString() string { 20657 return s.String() 20658} 20659 20660// Validate inspects the fields of the type to determine if they are valid. 20661func (s *ListRootsInput) Validate() error { 20662 invalidParams := request.ErrInvalidParams{Context: "ListRootsInput"} 20663 if s.MaxResults != nil && *s.MaxResults < 1 { 20664 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 20665 } 20666 20667 if invalidParams.Len() > 0 { 20668 return invalidParams 20669 } 20670 return nil 20671} 20672 20673// SetMaxResults sets the MaxResults field's value. 20674func (s *ListRootsInput) SetMaxResults(v int64) *ListRootsInput { 20675 s.MaxResults = &v 20676 return s 20677} 20678 20679// SetNextToken sets the NextToken field's value. 20680func (s *ListRootsInput) SetNextToken(v string) *ListRootsInput { 20681 s.NextToken = &v 20682 return s 20683} 20684 20685type ListRootsOutput struct { 20686 _ struct{} `type:"structure"` 20687 20688 // If present, indicates that more output is available than is included in the 20689 // current response. Use this value in the NextToken request parameter in a 20690 // subsequent call to the operation to get the next part of the output. You 20691 // should repeat this until the NextToken response element comes back as null. 20692 NextToken *string `type:"string"` 20693 20694 // A list of roots that are defined in an organization. 20695 Roots []*Root `type:"list"` 20696} 20697 20698// String returns the string representation 20699func (s ListRootsOutput) String() string { 20700 return awsutil.Prettify(s) 20701} 20702 20703// GoString returns the string representation 20704func (s ListRootsOutput) GoString() string { 20705 return s.String() 20706} 20707 20708// SetNextToken sets the NextToken field's value. 20709func (s *ListRootsOutput) SetNextToken(v string) *ListRootsOutput { 20710 s.NextToken = &v 20711 return s 20712} 20713 20714// SetRoots sets the Roots field's value. 20715func (s *ListRootsOutput) SetRoots(v []*Root) *ListRootsOutput { 20716 s.Roots = v 20717 return s 20718} 20719 20720type ListTagsForResourceInput struct { 20721 _ struct{} `type:"structure"` 20722 20723 // The parameter for receiving additional results if you receive a NextToken 20724 // response in a previous request. A NextToken response indicates that more 20725 // output is available. Set this parameter to the value of the previous call's 20726 // NextToken response to indicate where the output should continue from. 20727 NextToken *string `type:"string"` 20728 20729 // The ID of the resource with the tags to list. 20730 // 20731 // You can specify any of the following taggable resources. 20732 // 20733 // * AWS account – specify the account ID number. 20734 // 20735 // * Organizational unit – specify the OU ID that begins with ou- and looks 20736 // similar to: ou-1a2b-34uvwxyz 20737 // 20738 // * Root – specify the root ID that begins with r- and looks similar to: 20739 // r-1a2b 20740 // 20741 // * Policy – specify the policy ID that begins with p- andlooks similar 20742 // to: p-12abcdefg3 20743 // 20744 // ResourceId is a required field 20745 ResourceId *string `type:"string" required:"true"` 20746} 20747 20748// String returns the string representation 20749func (s ListTagsForResourceInput) String() string { 20750 return awsutil.Prettify(s) 20751} 20752 20753// GoString returns the string representation 20754func (s ListTagsForResourceInput) GoString() string { 20755 return s.String() 20756} 20757 20758// Validate inspects the fields of the type to determine if they are valid. 20759func (s *ListTagsForResourceInput) Validate() error { 20760 invalidParams := request.ErrInvalidParams{Context: "ListTagsForResourceInput"} 20761 if s.ResourceId == nil { 20762 invalidParams.Add(request.NewErrParamRequired("ResourceId")) 20763 } 20764 20765 if invalidParams.Len() > 0 { 20766 return invalidParams 20767 } 20768 return nil 20769} 20770 20771// SetNextToken sets the NextToken field's value. 20772func (s *ListTagsForResourceInput) SetNextToken(v string) *ListTagsForResourceInput { 20773 s.NextToken = &v 20774 return s 20775} 20776 20777// SetResourceId sets the ResourceId field's value. 20778func (s *ListTagsForResourceInput) SetResourceId(v string) *ListTagsForResourceInput { 20779 s.ResourceId = &v 20780 return s 20781} 20782 20783type ListTagsForResourceOutput struct { 20784 _ struct{} `type:"structure"` 20785 20786 // If present, indicates that more output is available than is included in the 20787 // current response. Use this value in the NextToken request parameter in a 20788 // subsequent call to the operation to get the next part of the output. You 20789 // should repeat this until the NextToken response element comes back as null. 20790 NextToken *string `type:"string"` 20791 20792 // The tags that are assigned to the resource. 20793 Tags []*Tag `type:"list"` 20794} 20795 20796// String returns the string representation 20797func (s ListTagsForResourceOutput) String() string { 20798 return awsutil.Prettify(s) 20799} 20800 20801// GoString returns the string representation 20802func (s ListTagsForResourceOutput) GoString() string { 20803 return s.String() 20804} 20805 20806// SetNextToken sets the NextToken field's value. 20807func (s *ListTagsForResourceOutput) SetNextToken(v string) *ListTagsForResourceOutput { 20808 s.NextToken = &v 20809 return s 20810} 20811 20812// SetTags sets the Tags field's value. 20813func (s *ListTagsForResourceOutput) SetTags(v []*Tag) *ListTagsForResourceOutput { 20814 s.Tags = v 20815 return s 20816} 20817 20818type ListTargetsForPolicyInput struct { 20819 _ struct{} `type:"structure"` 20820 20821 // The total number of results that you want included on each page of the response. 20822 // If you do not include this parameter, it defaults to a value that is specific 20823 // to the operation. If additional items exist beyond the maximum you specify, 20824 // the NextToken response element is present and has a value (is not null). 20825 // Include that value as the NextToken request parameter in the next call to 20826 // the operation to get the next part of the results. Note that Organizations 20827 // might return fewer results than the maximum even when there are more results 20828 // available. You should check NextToken after every operation to ensure that 20829 // you receive all of the results. 20830 MaxResults *int64 `min:"1" type:"integer"` 20831 20832 // The parameter for receiving additional results if you receive a NextToken 20833 // response in a previous request. A NextToken response indicates that more 20834 // output is available. Set this parameter to the value of the previous call's 20835 // NextToken response to indicate where the output should continue from. 20836 NextToken *string `type:"string"` 20837 20838 // The unique identifier (ID) of the policy whose attachments you want to know. 20839 // 20840 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 20841 // requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits, 20842 // or the underscore character (_). 20843 // 20844 // PolicyId is a required field 20845 PolicyId *string `type:"string" required:"true"` 20846} 20847 20848// String returns the string representation 20849func (s ListTargetsForPolicyInput) String() string { 20850 return awsutil.Prettify(s) 20851} 20852 20853// GoString returns the string representation 20854func (s ListTargetsForPolicyInput) GoString() string { 20855 return s.String() 20856} 20857 20858// Validate inspects the fields of the type to determine if they are valid. 20859func (s *ListTargetsForPolicyInput) Validate() error { 20860 invalidParams := request.ErrInvalidParams{Context: "ListTargetsForPolicyInput"} 20861 if s.MaxResults != nil && *s.MaxResults < 1 { 20862 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 20863 } 20864 if s.PolicyId == nil { 20865 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 20866 } 20867 20868 if invalidParams.Len() > 0 { 20869 return invalidParams 20870 } 20871 return nil 20872} 20873 20874// SetMaxResults sets the MaxResults field's value. 20875func (s *ListTargetsForPolicyInput) SetMaxResults(v int64) *ListTargetsForPolicyInput { 20876 s.MaxResults = &v 20877 return s 20878} 20879 20880// SetNextToken sets the NextToken field's value. 20881func (s *ListTargetsForPolicyInput) SetNextToken(v string) *ListTargetsForPolicyInput { 20882 s.NextToken = &v 20883 return s 20884} 20885 20886// SetPolicyId sets the PolicyId field's value. 20887func (s *ListTargetsForPolicyInput) SetPolicyId(v string) *ListTargetsForPolicyInput { 20888 s.PolicyId = &v 20889 return s 20890} 20891 20892type ListTargetsForPolicyOutput struct { 20893 _ struct{} `type:"structure"` 20894 20895 // If present, indicates that more output is available than is included in the 20896 // current response. Use this value in the NextToken request parameter in a 20897 // subsequent call to the operation to get the next part of the output. You 20898 // should repeat this until the NextToken response element comes back as null. 20899 NextToken *string `type:"string"` 20900 20901 // A list of structures, each of which contains details about one of the entities 20902 // to which the specified policy is attached. 20903 Targets []*PolicyTargetSummary `type:"list"` 20904} 20905 20906// String returns the string representation 20907func (s ListTargetsForPolicyOutput) String() string { 20908 return awsutil.Prettify(s) 20909} 20910 20911// GoString returns the string representation 20912func (s ListTargetsForPolicyOutput) GoString() string { 20913 return s.String() 20914} 20915 20916// SetNextToken sets the NextToken field's value. 20917func (s *ListTargetsForPolicyOutput) SetNextToken(v string) *ListTargetsForPolicyOutput { 20918 s.NextToken = &v 20919 return s 20920} 20921 20922// SetTargets sets the Targets field's value. 20923func (s *ListTargetsForPolicyOutput) SetTargets(v []*PolicyTargetSummary) *ListTargetsForPolicyOutput { 20924 s.Targets = v 20925 return s 20926} 20927 20928// The provided policy document doesn't meet the requirements of the specified 20929// policy type. For example, the syntax might be incorrect. For details about 20930// service control policy syntax, see Service Control Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html) 20931// in the AWS Organizations User Guide. 20932type MalformedPolicyDocumentException struct { 20933 _ struct{} `type:"structure"` 20934 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 20935 20936 Message_ *string `locationName:"Message" type:"string"` 20937} 20938 20939// String returns the string representation 20940func (s MalformedPolicyDocumentException) String() string { 20941 return awsutil.Prettify(s) 20942} 20943 20944// GoString returns the string representation 20945func (s MalformedPolicyDocumentException) GoString() string { 20946 return s.String() 20947} 20948 20949func newErrorMalformedPolicyDocumentException(v protocol.ResponseMetadata) error { 20950 return &MalformedPolicyDocumentException{ 20951 RespMetadata: v, 20952 } 20953} 20954 20955// Code returns the exception type name. 20956func (s *MalformedPolicyDocumentException) Code() string { 20957 return "MalformedPolicyDocumentException" 20958} 20959 20960// Message returns the exception's message. 20961func (s *MalformedPolicyDocumentException) Message() string { 20962 if s.Message_ != nil { 20963 return *s.Message_ 20964 } 20965 return "" 20966} 20967 20968// OrigErr always returns nil, satisfies awserr.Error interface. 20969func (s *MalformedPolicyDocumentException) OrigErr() error { 20970 return nil 20971} 20972 20973func (s *MalformedPolicyDocumentException) Error() string { 20974 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 20975} 20976 20977// Status code returns the HTTP status code for the request's response error. 20978func (s *MalformedPolicyDocumentException) StatusCode() int { 20979 return s.RespMetadata.StatusCode 20980} 20981 20982// RequestID returns the service's response RequestID for request. 20983func (s *MalformedPolicyDocumentException) RequestID() string { 20984 return s.RespMetadata.RequestID 20985} 20986 20987// You can't remove a management account from an organization. If you want the 20988// management account to become a member account in another organization, you 20989// must first delete the current organization of the management account. 20990type MasterCannotLeaveOrganizationException struct { 20991 _ struct{} `type:"structure"` 20992 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 20993 20994 Message_ *string `locationName:"Message" type:"string"` 20995} 20996 20997// String returns the string representation 20998func (s MasterCannotLeaveOrganizationException) String() string { 20999 return awsutil.Prettify(s) 21000} 21001 21002// GoString returns the string representation 21003func (s MasterCannotLeaveOrganizationException) GoString() string { 21004 return s.String() 21005} 21006 21007func newErrorMasterCannotLeaveOrganizationException(v protocol.ResponseMetadata) error { 21008 return &MasterCannotLeaveOrganizationException{ 21009 RespMetadata: v, 21010 } 21011} 21012 21013// Code returns the exception type name. 21014func (s *MasterCannotLeaveOrganizationException) Code() string { 21015 return "MasterCannotLeaveOrganizationException" 21016} 21017 21018// Message returns the exception's message. 21019func (s *MasterCannotLeaveOrganizationException) Message() string { 21020 if s.Message_ != nil { 21021 return *s.Message_ 21022 } 21023 return "" 21024} 21025 21026// OrigErr always returns nil, satisfies awserr.Error interface. 21027func (s *MasterCannotLeaveOrganizationException) OrigErr() error { 21028 return nil 21029} 21030 21031func (s *MasterCannotLeaveOrganizationException) Error() string { 21032 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 21033} 21034 21035// Status code returns the HTTP status code for the request's response error. 21036func (s *MasterCannotLeaveOrganizationException) StatusCode() int { 21037 return s.RespMetadata.StatusCode 21038} 21039 21040// RequestID returns the service's response RequestID for request. 21041func (s *MasterCannotLeaveOrganizationException) RequestID() string { 21042 return s.RespMetadata.RequestID 21043} 21044 21045type MoveAccountInput struct { 21046 _ struct{} `type:"structure"` 21047 21048 // The unique identifier (ID) of the account that you want to move. 21049 // 21050 // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string 21051 // requires exactly 12 digits. 21052 // 21053 // AccountId is a required field 21054 AccountId *string `type:"string" required:"true"` 21055 21056 // The unique identifier (ID) of the root or organizational unit that you want 21057 // to move the account to. 21058 // 21059 // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string 21060 // requires one of the following: 21061 // 21062 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 21063 // letters or digits. 21064 // 21065 // * Organizational unit (OU) - A string that begins with "ou-" followed 21066 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 21067 // OU is in). This string is followed by a second "-" dash and from 8 to 21068 // 32 additional lowercase letters or digits. 21069 // 21070 // DestinationParentId is a required field 21071 DestinationParentId *string `type:"string" required:"true"` 21072 21073 // The unique identifier (ID) of the root or organizational unit that you want 21074 // to move the account from. 21075 // 21076 // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string 21077 // requires one of the following: 21078 // 21079 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 21080 // letters or digits. 21081 // 21082 // * Organizational unit (OU) - A string that begins with "ou-" followed 21083 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 21084 // OU is in). This string is followed by a second "-" dash and from 8 to 21085 // 32 additional lowercase letters or digits. 21086 // 21087 // SourceParentId is a required field 21088 SourceParentId *string `type:"string" required:"true"` 21089} 21090 21091// String returns the string representation 21092func (s MoveAccountInput) String() string { 21093 return awsutil.Prettify(s) 21094} 21095 21096// GoString returns the string representation 21097func (s MoveAccountInput) GoString() string { 21098 return s.String() 21099} 21100 21101// Validate inspects the fields of the type to determine if they are valid. 21102func (s *MoveAccountInput) Validate() error { 21103 invalidParams := request.ErrInvalidParams{Context: "MoveAccountInput"} 21104 if s.AccountId == nil { 21105 invalidParams.Add(request.NewErrParamRequired("AccountId")) 21106 } 21107 if s.DestinationParentId == nil { 21108 invalidParams.Add(request.NewErrParamRequired("DestinationParentId")) 21109 } 21110 if s.SourceParentId == nil { 21111 invalidParams.Add(request.NewErrParamRequired("SourceParentId")) 21112 } 21113 21114 if invalidParams.Len() > 0 { 21115 return invalidParams 21116 } 21117 return nil 21118} 21119 21120// SetAccountId sets the AccountId field's value. 21121func (s *MoveAccountInput) SetAccountId(v string) *MoveAccountInput { 21122 s.AccountId = &v 21123 return s 21124} 21125 21126// SetDestinationParentId sets the DestinationParentId field's value. 21127func (s *MoveAccountInput) SetDestinationParentId(v string) *MoveAccountInput { 21128 s.DestinationParentId = &v 21129 return s 21130} 21131 21132// SetSourceParentId sets the SourceParentId field's value. 21133func (s *MoveAccountInput) SetSourceParentId(v string) *MoveAccountInput { 21134 s.SourceParentId = &v 21135 return s 21136} 21137 21138type MoveAccountOutput struct { 21139 _ struct{} `type:"structure"` 21140} 21141 21142// String returns the string representation 21143func (s MoveAccountOutput) String() string { 21144 return awsutil.Prettify(s) 21145} 21146 21147// GoString returns the string representation 21148func (s MoveAccountOutput) GoString() string { 21149 return s.String() 21150} 21151 21152// Contains details about an organization. An organization is a collection of 21153// accounts that are centrally managed together using consolidated billing, 21154// organized hierarchically with organizational units (OUs), and controlled 21155// with policies . 21156type Organization struct { 21157 _ struct{} `type:"structure"` 21158 21159 // The Amazon Resource Name (ARN) of an organization. 21160 // 21161 // For more information about ARNs in Organizations, see ARN Formats Supported 21162 // by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) 21163 // in the AWS Service Authorization Reference. 21164 Arn *string `type:"string"` 21165 21166 // 21167 // Do not use. This field is deprecated and doesn't provide complete information 21168 // about the policies in your organization. 21169 // 21170 // To determine the policies that are enabled and available for use in your 21171 // organization, use the ListRoots operation instead. 21172 AvailablePolicyTypes []*PolicyTypeSummary `type:"list"` 21173 21174 // Specifies the functionality that currently is available to the organization. 21175 // If set to "ALL", then all features are enabled and policies can be applied 21176 // to accounts in the organization. If set to "CONSOLIDATED_BILLING", then only 21177 // consolidated billing functionality is available. For more information, see 21178 // Enabling All Features in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) 21179 // in the AWS Organizations User Guide. 21180 FeatureSet *string `type:"string" enum:"OrganizationFeatureSet"` 21181 21182 // The unique identifier (ID) of an organization. 21183 // 21184 // The regex pattern (http://wikipedia.org/wiki/regex) for an organization ID 21185 // string requires "o-" followed by from 10 to 32 lowercase letters or digits. 21186 Id *string `type:"string"` 21187 21188 // The Amazon Resource Name (ARN) of the account that is designated as the management 21189 // account for the organization. 21190 // 21191 // For more information about ARNs in Organizations, see ARN Formats Supported 21192 // by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) 21193 // in the AWS Service Authorization Reference. 21194 MasterAccountArn *string `type:"string"` 21195 21196 // The email address that is associated with the AWS account that is designated 21197 // as the management account for the organization. 21198 MasterAccountEmail *string `min:"6" type:"string" sensitive:"true"` 21199 21200 // The unique identifier (ID) of the management account of an organization. 21201 // 21202 // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string 21203 // requires exactly 12 digits. 21204 MasterAccountId *string `type:"string"` 21205} 21206 21207// String returns the string representation 21208func (s Organization) String() string { 21209 return awsutil.Prettify(s) 21210} 21211 21212// GoString returns the string representation 21213func (s Organization) GoString() string { 21214 return s.String() 21215} 21216 21217// SetArn sets the Arn field's value. 21218func (s *Organization) SetArn(v string) *Organization { 21219 s.Arn = &v 21220 return s 21221} 21222 21223// SetAvailablePolicyTypes sets the AvailablePolicyTypes field's value. 21224func (s *Organization) SetAvailablePolicyTypes(v []*PolicyTypeSummary) *Organization { 21225 s.AvailablePolicyTypes = v 21226 return s 21227} 21228 21229// SetFeatureSet sets the FeatureSet field's value. 21230func (s *Organization) SetFeatureSet(v string) *Organization { 21231 s.FeatureSet = &v 21232 return s 21233} 21234 21235// SetId sets the Id field's value. 21236func (s *Organization) SetId(v string) *Organization { 21237 s.Id = &v 21238 return s 21239} 21240 21241// SetMasterAccountArn sets the MasterAccountArn field's value. 21242func (s *Organization) SetMasterAccountArn(v string) *Organization { 21243 s.MasterAccountArn = &v 21244 return s 21245} 21246 21247// SetMasterAccountEmail sets the MasterAccountEmail field's value. 21248func (s *Organization) SetMasterAccountEmail(v string) *Organization { 21249 s.MasterAccountEmail = &v 21250 return s 21251} 21252 21253// SetMasterAccountId sets the MasterAccountId field's value. 21254func (s *Organization) SetMasterAccountId(v string) *Organization { 21255 s.MasterAccountId = &v 21256 return s 21257} 21258 21259// The organization isn't empty. To delete an organization, you must first remove 21260// all accounts except the management account, delete all OUs, and delete all 21261// policies. 21262type OrganizationNotEmptyException struct { 21263 _ struct{} `type:"structure"` 21264 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 21265 21266 Message_ *string `locationName:"Message" type:"string"` 21267} 21268 21269// String returns the string representation 21270func (s OrganizationNotEmptyException) String() string { 21271 return awsutil.Prettify(s) 21272} 21273 21274// GoString returns the string representation 21275func (s OrganizationNotEmptyException) GoString() string { 21276 return s.String() 21277} 21278 21279func newErrorOrganizationNotEmptyException(v protocol.ResponseMetadata) error { 21280 return &OrganizationNotEmptyException{ 21281 RespMetadata: v, 21282 } 21283} 21284 21285// Code returns the exception type name. 21286func (s *OrganizationNotEmptyException) Code() string { 21287 return "OrganizationNotEmptyException" 21288} 21289 21290// Message returns the exception's message. 21291func (s *OrganizationNotEmptyException) Message() string { 21292 if s.Message_ != nil { 21293 return *s.Message_ 21294 } 21295 return "" 21296} 21297 21298// OrigErr always returns nil, satisfies awserr.Error interface. 21299func (s *OrganizationNotEmptyException) OrigErr() error { 21300 return nil 21301} 21302 21303func (s *OrganizationNotEmptyException) Error() string { 21304 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 21305} 21306 21307// Status code returns the HTTP status code for the request's response error. 21308func (s *OrganizationNotEmptyException) StatusCode() int { 21309 return s.RespMetadata.StatusCode 21310} 21311 21312// RequestID returns the service's response RequestID for request. 21313func (s *OrganizationNotEmptyException) RequestID() string { 21314 return s.RespMetadata.RequestID 21315} 21316 21317// Contains details about an organizational unit (OU). An OU is a container 21318// of AWS accounts within a root of an organization. Policies that are attached 21319// to an OU apply to all accounts contained in that OU and in any child OUs. 21320type OrganizationalUnit struct { 21321 _ struct{} `type:"structure"` 21322 21323 // The Amazon Resource Name (ARN) of this OU. 21324 // 21325 // For more information about ARNs in Organizations, see ARN Formats Supported 21326 // by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) 21327 // in the AWS Service Authorization Reference. 21328 Arn *string `type:"string"` 21329 21330 // The unique identifier (ID) associated with this OU. 21331 // 21332 // The regex pattern (http://wikipedia.org/wiki/regex) for an organizational 21333 // unit ID string requires "ou-" followed by from 4 to 32 lowercase letters 21334 // or digits (the ID of the root that contains the OU). This string is followed 21335 // by a second "-" dash and from 8 to 32 additional lowercase letters or digits. 21336 Id *string `type:"string"` 21337 21338 // The friendly name of this OU. 21339 // 21340 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 21341 // this parameter is a string of any of the characters in the ASCII character 21342 // range. 21343 Name *string `min:"1" type:"string"` 21344} 21345 21346// String returns the string representation 21347func (s OrganizationalUnit) String() string { 21348 return awsutil.Prettify(s) 21349} 21350 21351// GoString returns the string representation 21352func (s OrganizationalUnit) GoString() string { 21353 return s.String() 21354} 21355 21356// SetArn sets the Arn field's value. 21357func (s *OrganizationalUnit) SetArn(v string) *OrganizationalUnit { 21358 s.Arn = &v 21359 return s 21360} 21361 21362// SetId sets the Id field's value. 21363func (s *OrganizationalUnit) SetId(v string) *OrganizationalUnit { 21364 s.Id = &v 21365 return s 21366} 21367 21368// SetName sets the Name field's value. 21369func (s *OrganizationalUnit) SetName(v string) *OrganizationalUnit { 21370 s.Name = &v 21371 return s 21372} 21373 21374// The specified OU is not empty. Move all accounts to another root or to other 21375// OUs, remove all child OUs, and try the operation again. 21376type OrganizationalUnitNotEmptyException struct { 21377 _ struct{} `type:"structure"` 21378 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 21379 21380 Message_ *string `locationName:"Message" type:"string"` 21381} 21382 21383// String returns the string representation 21384func (s OrganizationalUnitNotEmptyException) String() string { 21385 return awsutil.Prettify(s) 21386} 21387 21388// GoString returns the string representation 21389func (s OrganizationalUnitNotEmptyException) GoString() string { 21390 return s.String() 21391} 21392 21393func newErrorOrganizationalUnitNotEmptyException(v protocol.ResponseMetadata) error { 21394 return &OrganizationalUnitNotEmptyException{ 21395 RespMetadata: v, 21396 } 21397} 21398 21399// Code returns the exception type name. 21400func (s *OrganizationalUnitNotEmptyException) Code() string { 21401 return "OrganizationalUnitNotEmptyException" 21402} 21403 21404// Message returns the exception's message. 21405func (s *OrganizationalUnitNotEmptyException) Message() string { 21406 if s.Message_ != nil { 21407 return *s.Message_ 21408 } 21409 return "" 21410} 21411 21412// OrigErr always returns nil, satisfies awserr.Error interface. 21413func (s *OrganizationalUnitNotEmptyException) OrigErr() error { 21414 return nil 21415} 21416 21417func (s *OrganizationalUnitNotEmptyException) Error() string { 21418 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 21419} 21420 21421// Status code returns the HTTP status code for the request's response error. 21422func (s *OrganizationalUnitNotEmptyException) StatusCode() int { 21423 return s.RespMetadata.StatusCode 21424} 21425 21426// RequestID returns the service's response RequestID for request. 21427func (s *OrganizationalUnitNotEmptyException) RequestID() string { 21428 return s.RespMetadata.RequestID 21429} 21430 21431// We can't find an OU with the OrganizationalUnitId that you specified. 21432type OrganizationalUnitNotFoundException struct { 21433 _ struct{} `type:"structure"` 21434 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 21435 21436 Message_ *string `locationName:"Message" type:"string"` 21437} 21438 21439// String returns the string representation 21440func (s OrganizationalUnitNotFoundException) String() string { 21441 return awsutil.Prettify(s) 21442} 21443 21444// GoString returns the string representation 21445func (s OrganizationalUnitNotFoundException) GoString() string { 21446 return s.String() 21447} 21448 21449func newErrorOrganizationalUnitNotFoundException(v protocol.ResponseMetadata) error { 21450 return &OrganizationalUnitNotFoundException{ 21451 RespMetadata: v, 21452 } 21453} 21454 21455// Code returns the exception type name. 21456func (s *OrganizationalUnitNotFoundException) Code() string { 21457 return "OrganizationalUnitNotFoundException" 21458} 21459 21460// Message returns the exception's message. 21461func (s *OrganizationalUnitNotFoundException) Message() string { 21462 if s.Message_ != nil { 21463 return *s.Message_ 21464 } 21465 return "" 21466} 21467 21468// OrigErr always returns nil, satisfies awserr.Error interface. 21469func (s *OrganizationalUnitNotFoundException) OrigErr() error { 21470 return nil 21471} 21472 21473func (s *OrganizationalUnitNotFoundException) Error() string { 21474 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 21475} 21476 21477// Status code returns the HTTP status code for the request's response error. 21478func (s *OrganizationalUnitNotFoundException) StatusCode() int { 21479 return s.RespMetadata.StatusCode 21480} 21481 21482// RequestID returns the service's response RequestID for request. 21483func (s *OrganizationalUnitNotFoundException) RequestID() string { 21484 return s.RespMetadata.RequestID 21485} 21486 21487// Contains information about either a root or an organizational unit (OU) that 21488// can contain OUs or accounts in an organization. 21489type Parent struct { 21490 _ struct{} `type:"structure"` 21491 21492 // The unique identifier (ID) of the parent entity. 21493 // 21494 // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string 21495 // requires one of the following: 21496 // 21497 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 21498 // letters or digits. 21499 // 21500 // * Organizational unit (OU) - A string that begins with "ou-" followed 21501 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 21502 // OU is in). This string is followed by a second "-" dash and from 8 to 21503 // 32 additional lowercase letters or digits. 21504 Id *string `type:"string"` 21505 21506 // The type of the parent entity. 21507 Type *string `type:"string" enum:"ParentType"` 21508} 21509 21510// String returns the string representation 21511func (s Parent) String() string { 21512 return awsutil.Prettify(s) 21513} 21514 21515// GoString returns the string representation 21516func (s Parent) GoString() string { 21517 return s.String() 21518} 21519 21520// SetId sets the Id field's value. 21521func (s *Parent) SetId(v string) *Parent { 21522 s.Id = &v 21523 return s 21524} 21525 21526// SetType sets the Type field's value. 21527func (s *Parent) SetType(v string) *Parent { 21528 s.Type = &v 21529 return s 21530} 21531 21532// We can't find a root or OU with the ParentId that you specified. 21533type ParentNotFoundException struct { 21534 _ struct{} `type:"structure"` 21535 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 21536 21537 Message_ *string `locationName:"Message" type:"string"` 21538} 21539 21540// String returns the string representation 21541func (s ParentNotFoundException) String() string { 21542 return awsutil.Prettify(s) 21543} 21544 21545// GoString returns the string representation 21546func (s ParentNotFoundException) GoString() string { 21547 return s.String() 21548} 21549 21550func newErrorParentNotFoundException(v protocol.ResponseMetadata) error { 21551 return &ParentNotFoundException{ 21552 RespMetadata: v, 21553 } 21554} 21555 21556// Code returns the exception type name. 21557func (s *ParentNotFoundException) Code() string { 21558 return "ParentNotFoundException" 21559} 21560 21561// Message returns the exception's message. 21562func (s *ParentNotFoundException) Message() string { 21563 if s.Message_ != nil { 21564 return *s.Message_ 21565 } 21566 return "" 21567} 21568 21569// OrigErr always returns nil, satisfies awserr.Error interface. 21570func (s *ParentNotFoundException) OrigErr() error { 21571 return nil 21572} 21573 21574func (s *ParentNotFoundException) Error() string { 21575 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 21576} 21577 21578// Status code returns the HTTP status code for the request's response error. 21579func (s *ParentNotFoundException) StatusCode() int { 21580 return s.RespMetadata.StatusCode 21581} 21582 21583// RequestID returns the service's response RequestID for request. 21584func (s *ParentNotFoundException) RequestID() string { 21585 return s.RespMetadata.RequestID 21586} 21587 21588// Contains rules to be applied to the affected accounts. Policies can be attached 21589// directly to accounts, or to roots and OUs to affect all accounts in those 21590// hierarchies. 21591type Policy struct { 21592 _ struct{} `type:"structure"` 21593 21594 // The text content of the policy. 21595 Content *string `min:"1" type:"string"` 21596 21597 // A structure that contains additional details about the policy. 21598 PolicySummary *PolicySummary `type:"structure"` 21599} 21600 21601// String returns the string representation 21602func (s Policy) String() string { 21603 return awsutil.Prettify(s) 21604} 21605 21606// GoString returns the string representation 21607func (s Policy) GoString() string { 21608 return s.String() 21609} 21610 21611// SetContent sets the Content field's value. 21612func (s *Policy) SetContent(v string) *Policy { 21613 s.Content = &v 21614 return s 21615} 21616 21617// SetPolicySummary sets the PolicySummary field's value. 21618func (s *Policy) SetPolicySummary(v *PolicySummary) *Policy { 21619 s.PolicySummary = v 21620 return s 21621} 21622 21623// Changes to the effective policy are in progress, and its contents can't be 21624// returned. Try the operation again later. 21625type PolicyChangesInProgressException struct { 21626 _ struct{} `type:"structure"` 21627 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 21628 21629 Message_ *string `locationName:"Message" type:"string"` 21630} 21631 21632// String returns the string representation 21633func (s PolicyChangesInProgressException) String() string { 21634 return awsutil.Prettify(s) 21635} 21636 21637// GoString returns the string representation 21638func (s PolicyChangesInProgressException) GoString() string { 21639 return s.String() 21640} 21641 21642func newErrorPolicyChangesInProgressException(v protocol.ResponseMetadata) error { 21643 return &PolicyChangesInProgressException{ 21644 RespMetadata: v, 21645 } 21646} 21647 21648// Code returns the exception type name. 21649func (s *PolicyChangesInProgressException) Code() string { 21650 return "PolicyChangesInProgressException" 21651} 21652 21653// Message returns the exception's message. 21654func (s *PolicyChangesInProgressException) Message() string { 21655 if s.Message_ != nil { 21656 return *s.Message_ 21657 } 21658 return "" 21659} 21660 21661// OrigErr always returns nil, satisfies awserr.Error interface. 21662func (s *PolicyChangesInProgressException) OrigErr() error { 21663 return nil 21664} 21665 21666func (s *PolicyChangesInProgressException) Error() string { 21667 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 21668} 21669 21670// Status code returns the HTTP status code for the request's response error. 21671func (s *PolicyChangesInProgressException) StatusCode() int { 21672 return s.RespMetadata.StatusCode 21673} 21674 21675// RequestID returns the service's response RequestID for request. 21676func (s *PolicyChangesInProgressException) RequestID() string { 21677 return s.RespMetadata.RequestID 21678} 21679 21680// The policy is attached to one or more entities. You must detach it from all 21681// roots, OUs, and accounts before performing this operation. 21682type PolicyInUseException struct { 21683 _ struct{} `type:"structure"` 21684 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 21685 21686 Message_ *string `locationName:"Message" type:"string"` 21687} 21688 21689// String returns the string representation 21690func (s PolicyInUseException) String() string { 21691 return awsutil.Prettify(s) 21692} 21693 21694// GoString returns the string representation 21695func (s PolicyInUseException) GoString() string { 21696 return s.String() 21697} 21698 21699func newErrorPolicyInUseException(v protocol.ResponseMetadata) error { 21700 return &PolicyInUseException{ 21701 RespMetadata: v, 21702 } 21703} 21704 21705// Code returns the exception type name. 21706func (s *PolicyInUseException) Code() string { 21707 return "PolicyInUseException" 21708} 21709 21710// Message returns the exception's message. 21711func (s *PolicyInUseException) Message() string { 21712 if s.Message_ != nil { 21713 return *s.Message_ 21714 } 21715 return "" 21716} 21717 21718// OrigErr always returns nil, satisfies awserr.Error interface. 21719func (s *PolicyInUseException) OrigErr() error { 21720 return nil 21721} 21722 21723func (s *PolicyInUseException) Error() string { 21724 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 21725} 21726 21727// Status code returns the HTTP status code for the request's response error. 21728func (s *PolicyInUseException) StatusCode() int { 21729 return s.RespMetadata.StatusCode 21730} 21731 21732// RequestID returns the service's response RequestID for request. 21733func (s *PolicyInUseException) RequestID() string { 21734 return s.RespMetadata.RequestID 21735} 21736 21737// The policy isn't attached to the specified target in the specified root. 21738type PolicyNotAttachedException struct { 21739 _ struct{} `type:"structure"` 21740 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 21741 21742 Message_ *string `locationName:"Message" type:"string"` 21743} 21744 21745// String returns the string representation 21746func (s PolicyNotAttachedException) String() string { 21747 return awsutil.Prettify(s) 21748} 21749 21750// GoString returns the string representation 21751func (s PolicyNotAttachedException) GoString() string { 21752 return s.String() 21753} 21754 21755func newErrorPolicyNotAttachedException(v protocol.ResponseMetadata) error { 21756 return &PolicyNotAttachedException{ 21757 RespMetadata: v, 21758 } 21759} 21760 21761// Code returns the exception type name. 21762func (s *PolicyNotAttachedException) Code() string { 21763 return "PolicyNotAttachedException" 21764} 21765 21766// Message returns the exception's message. 21767func (s *PolicyNotAttachedException) Message() string { 21768 if s.Message_ != nil { 21769 return *s.Message_ 21770 } 21771 return "" 21772} 21773 21774// OrigErr always returns nil, satisfies awserr.Error interface. 21775func (s *PolicyNotAttachedException) OrigErr() error { 21776 return nil 21777} 21778 21779func (s *PolicyNotAttachedException) Error() string { 21780 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 21781} 21782 21783// Status code returns the HTTP status code for the request's response error. 21784func (s *PolicyNotAttachedException) StatusCode() int { 21785 return s.RespMetadata.StatusCode 21786} 21787 21788// RequestID returns the service's response RequestID for request. 21789func (s *PolicyNotAttachedException) RequestID() string { 21790 return s.RespMetadata.RequestID 21791} 21792 21793// We can't find a policy with the PolicyId that you specified. 21794type PolicyNotFoundException struct { 21795 _ struct{} `type:"structure"` 21796 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 21797 21798 Message_ *string `locationName:"Message" type:"string"` 21799} 21800 21801// String returns the string representation 21802func (s PolicyNotFoundException) String() string { 21803 return awsutil.Prettify(s) 21804} 21805 21806// GoString returns the string representation 21807func (s PolicyNotFoundException) GoString() string { 21808 return s.String() 21809} 21810 21811func newErrorPolicyNotFoundException(v protocol.ResponseMetadata) error { 21812 return &PolicyNotFoundException{ 21813 RespMetadata: v, 21814 } 21815} 21816 21817// Code returns the exception type name. 21818func (s *PolicyNotFoundException) Code() string { 21819 return "PolicyNotFoundException" 21820} 21821 21822// Message returns the exception's message. 21823func (s *PolicyNotFoundException) Message() string { 21824 if s.Message_ != nil { 21825 return *s.Message_ 21826 } 21827 return "" 21828} 21829 21830// OrigErr always returns nil, satisfies awserr.Error interface. 21831func (s *PolicyNotFoundException) OrigErr() error { 21832 return nil 21833} 21834 21835func (s *PolicyNotFoundException) Error() string { 21836 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 21837} 21838 21839// Status code returns the HTTP status code for the request's response error. 21840func (s *PolicyNotFoundException) StatusCode() int { 21841 return s.RespMetadata.StatusCode 21842} 21843 21844// RequestID returns the service's response RequestID for request. 21845func (s *PolicyNotFoundException) RequestID() string { 21846 return s.RespMetadata.RequestID 21847} 21848 21849// Contains information about a policy, but does not include the content. To 21850// see the content of a policy, see DescribePolicy. 21851type PolicySummary struct { 21852 _ struct{} `type:"structure"` 21853 21854 // The Amazon Resource Name (ARN) of the policy. 21855 // 21856 // For more information about ARNs in Organizations, see ARN Formats Supported 21857 // by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) 21858 // in the AWS Service Authorization Reference. 21859 Arn *string `type:"string"` 21860 21861 // A boolean value that indicates whether the specified policy is an AWS managed 21862 // policy. If true, then you can attach the policy to roots, OUs, or accounts, 21863 // but you cannot edit it. 21864 AwsManaged *bool `type:"boolean"` 21865 21866 // The description of the policy. 21867 Description *string `type:"string"` 21868 21869 // The unique identifier (ID) of the policy. 21870 // 21871 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 21872 // requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits, 21873 // or the underscore character (_). 21874 Id *string `type:"string"` 21875 21876 // The friendly name of the policy. 21877 // 21878 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 21879 // this parameter is a string of any of the characters in the ASCII character 21880 // range. 21881 Name *string `min:"1" type:"string"` 21882 21883 // The type of policy. 21884 Type *string `type:"string" enum:"PolicyType"` 21885} 21886 21887// String returns the string representation 21888func (s PolicySummary) String() string { 21889 return awsutil.Prettify(s) 21890} 21891 21892// GoString returns the string representation 21893func (s PolicySummary) GoString() string { 21894 return s.String() 21895} 21896 21897// SetArn sets the Arn field's value. 21898func (s *PolicySummary) SetArn(v string) *PolicySummary { 21899 s.Arn = &v 21900 return s 21901} 21902 21903// SetAwsManaged sets the AwsManaged field's value. 21904func (s *PolicySummary) SetAwsManaged(v bool) *PolicySummary { 21905 s.AwsManaged = &v 21906 return s 21907} 21908 21909// SetDescription sets the Description field's value. 21910func (s *PolicySummary) SetDescription(v string) *PolicySummary { 21911 s.Description = &v 21912 return s 21913} 21914 21915// SetId sets the Id field's value. 21916func (s *PolicySummary) SetId(v string) *PolicySummary { 21917 s.Id = &v 21918 return s 21919} 21920 21921// SetName sets the Name field's value. 21922func (s *PolicySummary) SetName(v string) *PolicySummary { 21923 s.Name = &v 21924 return s 21925} 21926 21927// SetType sets the Type field's value. 21928func (s *PolicySummary) SetType(v string) *PolicySummary { 21929 s.Type = &v 21930 return s 21931} 21932 21933// Contains information about a root, OU, or account that a policy is attached 21934// to. 21935type PolicyTargetSummary struct { 21936 _ struct{} `type:"structure"` 21937 21938 // The Amazon Resource Name (ARN) of the policy target. 21939 // 21940 // For more information about ARNs in Organizations, see ARN Formats Supported 21941 // by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) 21942 // in the AWS Service Authorization Reference. 21943 Arn *string `type:"string"` 21944 21945 // The friendly name of the policy target. 21946 // 21947 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 21948 // this parameter is a string of any of the characters in the ASCII character 21949 // range. 21950 Name *string `min:"1" type:"string"` 21951 21952 // The unique identifier (ID) of the policy target. 21953 // 21954 // The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string 21955 // requires one of the following: 21956 // 21957 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 21958 // letters or digits. 21959 // 21960 // * Account - A string that consists of exactly 12 digits. 21961 // 21962 // * Organizational unit (OU) - A string that begins with "ou-" followed 21963 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 21964 // OU is in). This string is followed by a second "-" dash and from 8 to 21965 // 32 additional lowercase letters or digits. 21966 TargetId *string `type:"string"` 21967 21968 // The type of the policy target. 21969 Type *string `type:"string" enum:"TargetType"` 21970} 21971 21972// String returns the string representation 21973func (s PolicyTargetSummary) String() string { 21974 return awsutil.Prettify(s) 21975} 21976 21977// GoString returns the string representation 21978func (s PolicyTargetSummary) GoString() string { 21979 return s.String() 21980} 21981 21982// SetArn sets the Arn field's value. 21983func (s *PolicyTargetSummary) SetArn(v string) *PolicyTargetSummary { 21984 s.Arn = &v 21985 return s 21986} 21987 21988// SetName sets the Name field's value. 21989func (s *PolicyTargetSummary) SetName(v string) *PolicyTargetSummary { 21990 s.Name = &v 21991 return s 21992} 21993 21994// SetTargetId sets the TargetId field's value. 21995func (s *PolicyTargetSummary) SetTargetId(v string) *PolicyTargetSummary { 21996 s.TargetId = &v 21997 return s 21998} 21999 22000// SetType sets the Type field's value. 22001func (s *PolicyTargetSummary) SetType(v string) *PolicyTargetSummary { 22002 s.Type = &v 22003 return s 22004} 22005 22006// The specified policy type is already enabled in the specified root. 22007type PolicyTypeAlreadyEnabledException struct { 22008 _ struct{} `type:"structure"` 22009 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 22010 22011 Message_ *string `locationName:"Message" type:"string"` 22012} 22013 22014// String returns the string representation 22015func (s PolicyTypeAlreadyEnabledException) String() string { 22016 return awsutil.Prettify(s) 22017} 22018 22019// GoString returns the string representation 22020func (s PolicyTypeAlreadyEnabledException) GoString() string { 22021 return s.String() 22022} 22023 22024func newErrorPolicyTypeAlreadyEnabledException(v protocol.ResponseMetadata) error { 22025 return &PolicyTypeAlreadyEnabledException{ 22026 RespMetadata: v, 22027 } 22028} 22029 22030// Code returns the exception type name. 22031func (s *PolicyTypeAlreadyEnabledException) Code() string { 22032 return "PolicyTypeAlreadyEnabledException" 22033} 22034 22035// Message returns the exception's message. 22036func (s *PolicyTypeAlreadyEnabledException) Message() string { 22037 if s.Message_ != nil { 22038 return *s.Message_ 22039 } 22040 return "" 22041} 22042 22043// OrigErr always returns nil, satisfies awserr.Error interface. 22044func (s *PolicyTypeAlreadyEnabledException) OrigErr() error { 22045 return nil 22046} 22047 22048func (s *PolicyTypeAlreadyEnabledException) Error() string { 22049 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 22050} 22051 22052// Status code returns the HTTP status code for the request's response error. 22053func (s *PolicyTypeAlreadyEnabledException) StatusCode() int { 22054 return s.RespMetadata.StatusCode 22055} 22056 22057// RequestID returns the service's response RequestID for request. 22058func (s *PolicyTypeAlreadyEnabledException) RequestID() string { 22059 return s.RespMetadata.RequestID 22060} 22061 22062// You can't use the specified policy type with the feature set currently enabled 22063// for this organization. For example, you can enable SCPs only after you enable 22064// all features in the organization. For more information, see Managing AWS 22065// Organizations Policies (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root)in 22066// the AWS Organizations User Guide. 22067type PolicyTypeNotAvailableForOrganizationException struct { 22068 _ struct{} `type:"structure"` 22069 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 22070 22071 Message_ *string `locationName:"Message" type:"string"` 22072} 22073 22074// String returns the string representation 22075func (s PolicyTypeNotAvailableForOrganizationException) String() string { 22076 return awsutil.Prettify(s) 22077} 22078 22079// GoString returns the string representation 22080func (s PolicyTypeNotAvailableForOrganizationException) GoString() string { 22081 return s.String() 22082} 22083 22084func newErrorPolicyTypeNotAvailableForOrganizationException(v protocol.ResponseMetadata) error { 22085 return &PolicyTypeNotAvailableForOrganizationException{ 22086 RespMetadata: v, 22087 } 22088} 22089 22090// Code returns the exception type name. 22091func (s *PolicyTypeNotAvailableForOrganizationException) Code() string { 22092 return "PolicyTypeNotAvailableForOrganizationException" 22093} 22094 22095// Message returns the exception's message. 22096func (s *PolicyTypeNotAvailableForOrganizationException) Message() string { 22097 if s.Message_ != nil { 22098 return *s.Message_ 22099 } 22100 return "" 22101} 22102 22103// OrigErr always returns nil, satisfies awserr.Error interface. 22104func (s *PolicyTypeNotAvailableForOrganizationException) OrigErr() error { 22105 return nil 22106} 22107 22108func (s *PolicyTypeNotAvailableForOrganizationException) Error() string { 22109 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 22110} 22111 22112// Status code returns the HTTP status code for the request's response error. 22113func (s *PolicyTypeNotAvailableForOrganizationException) StatusCode() int { 22114 return s.RespMetadata.StatusCode 22115} 22116 22117// RequestID returns the service's response RequestID for request. 22118func (s *PolicyTypeNotAvailableForOrganizationException) RequestID() string { 22119 return s.RespMetadata.RequestID 22120} 22121 22122// The specified policy type isn't currently enabled in this root. You can't 22123// attach policies of the specified type to entities in a root until you enable 22124// that type in the root. For more information, see Enabling All Features in 22125// Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) 22126// in the AWS Organizations User Guide. 22127type PolicyTypeNotEnabledException struct { 22128 _ struct{} `type:"structure"` 22129 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 22130 22131 Message_ *string `locationName:"Message" type:"string"` 22132} 22133 22134// String returns the string representation 22135func (s PolicyTypeNotEnabledException) String() string { 22136 return awsutil.Prettify(s) 22137} 22138 22139// GoString returns the string representation 22140func (s PolicyTypeNotEnabledException) GoString() string { 22141 return s.String() 22142} 22143 22144func newErrorPolicyTypeNotEnabledException(v protocol.ResponseMetadata) error { 22145 return &PolicyTypeNotEnabledException{ 22146 RespMetadata: v, 22147 } 22148} 22149 22150// Code returns the exception type name. 22151func (s *PolicyTypeNotEnabledException) Code() string { 22152 return "PolicyTypeNotEnabledException" 22153} 22154 22155// Message returns the exception's message. 22156func (s *PolicyTypeNotEnabledException) Message() string { 22157 if s.Message_ != nil { 22158 return *s.Message_ 22159 } 22160 return "" 22161} 22162 22163// OrigErr always returns nil, satisfies awserr.Error interface. 22164func (s *PolicyTypeNotEnabledException) OrigErr() error { 22165 return nil 22166} 22167 22168func (s *PolicyTypeNotEnabledException) Error() string { 22169 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 22170} 22171 22172// Status code returns the HTTP status code for the request's response error. 22173func (s *PolicyTypeNotEnabledException) StatusCode() int { 22174 return s.RespMetadata.StatusCode 22175} 22176 22177// RequestID returns the service's response RequestID for request. 22178func (s *PolicyTypeNotEnabledException) RequestID() string { 22179 return s.RespMetadata.RequestID 22180} 22181 22182// Contains information about a policy type and its status in the associated 22183// root. 22184type PolicyTypeSummary struct { 22185 _ struct{} `type:"structure"` 22186 22187 // The status of the policy type as it relates to the associated root. To attach 22188 // a policy of the specified type to a root or to an OU or account in that root, 22189 // it must be available in the organization and enabled for that root. 22190 Status *string `type:"string" enum:"PolicyTypeStatus"` 22191 22192 // The name of the policy type. 22193 Type *string `type:"string" enum:"PolicyType"` 22194} 22195 22196// String returns the string representation 22197func (s PolicyTypeSummary) String() string { 22198 return awsutil.Prettify(s) 22199} 22200 22201// GoString returns the string representation 22202func (s PolicyTypeSummary) GoString() string { 22203 return s.String() 22204} 22205 22206// SetStatus sets the Status field's value. 22207func (s *PolicyTypeSummary) SetStatus(v string) *PolicyTypeSummary { 22208 s.Status = &v 22209 return s 22210} 22211 22212// SetType sets the Type field's value. 22213func (s *PolicyTypeSummary) SetType(v string) *PolicyTypeSummary { 22214 s.Type = &v 22215 return s 22216} 22217 22218type RegisterDelegatedAdministratorInput struct { 22219 _ struct{} `type:"structure"` 22220 22221 // The account ID number of the member account in the organization to register 22222 // as a delegated administrator. 22223 // 22224 // AccountId is a required field 22225 AccountId *string `type:"string" required:"true"` 22226 22227 // The service principal of the AWS service for which you want to make the member 22228 // account a delegated administrator. 22229 // 22230 // ServicePrincipal is a required field 22231 ServicePrincipal *string `min:"1" type:"string" required:"true"` 22232} 22233 22234// String returns the string representation 22235func (s RegisterDelegatedAdministratorInput) String() string { 22236 return awsutil.Prettify(s) 22237} 22238 22239// GoString returns the string representation 22240func (s RegisterDelegatedAdministratorInput) GoString() string { 22241 return s.String() 22242} 22243 22244// Validate inspects the fields of the type to determine if they are valid. 22245func (s *RegisterDelegatedAdministratorInput) Validate() error { 22246 invalidParams := request.ErrInvalidParams{Context: "RegisterDelegatedAdministratorInput"} 22247 if s.AccountId == nil { 22248 invalidParams.Add(request.NewErrParamRequired("AccountId")) 22249 } 22250 if s.ServicePrincipal == nil { 22251 invalidParams.Add(request.NewErrParamRequired("ServicePrincipal")) 22252 } 22253 if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 { 22254 invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1)) 22255 } 22256 22257 if invalidParams.Len() > 0 { 22258 return invalidParams 22259 } 22260 return nil 22261} 22262 22263// SetAccountId sets the AccountId field's value. 22264func (s *RegisterDelegatedAdministratorInput) SetAccountId(v string) *RegisterDelegatedAdministratorInput { 22265 s.AccountId = &v 22266 return s 22267} 22268 22269// SetServicePrincipal sets the ServicePrincipal field's value. 22270func (s *RegisterDelegatedAdministratorInput) SetServicePrincipal(v string) *RegisterDelegatedAdministratorInput { 22271 s.ServicePrincipal = &v 22272 return s 22273} 22274 22275type RegisterDelegatedAdministratorOutput struct { 22276 _ struct{} `type:"structure"` 22277} 22278 22279// String returns the string representation 22280func (s RegisterDelegatedAdministratorOutput) String() string { 22281 return awsutil.Prettify(s) 22282} 22283 22284// GoString returns the string representation 22285func (s RegisterDelegatedAdministratorOutput) GoString() string { 22286 return s.String() 22287} 22288 22289type RemoveAccountFromOrganizationInput struct { 22290 _ struct{} `type:"structure"` 22291 22292 // The unique identifier (ID) of the member account that you want to remove 22293 // from the organization. 22294 // 22295 // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string 22296 // requires exactly 12 digits. 22297 // 22298 // AccountId is a required field 22299 AccountId *string `type:"string" required:"true"` 22300} 22301 22302// String returns the string representation 22303func (s RemoveAccountFromOrganizationInput) String() string { 22304 return awsutil.Prettify(s) 22305} 22306 22307// GoString returns the string representation 22308func (s RemoveAccountFromOrganizationInput) GoString() string { 22309 return s.String() 22310} 22311 22312// Validate inspects the fields of the type to determine if they are valid. 22313func (s *RemoveAccountFromOrganizationInput) Validate() error { 22314 invalidParams := request.ErrInvalidParams{Context: "RemoveAccountFromOrganizationInput"} 22315 if s.AccountId == nil { 22316 invalidParams.Add(request.NewErrParamRequired("AccountId")) 22317 } 22318 22319 if invalidParams.Len() > 0 { 22320 return invalidParams 22321 } 22322 return nil 22323} 22324 22325// SetAccountId sets the AccountId field's value. 22326func (s *RemoveAccountFromOrganizationInput) SetAccountId(v string) *RemoveAccountFromOrganizationInput { 22327 s.AccountId = &v 22328 return s 22329} 22330 22331type RemoveAccountFromOrganizationOutput struct { 22332 _ struct{} `type:"structure"` 22333} 22334 22335// String returns the string representation 22336func (s RemoveAccountFromOrganizationOutput) String() string { 22337 return awsutil.Prettify(s) 22338} 22339 22340// GoString returns the string representation 22341func (s RemoveAccountFromOrganizationOutput) GoString() string { 22342 return s.String() 22343} 22344 22345// Contains details about a root. A root is a top-level parent node in the hierarchy 22346// of an organization that can contain organizational units (OUs) and accounts. 22347// The root contains every AWS account in the organization. 22348type Root struct { 22349 _ struct{} `type:"structure"` 22350 22351 // The Amazon Resource Name (ARN) of the root. 22352 // 22353 // For more information about ARNs in Organizations, see ARN Formats Supported 22354 // by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) 22355 // in the AWS Service Authorization Reference. 22356 Arn *string `type:"string"` 22357 22358 // The unique identifier (ID) for the root. 22359 // 22360 // The regex pattern (http://wikipedia.org/wiki/regex) for a root ID string 22361 // requires "r-" followed by from 4 to 32 lowercase letters or digits. 22362 Id *string `type:"string"` 22363 22364 // The friendly name of the root. 22365 // 22366 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 22367 // this parameter is a string of any of the characters in the ASCII character 22368 // range. 22369 Name *string `min:"1" type:"string"` 22370 22371 // The types of policies that are currently enabled for the root and therefore 22372 // can be attached to the root or to its OUs or accounts. 22373 // 22374 // Even if a policy type is shown as available in the organization, you can 22375 // separately enable and disable them at the root level by using EnablePolicyType 22376 // and DisablePolicyType. Use DescribeOrganization to see the availability of 22377 // the policy types in that organization. 22378 PolicyTypes []*PolicyTypeSummary `type:"list"` 22379} 22380 22381// String returns the string representation 22382func (s Root) String() string { 22383 return awsutil.Prettify(s) 22384} 22385 22386// GoString returns the string representation 22387func (s Root) GoString() string { 22388 return s.String() 22389} 22390 22391// SetArn sets the Arn field's value. 22392func (s *Root) SetArn(v string) *Root { 22393 s.Arn = &v 22394 return s 22395} 22396 22397// SetId sets the Id field's value. 22398func (s *Root) SetId(v string) *Root { 22399 s.Id = &v 22400 return s 22401} 22402 22403// SetName sets the Name field's value. 22404func (s *Root) SetName(v string) *Root { 22405 s.Name = &v 22406 return s 22407} 22408 22409// SetPolicyTypes sets the PolicyTypes field's value. 22410func (s *Root) SetPolicyTypes(v []*PolicyTypeSummary) *Root { 22411 s.PolicyTypes = v 22412 return s 22413} 22414 22415// We can't find a root with the RootId that you specified. 22416type RootNotFoundException struct { 22417 _ struct{} `type:"structure"` 22418 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 22419 22420 Message_ *string `locationName:"Message" type:"string"` 22421} 22422 22423// String returns the string representation 22424func (s RootNotFoundException) String() string { 22425 return awsutil.Prettify(s) 22426} 22427 22428// GoString returns the string representation 22429func (s RootNotFoundException) GoString() string { 22430 return s.String() 22431} 22432 22433func newErrorRootNotFoundException(v protocol.ResponseMetadata) error { 22434 return &RootNotFoundException{ 22435 RespMetadata: v, 22436 } 22437} 22438 22439// Code returns the exception type name. 22440func (s *RootNotFoundException) Code() string { 22441 return "RootNotFoundException" 22442} 22443 22444// Message returns the exception's message. 22445func (s *RootNotFoundException) Message() string { 22446 if s.Message_ != nil { 22447 return *s.Message_ 22448 } 22449 return "" 22450} 22451 22452// OrigErr always returns nil, satisfies awserr.Error interface. 22453func (s *RootNotFoundException) OrigErr() error { 22454 return nil 22455} 22456 22457func (s *RootNotFoundException) Error() string { 22458 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 22459} 22460 22461// Status code returns the HTTP status code for the request's response error. 22462func (s *RootNotFoundException) StatusCode() int { 22463 return s.RespMetadata.StatusCode 22464} 22465 22466// RequestID returns the service's response RequestID for request. 22467func (s *RootNotFoundException) RequestID() string { 22468 return s.RespMetadata.RequestID 22469} 22470 22471// AWS Organizations can't complete your request because of an internal service 22472// error. Try again later. 22473type ServiceException struct { 22474 _ struct{} `type:"structure"` 22475 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 22476 22477 Message_ *string `locationName:"Message" type:"string"` 22478} 22479 22480// String returns the string representation 22481func (s ServiceException) String() string { 22482 return awsutil.Prettify(s) 22483} 22484 22485// GoString returns the string representation 22486func (s ServiceException) GoString() string { 22487 return s.String() 22488} 22489 22490func newErrorServiceException(v protocol.ResponseMetadata) error { 22491 return &ServiceException{ 22492 RespMetadata: v, 22493 } 22494} 22495 22496// Code returns the exception type name. 22497func (s *ServiceException) Code() string { 22498 return "ServiceException" 22499} 22500 22501// Message returns the exception's message. 22502func (s *ServiceException) Message() string { 22503 if s.Message_ != nil { 22504 return *s.Message_ 22505 } 22506 return "" 22507} 22508 22509// OrigErr always returns nil, satisfies awserr.Error interface. 22510func (s *ServiceException) OrigErr() error { 22511 return nil 22512} 22513 22514func (s *ServiceException) Error() string { 22515 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 22516} 22517 22518// Status code returns the HTTP status code for the request's response error. 22519func (s *ServiceException) StatusCode() int { 22520 return s.RespMetadata.StatusCode 22521} 22522 22523// RequestID returns the service's response RequestID for request. 22524func (s *ServiceException) RequestID() string { 22525 return s.RespMetadata.RequestID 22526} 22527 22528// We can't find a source root or OU with the ParentId that you specified. 22529type SourceParentNotFoundException struct { 22530 _ struct{} `type:"structure"` 22531 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 22532 22533 Message_ *string `locationName:"Message" type:"string"` 22534} 22535 22536// String returns the string representation 22537func (s SourceParentNotFoundException) String() string { 22538 return awsutil.Prettify(s) 22539} 22540 22541// GoString returns the string representation 22542func (s SourceParentNotFoundException) GoString() string { 22543 return s.String() 22544} 22545 22546func newErrorSourceParentNotFoundException(v protocol.ResponseMetadata) error { 22547 return &SourceParentNotFoundException{ 22548 RespMetadata: v, 22549 } 22550} 22551 22552// Code returns the exception type name. 22553func (s *SourceParentNotFoundException) Code() string { 22554 return "SourceParentNotFoundException" 22555} 22556 22557// Message returns the exception's message. 22558func (s *SourceParentNotFoundException) Message() string { 22559 if s.Message_ != nil { 22560 return *s.Message_ 22561 } 22562 return "" 22563} 22564 22565// OrigErr always returns nil, satisfies awserr.Error interface. 22566func (s *SourceParentNotFoundException) OrigErr() error { 22567 return nil 22568} 22569 22570func (s *SourceParentNotFoundException) Error() string { 22571 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 22572} 22573 22574// Status code returns the HTTP status code for the request's response error. 22575func (s *SourceParentNotFoundException) StatusCode() int { 22576 return s.RespMetadata.StatusCode 22577} 22578 22579// RequestID returns the service's response RequestID for request. 22580func (s *SourceParentNotFoundException) RequestID() string { 22581 return s.RespMetadata.RequestID 22582} 22583 22584// A custom key-value pair associated with a resource within your organization. 22585// 22586// You can attach tags to any of the following organization resources. 22587// 22588// * AWS account 22589// 22590// * Organizational unit (OU) 22591// 22592// * Organization root 22593// 22594// * Policy 22595type Tag struct { 22596 _ struct{} `type:"structure"` 22597 22598 // The key identifier, or name, of the tag. 22599 // 22600 // Key is a required field 22601 Key *string `min:"1" type:"string" required:"true"` 22602 22603 // The string value that's associated with the key of the tag. You can set the 22604 // value of a tag to an empty string, but you can't set the value of a tag to 22605 // null. 22606 // 22607 // Value is a required field 22608 Value *string `type:"string" required:"true"` 22609} 22610 22611// String returns the string representation 22612func (s Tag) String() string { 22613 return awsutil.Prettify(s) 22614} 22615 22616// GoString returns the string representation 22617func (s Tag) GoString() string { 22618 return s.String() 22619} 22620 22621// Validate inspects the fields of the type to determine if they are valid. 22622func (s *Tag) Validate() error { 22623 invalidParams := request.ErrInvalidParams{Context: "Tag"} 22624 if s.Key == nil { 22625 invalidParams.Add(request.NewErrParamRequired("Key")) 22626 } 22627 if s.Key != nil && len(*s.Key) < 1 { 22628 invalidParams.Add(request.NewErrParamMinLen("Key", 1)) 22629 } 22630 if s.Value == nil { 22631 invalidParams.Add(request.NewErrParamRequired("Value")) 22632 } 22633 22634 if invalidParams.Len() > 0 { 22635 return invalidParams 22636 } 22637 return nil 22638} 22639 22640// SetKey sets the Key field's value. 22641func (s *Tag) SetKey(v string) *Tag { 22642 s.Key = &v 22643 return s 22644} 22645 22646// SetValue sets the Value field's value. 22647func (s *Tag) SetValue(v string) *Tag { 22648 s.Value = &v 22649 return s 22650} 22651 22652type TagResourceInput struct { 22653 _ struct{} `type:"structure"` 22654 22655 // The ID of the resource to add a tag to. 22656 // 22657 // ResourceId is a required field 22658 ResourceId *string `type:"string" required:"true"` 22659 22660 // A list of tags to add to the specified resource. 22661 // 22662 // You can specify any of the following taggable resources. 22663 // 22664 // * AWS account – specify the account ID number. 22665 // 22666 // * Organizational unit – specify the OU ID that begins with ou- and looks 22667 // similar to: ou-1a2b-34uvwxyz 22668 // 22669 // * Root – specify the root ID that begins with r- and looks similar to: 22670 // r-1a2b 22671 // 22672 // * Policy – specify the policy ID that begins with p- andlooks similar 22673 // to: p-12abcdefg3 22674 // 22675 // For each tag in the list, you must specify both a tag key and a value. You 22676 // can set the value to an empty string, but you can't set it to null. 22677 // 22678 // If any one of the tags is invalid or if you exceed the allowed number of 22679 // tags for an account user, then the entire request fails and the account is 22680 // not created. 22681 // 22682 // Tags is a required field 22683 Tags []*Tag `type:"list" required:"true"` 22684} 22685 22686// String returns the string representation 22687func (s TagResourceInput) String() string { 22688 return awsutil.Prettify(s) 22689} 22690 22691// GoString returns the string representation 22692func (s TagResourceInput) GoString() string { 22693 return s.String() 22694} 22695 22696// Validate inspects the fields of the type to determine if they are valid. 22697func (s *TagResourceInput) Validate() error { 22698 invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"} 22699 if s.ResourceId == nil { 22700 invalidParams.Add(request.NewErrParamRequired("ResourceId")) 22701 } 22702 if s.Tags == nil { 22703 invalidParams.Add(request.NewErrParamRequired("Tags")) 22704 } 22705 if s.Tags != nil { 22706 for i, v := range s.Tags { 22707 if v == nil { 22708 continue 22709 } 22710 if err := v.Validate(); err != nil { 22711 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 22712 } 22713 } 22714 } 22715 22716 if invalidParams.Len() > 0 { 22717 return invalidParams 22718 } 22719 return nil 22720} 22721 22722// SetResourceId sets the ResourceId field's value. 22723func (s *TagResourceInput) SetResourceId(v string) *TagResourceInput { 22724 s.ResourceId = &v 22725 return s 22726} 22727 22728// SetTags sets the Tags field's value. 22729func (s *TagResourceInput) SetTags(v []*Tag) *TagResourceInput { 22730 s.Tags = v 22731 return s 22732} 22733 22734type TagResourceOutput struct { 22735 _ struct{} `type:"structure"` 22736} 22737 22738// String returns the string representation 22739func (s TagResourceOutput) String() string { 22740 return awsutil.Prettify(s) 22741} 22742 22743// GoString returns the string representation 22744func (s TagResourceOutput) GoString() string { 22745 return s.String() 22746} 22747 22748// We can't find a root, OU, account, or policy with the TargetId that you specified. 22749type TargetNotFoundException struct { 22750 _ struct{} `type:"structure"` 22751 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 22752 22753 Message_ *string `locationName:"Message" type:"string"` 22754} 22755 22756// String returns the string representation 22757func (s TargetNotFoundException) String() string { 22758 return awsutil.Prettify(s) 22759} 22760 22761// GoString returns the string representation 22762func (s TargetNotFoundException) GoString() string { 22763 return s.String() 22764} 22765 22766func newErrorTargetNotFoundException(v protocol.ResponseMetadata) error { 22767 return &TargetNotFoundException{ 22768 RespMetadata: v, 22769 } 22770} 22771 22772// Code returns the exception type name. 22773func (s *TargetNotFoundException) Code() string { 22774 return "TargetNotFoundException" 22775} 22776 22777// Message returns the exception's message. 22778func (s *TargetNotFoundException) Message() string { 22779 if s.Message_ != nil { 22780 return *s.Message_ 22781 } 22782 return "" 22783} 22784 22785// OrigErr always returns nil, satisfies awserr.Error interface. 22786func (s *TargetNotFoundException) OrigErr() error { 22787 return nil 22788} 22789 22790func (s *TargetNotFoundException) Error() string { 22791 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 22792} 22793 22794// Status code returns the HTTP status code for the request's response error. 22795func (s *TargetNotFoundException) StatusCode() int { 22796 return s.RespMetadata.StatusCode 22797} 22798 22799// RequestID returns the service's response RequestID for request. 22800func (s *TargetNotFoundException) RequestID() string { 22801 return s.RespMetadata.RequestID 22802} 22803 22804// You have sent too many requests in too short a period of time. The quota 22805// helps protect against denial-of-service attacks. Try again later. 22806// 22807// For information about quotas that affect AWS Organizations, see Quotas for 22808// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 22809// the AWS Organizations User Guide. 22810type TooManyRequestsException struct { 22811 _ struct{} `type:"structure"` 22812 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 22813 22814 Message_ *string `locationName:"Message" type:"string"` 22815 22816 Type *string `type:"string"` 22817} 22818 22819// String returns the string representation 22820func (s TooManyRequestsException) String() string { 22821 return awsutil.Prettify(s) 22822} 22823 22824// GoString returns the string representation 22825func (s TooManyRequestsException) GoString() string { 22826 return s.String() 22827} 22828 22829func newErrorTooManyRequestsException(v protocol.ResponseMetadata) error { 22830 return &TooManyRequestsException{ 22831 RespMetadata: v, 22832 } 22833} 22834 22835// Code returns the exception type name. 22836func (s *TooManyRequestsException) Code() string { 22837 return "TooManyRequestsException" 22838} 22839 22840// Message returns the exception's message. 22841func (s *TooManyRequestsException) Message() string { 22842 if s.Message_ != nil { 22843 return *s.Message_ 22844 } 22845 return "" 22846} 22847 22848// OrigErr always returns nil, satisfies awserr.Error interface. 22849func (s *TooManyRequestsException) OrigErr() error { 22850 return nil 22851} 22852 22853func (s *TooManyRequestsException) Error() string { 22854 return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) 22855} 22856 22857// Status code returns the HTTP status code for the request's response error. 22858func (s *TooManyRequestsException) StatusCode() int { 22859 return s.RespMetadata.StatusCode 22860} 22861 22862// RequestID returns the service's response RequestID for request. 22863func (s *TooManyRequestsException) RequestID() string { 22864 return s.RespMetadata.RequestID 22865} 22866 22867// This action isn't available in the current AWS Region. 22868type UnsupportedAPIEndpointException struct { 22869 _ struct{} `type:"structure"` 22870 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 22871 22872 Message_ *string `locationName:"Message" type:"string"` 22873} 22874 22875// String returns the string representation 22876func (s UnsupportedAPIEndpointException) String() string { 22877 return awsutil.Prettify(s) 22878} 22879 22880// GoString returns the string representation 22881func (s UnsupportedAPIEndpointException) GoString() string { 22882 return s.String() 22883} 22884 22885func newErrorUnsupportedAPIEndpointException(v protocol.ResponseMetadata) error { 22886 return &UnsupportedAPIEndpointException{ 22887 RespMetadata: v, 22888 } 22889} 22890 22891// Code returns the exception type name. 22892func (s *UnsupportedAPIEndpointException) Code() string { 22893 return "UnsupportedAPIEndpointException" 22894} 22895 22896// Message returns the exception's message. 22897func (s *UnsupportedAPIEndpointException) Message() string { 22898 if s.Message_ != nil { 22899 return *s.Message_ 22900 } 22901 return "" 22902} 22903 22904// OrigErr always returns nil, satisfies awserr.Error interface. 22905func (s *UnsupportedAPIEndpointException) OrigErr() error { 22906 return nil 22907} 22908 22909func (s *UnsupportedAPIEndpointException) Error() string { 22910 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 22911} 22912 22913// Status code returns the HTTP status code for the request's response error. 22914func (s *UnsupportedAPIEndpointException) StatusCode() int { 22915 return s.RespMetadata.StatusCode 22916} 22917 22918// RequestID returns the service's response RequestID for request. 22919func (s *UnsupportedAPIEndpointException) RequestID() string { 22920 return s.RespMetadata.RequestID 22921} 22922 22923type UntagResourceInput struct { 22924 _ struct{} `type:"structure"` 22925 22926 // The ID of the resource to remove a tag from. 22927 // 22928 // You can specify any of the following taggable resources. 22929 // 22930 // * AWS account – specify the account ID number. 22931 // 22932 // * Organizational unit – specify the OU ID that begins with ou- and looks 22933 // similar to: ou-1a2b-34uvwxyz 22934 // 22935 // * Root – specify the root ID that begins with r- and looks similar to: 22936 // r-1a2b 22937 // 22938 // * Policy – specify the policy ID that begins with p- andlooks similar 22939 // to: p-12abcdefg3 22940 // 22941 // ResourceId is a required field 22942 ResourceId *string `type:"string" required:"true"` 22943 22944 // The list of keys for tags to remove from the specified resource. 22945 // 22946 // TagKeys is a required field 22947 TagKeys []*string `type:"list" required:"true"` 22948} 22949 22950// String returns the string representation 22951func (s UntagResourceInput) String() string { 22952 return awsutil.Prettify(s) 22953} 22954 22955// GoString returns the string representation 22956func (s UntagResourceInput) GoString() string { 22957 return s.String() 22958} 22959 22960// Validate inspects the fields of the type to determine if they are valid. 22961func (s *UntagResourceInput) Validate() error { 22962 invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"} 22963 if s.ResourceId == nil { 22964 invalidParams.Add(request.NewErrParamRequired("ResourceId")) 22965 } 22966 if s.TagKeys == nil { 22967 invalidParams.Add(request.NewErrParamRequired("TagKeys")) 22968 } 22969 22970 if invalidParams.Len() > 0 { 22971 return invalidParams 22972 } 22973 return nil 22974} 22975 22976// SetResourceId sets the ResourceId field's value. 22977func (s *UntagResourceInput) SetResourceId(v string) *UntagResourceInput { 22978 s.ResourceId = &v 22979 return s 22980} 22981 22982// SetTagKeys sets the TagKeys field's value. 22983func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput { 22984 s.TagKeys = v 22985 return s 22986} 22987 22988type UntagResourceOutput struct { 22989 _ struct{} `type:"structure"` 22990} 22991 22992// String returns the string representation 22993func (s UntagResourceOutput) String() string { 22994 return awsutil.Prettify(s) 22995} 22996 22997// GoString returns the string representation 22998func (s UntagResourceOutput) GoString() string { 22999 return s.String() 23000} 23001 23002type UpdateOrganizationalUnitInput struct { 23003 _ struct{} `type:"structure"` 23004 23005 // The new name that you want to assign to the OU. 23006 // 23007 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 23008 // this parameter is a string of any of the characters in the ASCII character 23009 // range. 23010 Name *string `min:"1" type:"string"` 23011 23012 // The unique identifier (ID) of the OU that you want to rename. You can get 23013 // the ID from the ListOrganizationalUnitsForParent operation. 23014 // 23015 // The regex pattern (http://wikipedia.org/wiki/regex) for an organizational 23016 // unit ID string requires "ou-" followed by from 4 to 32 lowercase letters 23017 // or digits (the ID of the root that contains the OU). This string is followed 23018 // by a second "-" dash and from 8 to 32 additional lowercase letters or digits. 23019 // 23020 // OrganizationalUnitId is a required field 23021 OrganizationalUnitId *string `type:"string" required:"true"` 23022} 23023 23024// String returns the string representation 23025func (s UpdateOrganizationalUnitInput) String() string { 23026 return awsutil.Prettify(s) 23027} 23028 23029// GoString returns the string representation 23030func (s UpdateOrganizationalUnitInput) GoString() string { 23031 return s.String() 23032} 23033 23034// Validate inspects the fields of the type to determine if they are valid. 23035func (s *UpdateOrganizationalUnitInput) Validate() error { 23036 invalidParams := request.ErrInvalidParams{Context: "UpdateOrganizationalUnitInput"} 23037 if s.Name != nil && len(*s.Name) < 1 { 23038 invalidParams.Add(request.NewErrParamMinLen("Name", 1)) 23039 } 23040 if s.OrganizationalUnitId == nil { 23041 invalidParams.Add(request.NewErrParamRequired("OrganizationalUnitId")) 23042 } 23043 23044 if invalidParams.Len() > 0 { 23045 return invalidParams 23046 } 23047 return nil 23048} 23049 23050// SetName sets the Name field's value. 23051func (s *UpdateOrganizationalUnitInput) SetName(v string) *UpdateOrganizationalUnitInput { 23052 s.Name = &v 23053 return s 23054} 23055 23056// SetOrganizationalUnitId sets the OrganizationalUnitId field's value. 23057func (s *UpdateOrganizationalUnitInput) SetOrganizationalUnitId(v string) *UpdateOrganizationalUnitInput { 23058 s.OrganizationalUnitId = &v 23059 return s 23060} 23061 23062type UpdateOrganizationalUnitOutput struct { 23063 _ struct{} `type:"structure"` 23064 23065 // A structure that contains the details about the specified OU, including its 23066 // new name. 23067 OrganizationalUnit *OrganizationalUnit `type:"structure"` 23068} 23069 23070// String returns the string representation 23071func (s UpdateOrganizationalUnitOutput) String() string { 23072 return awsutil.Prettify(s) 23073} 23074 23075// GoString returns the string representation 23076func (s UpdateOrganizationalUnitOutput) GoString() string { 23077 return s.String() 23078} 23079 23080// SetOrganizationalUnit sets the OrganizationalUnit field's value. 23081func (s *UpdateOrganizationalUnitOutput) SetOrganizationalUnit(v *OrganizationalUnit) *UpdateOrganizationalUnitOutput { 23082 s.OrganizationalUnit = v 23083 return s 23084} 23085 23086type UpdatePolicyInput struct { 23087 _ struct{} `type:"structure"` 23088 23089 // If provided, the new content for the policy. The text must be correctly formatted 23090 // JSON that complies with the syntax for the policy's type. For more information, 23091 // see Service Control Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html) 23092 // in the AWS Organizations User Guide. 23093 Content *string `min:"1" type:"string"` 23094 23095 // If provided, the new description for the policy. 23096 Description *string `type:"string"` 23097 23098 // If provided, the new name for the policy. 23099 // 23100 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 23101 // this parameter is a string of any of the characters in the ASCII character 23102 // range. 23103 Name *string `min:"1" type:"string"` 23104 23105 // The unique identifier (ID) of the policy that you want to update. 23106 // 23107 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 23108 // requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits, 23109 // or the underscore character (_). 23110 // 23111 // PolicyId is a required field 23112 PolicyId *string `type:"string" required:"true"` 23113} 23114 23115// String returns the string representation 23116func (s UpdatePolicyInput) String() string { 23117 return awsutil.Prettify(s) 23118} 23119 23120// GoString returns the string representation 23121func (s UpdatePolicyInput) GoString() string { 23122 return s.String() 23123} 23124 23125// Validate inspects the fields of the type to determine if they are valid. 23126func (s *UpdatePolicyInput) Validate() error { 23127 invalidParams := request.ErrInvalidParams{Context: "UpdatePolicyInput"} 23128 if s.Content != nil && len(*s.Content) < 1 { 23129 invalidParams.Add(request.NewErrParamMinLen("Content", 1)) 23130 } 23131 if s.Name != nil && len(*s.Name) < 1 { 23132 invalidParams.Add(request.NewErrParamMinLen("Name", 1)) 23133 } 23134 if s.PolicyId == nil { 23135 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 23136 } 23137 23138 if invalidParams.Len() > 0 { 23139 return invalidParams 23140 } 23141 return nil 23142} 23143 23144// SetContent sets the Content field's value. 23145func (s *UpdatePolicyInput) SetContent(v string) *UpdatePolicyInput { 23146 s.Content = &v 23147 return s 23148} 23149 23150// SetDescription sets the Description field's value. 23151func (s *UpdatePolicyInput) SetDescription(v string) *UpdatePolicyInput { 23152 s.Description = &v 23153 return s 23154} 23155 23156// SetName sets the Name field's value. 23157func (s *UpdatePolicyInput) SetName(v string) *UpdatePolicyInput { 23158 s.Name = &v 23159 return s 23160} 23161 23162// SetPolicyId sets the PolicyId field's value. 23163func (s *UpdatePolicyInput) SetPolicyId(v string) *UpdatePolicyInput { 23164 s.PolicyId = &v 23165 return s 23166} 23167 23168type UpdatePolicyOutput struct { 23169 _ struct{} `type:"structure"` 23170 23171 // A structure that contains details about the updated policy, showing the requested 23172 // changes. 23173 Policy *Policy `type:"structure"` 23174} 23175 23176// String returns the string representation 23177func (s UpdatePolicyOutput) String() string { 23178 return awsutil.Prettify(s) 23179} 23180 23181// GoString returns the string representation 23182func (s UpdatePolicyOutput) GoString() string { 23183 return s.String() 23184} 23185 23186// SetPolicy sets the Policy field's value. 23187func (s *UpdatePolicyOutput) SetPolicy(v *Policy) *UpdatePolicyOutput { 23188 s.Policy = v 23189 return s 23190} 23191 23192const ( 23193 // AccessDeniedForDependencyExceptionReasonAccessDeniedDuringCreateServiceLinkedRole is a AccessDeniedForDependencyExceptionReason enum value 23194 AccessDeniedForDependencyExceptionReasonAccessDeniedDuringCreateServiceLinkedRole = "ACCESS_DENIED_DURING_CREATE_SERVICE_LINKED_ROLE" 23195) 23196 23197// AccessDeniedForDependencyExceptionReason_Values returns all elements of the AccessDeniedForDependencyExceptionReason enum 23198func AccessDeniedForDependencyExceptionReason_Values() []string { 23199 return []string{ 23200 AccessDeniedForDependencyExceptionReasonAccessDeniedDuringCreateServiceLinkedRole, 23201 } 23202} 23203 23204const ( 23205 // AccountJoinedMethodInvited is a AccountJoinedMethod enum value 23206 AccountJoinedMethodInvited = "INVITED" 23207 23208 // AccountJoinedMethodCreated is a AccountJoinedMethod enum value 23209 AccountJoinedMethodCreated = "CREATED" 23210) 23211 23212// AccountJoinedMethod_Values returns all elements of the AccountJoinedMethod enum 23213func AccountJoinedMethod_Values() []string { 23214 return []string{ 23215 AccountJoinedMethodInvited, 23216 AccountJoinedMethodCreated, 23217 } 23218} 23219 23220const ( 23221 // AccountStatusActive is a AccountStatus enum value 23222 AccountStatusActive = "ACTIVE" 23223 23224 // AccountStatusSuspended is a AccountStatus enum value 23225 AccountStatusSuspended = "SUSPENDED" 23226) 23227 23228// AccountStatus_Values returns all elements of the AccountStatus enum 23229func AccountStatus_Values() []string { 23230 return []string{ 23231 AccountStatusActive, 23232 AccountStatusSuspended, 23233 } 23234} 23235 23236const ( 23237 // ActionTypeInvite is a ActionType enum value 23238 ActionTypeInvite = "INVITE" 23239 23240 // ActionTypeEnableAllFeatures is a ActionType enum value 23241 ActionTypeEnableAllFeatures = "ENABLE_ALL_FEATURES" 23242 23243 // ActionTypeApproveAllFeatures is a ActionType enum value 23244 ActionTypeApproveAllFeatures = "APPROVE_ALL_FEATURES" 23245 23246 // ActionTypeAddOrganizationsServiceLinkedRole is a ActionType enum value 23247 ActionTypeAddOrganizationsServiceLinkedRole = "ADD_ORGANIZATIONS_SERVICE_LINKED_ROLE" 23248) 23249 23250// ActionType_Values returns all elements of the ActionType enum 23251func ActionType_Values() []string { 23252 return []string{ 23253 ActionTypeInvite, 23254 ActionTypeEnableAllFeatures, 23255 ActionTypeApproveAllFeatures, 23256 ActionTypeAddOrganizationsServiceLinkedRole, 23257 } 23258} 23259 23260const ( 23261 // ChildTypeAccount is a ChildType enum value 23262 ChildTypeAccount = "ACCOUNT" 23263 23264 // ChildTypeOrganizationalUnit is a ChildType enum value 23265 ChildTypeOrganizationalUnit = "ORGANIZATIONAL_UNIT" 23266) 23267 23268// ChildType_Values returns all elements of the ChildType enum 23269func ChildType_Values() []string { 23270 return []string{ 23271 ChildTypeAccount, 23272 ChildTypeOrganizationalUnit, 23273 } 23274} 23275 23276const ( 23277 // ConstraintViolationExceptionReasonAccountNumberLimitExceeded is a ConstraintViolationExceptionReason enum value 23278 ConstraintViolationExceptionReasonAccountNumberLimitExceeded = "ACCOUNT_NUMBER_LIMIT_EXCEEDED" 23279 23280 // ConstraintViolationExceptionReasonHandshakeRateLimitExceeded is a ConstraintViolationExceptionReason enum value 23281 ConstraintViolationExceptionReasonHandshakeRateLimitExceeded = "HANDSHAKE_RATE_LIMIT_EXCEEDED" 23282 23283 // ConstraintViolationExceptionReasonOuNumberLimitExceeded is a ConstraintViolationExceptionReason enum value 23284 ConstraintViolationExceptionReasonOuNumberLimitExceeded = "OU_NUMBER_LIMIT_EXCEEDED" 23285 23286 // ConstraintViolationExceptionReasonOuDepthLimitExceeded is a ConstraintViolationExceptionReason enum value 23287 ConstraintViolationExceptionReasonOuDepthLimitExceeded = "OU_DEPTH_LIMIT_EXCEEDED" 23288 23289 // ConstraintViolationExceptionReasonPolicyNumberLimitExceeded is a ConstraintViolationExceptionReason enum value 23290 ConstraintViolationExceptionReasonPolicyNumberLimitExceeded = "POLICY_NUMBER_LIMIT_EXCEEDED" 23291 23292 // ConstraintViolationExceptionReasonPolicyContentLimitExceeded is a ConstraintViolationExceptionReason enum value 23293 ConstraintViolationExceptionReasonPolicyContentLimitExceeded = "POLICY_CONTENT_LIMIT_EXCEEDED" 23294 23295 // ConstraintViolationExceptionReasonMaxPolicyTypeAttachmentLimitExceeded is a ConstraintViolationExceptionReason enum value 23296 ConstraintViolationExceptionReasonMaxPolicyTypeAttachmentLimitExceeded = "MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED" 23297 23298 // ConstraintViolationExceptionReasonMinPolicyTypeAttachmentLimitExceeded is a ConstraintViolationExceptionReason enum value 23299 ConstraintViolationExceptionReasonMinPolicyTypeAttachmentLimitExceeded = "MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED" 23300 23301 // ConstraintViolationExceptionReasonAccountCannotLeaveOrganization is a ConstraintViolationExceptionReason enum value 23302 ConstraintViolationExceptionReasonAccountCannotLeaveOrganization = "ACCOUNT_CANNOT_LEAVE_ORGANIZATION" 23303 23304 // ConstraintViolationExceptionReasonAccountCannotLeaveWithoutEula is a ConstraintViolationExceptionReason enum value 23305 ConstraintViolationExceptionReasonAccountCannotLeaveWithoutEula = "ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA" 23306 23307 // ConstraintViolationExceptionReasonAccountCannotLeaveWithoutPhoneVerification is a ConstraintViolationExceptionReason enum value 23308 ConstraintViolationExceptionReasonAccountCannotLeaveWithoutPhoneVerification = "ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION" 23309 23310 // ConstraintViolationExceptionReasonMasterAccountPaymentInstrumentRequired is a ConstraintViolationExceptionReason enum value 23311 ConstraintViolationExceptionReasonMasterAccountPaymentInstrumentRequired = "MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED" 23312 23313 // ConstraintViolationExceptionReasonMemberAccountPaymentInstrumentRequired is a ConstraintViolationExceptionReason enum value 23314 ConstraintViolationExceptionReasonMemberAccountPaymentInstrumentRequired = "MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED" 23315 23316 // ConstraintViolationExceptionReasonAccountCreationRateLimitExceeded is a ConstraintViolationExceptionReason enum value 23317 ConstraintViolationExceptionReasonAccountCreationRateLimitExceeded = "ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED" 23318 23319 // ConstraintViolationExceptionReasonMasterAccountAddressDoesNotMatchMarketplace is a ConstraintViolationExceptionReason enum value 23320 ConstraintViolationExceptionReasonMasterAccountAddressDoesNotMatchMarketplace = "MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE" 23321 23322 // ConstraintViolationExceptionReasonMasterAccountMissingContactInfo is a ConstraintViolationExceptionReason enum value 23323 ConstraintViolationExceptionReasonMasterAccountMissingContactInfo = "MASTER_ACCOUNT_MISSING_CONTACT_INFO" 23324 23325 // ConstraintViolationExceptionReasonMasterAccountNotGovcloudEnabled is a ConstraintViolationExceptionReason enum value 23326 ConstraintViolationExceptionReasonMasterAccountNotGovcloudEnabled = "MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED" 23327 23328 // ConstraintViolationExceptionReasonOrganizationNotInAllFeaturesMode is a ConstraintViolationExceptionReason enum value 23329 ConstraintViolationExceptionReasonOrganizationNotInAllFeaturesMode = "ORGANIZATION_NOT_IN_ALL_FEATURES_MODE" 23330 23331 // ConstraintViolationExceptionReasonCreateOrganizationInBillingModeUnsupportedRegion is a ConstraintViolationExceptionReason enum value 23332 ConstraintViolationExceptionReasonCreateOrganizationInBillingModeUnsupportedRegion = "CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION" 23333 23334 // ConstraintViolationExceptionReasonEmailVerificationCodeExpired is a ConstraintViolationExceptionReason enum value 23335 ConstraintViolationExceptionReasonEmailVerificationCodeExpired = "EMAIL_VERIFICATION_CODE_EXPIRED" 23336 23337 // ConstraintViolationExceptionReasonWaitPeriodActive is a ConstraintViolationExceptionReason enum value 23338 ConstraintViolationExceptionReasonWaitPeriodActive = "WAIT_PERIOD_ACTIVE" 23339 23340 // ConstraintViolationExceptionReasonMaxTagLimitExceeded is a ConstraintViolationExceptionReason enum value 23341 ConstraintViolationExceptionReasonMaxTagLimitExceeded = "MAX_TAG_LIMIT_EXCEEDED" 23342 23343 // ConstraintViolationExceptionReasonTagPolicyViolation is a ConstraintViolationExceptionReason enum value 23344 ConstraintViolationExceptionReasonTagPolicyViolation = "TAG_POLICY_VIOLATION" 23345 23346 // ConstraintViolationExceptionReasonMaxDelegatedAdministratorsForServiceLimitExceeded is a ConstraintViolationExceptionReason enum value 23347 ConstraintViolationExceptionReasonMaxDelegatedAdministratorsForServiceLimitExceeded = "MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED" 23348 23349 // ConstraintViolationExceptionReasonCannotRegisterMasterAsDelegatedAdministrator is a ConstraintViolationExceptionReason enum value 23350 ConstraintViolationExceptionReasonCannotRegisterMasterAsDelegatedAdministrator = "CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR" 23351 23352 // ConstraintViolationExceptionReasonCannotRemoveDelegatedAdministratorFromOrg is a ConstraintViolationExceptionReason enum value 23353 ConstraintViolationExceptionReasonCannotRemoveDelegatedAdministratorFromOrg = "CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG" 23354 23355 // ConstraintViolationExceptionReasonDelegatedAdministratorExistsForThisService is a ConstraintViolationExceptionReason enum value 23356 ConstraintViolationExceptionReasonDelegatedAdministratorExistsForThisService = "DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE" 23357 23358 // ConstraintViolationExceptionReasonMasterAccountMissingBusinessLicense is a ConstraintViolationExceptionReason enum value 23359 ConstraintViolationExceptionReasonMasterAccountMissingBusinessLicense = "MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE" 23360) 23361 23362// ConstraintViolationExceptionReason_Values returns all elements of the ConstraintViolationExceptionReason enum 23363func ConstraintViolationExceptionReason_Values() []string { 23364 return []string{ 23365 ConstraintViolationExceptionReasonAccountNumberLimitExceeded, 23366 ConstraintViolationExceptionReasonHandshakeRateLimitExceeded, 23367 ConstraintViolationExceptionReasonOuNumberLimitExceeded, 23368 ConstraintViolationExceptionReasonOuDepthLimitExceeded, 23369 ConstraintViolationExceptionReasonPolicyNumberLimitExceeded, 23370 ConstraintViolationExceptionReasonPolicyContentLimitExceeded, 23371 ConstraintViolationExceptionReasonMaxPolicyTypeAttachmentLimitExceeded, 23372 ConstraintViolationExceptionReasonMinPolicyTypeAttachmentLimitExceeded, 23373 ConstraintViolationExceptionReasonAccountCannotLeaveOrganization, 23374 ConstraintViolationExceptionReasonAccountCannotLeaveWithoutEula, 23375 ConstraintViolationExceptionReasonAccountCannotLeaveWithoutPhoneVerification, 23376 ConstraintViolationExceptionReasonMasterAccountPaymentInstrumentRequired, 23377 ConstraintViolationExceptionReasonMemberAccountPaymentInstrumentRequired, 23378 ConstraintViolationExceptionReasonAccountCreationRateLimitExceeded, 23379 ConstraintViolationExceptionReasonMasterAccountAddressDoesNotMatchMarketplace, 23380 ConstraintViolationExceptionReasonMasterAccountMissingContactInfo, 23381 ConstraintViolationExceptionReasonMasterAccountNotGovcloudEnabled, 23382 ConstraintViolationExceptionReasonOrganizationNotInAllFeaturesMode, 23383 ConstraintViolationExceptionReasonCreateOrganizationInBillingModeUnsupportedRegion, 23384 ConstraintViolationExceptionReasonEmailVerificationCodeExpired, 23385 ConstraintViolationExceptionReasonWaitPeriodActive, 23386 ConstraintViolationExceptionReasonMaxTagLimitExceeded, 23387 ConstraintViolationExceptionReasonTagPolicyViolation, 23388 ConstraintViolationExceptionReasonMaxDelegatedAdministratorsForServiceLimitExceeded, 23389 ConstraintViolationExceptionReasonCannotRegisterMasterAsDelegatedAdministrator, 23390 ConstraintViolationExceptionReasonCannotRemoveDelegatedAdministratorFromOrg, 23391 ConstraintViolationExceptionReasonDelegatedAdministratorExistsForThisService, 23392 ConstraintViolationExceptionReasonMasterAccountMissingBusinessLicense, 23393 } 23394} 23395 23396const ( 23397 // CreateAccountFailureReasonAccountLimitExceeded is a CreateAccountFailureReason enum value 23398 CreateAccountFailureReasonAccountLimitExceeded = "ACCOUNT_LIMIT_EXCEEDED" 23399 23400 // CreateAccountFailureReasonEmailAlreadyExists is a CreateAccountFailureReason enum value 23401 CreateAccountFailureReasonEmailAlreadyExists = "EMAIL_ALREADY_EXISTS" 23402 23403 // CreateAccountFailureReasonInvalidAddress is a CreateAccountFailureReason enum value 23404 CreateAccountFailureReasonInvalidAddress = "INVALID_ADDRESS" 23405 23406 // CreateAccountFailureReasonInvalidEmail is a CreateAccountFailureReason enum value 23407 CreateAccountFailureReasonInvalidEmail = "INVALID_EMAIL" 23408 23409 // CreateAccountFailureReasonConcurrentAccountModification is a CreateAccountFailureReason enum value 23410 CreateAccountFailureReasonConcurrentAccountModification = "CONCURRENT_ACCOUNT_MODIFICATION" 23411 23412 // CreateAccountFailureReasonInternalFailure is a CreateAccountFailureReason enum value 23413 CreateAccountFailureReasonInternalFailure = "INTERNAL_FAILURE" 23414 23415 // CreateAccountFailureReasonGovcloudAccountAlreadyExists is a CreateAccountFailureReason enum value 23416 CreateAccountFailureReasonGovcloudAccountAlreadyExists = "GOVCLOUD_ACCOUNT_ALREADY_EXISTS" 23417 23418 // CreateAccountFailureReasonMissingBusinessValidation is a CreateAccountFailureReason enum value 23419 CreateAccountFailureReasonMissingBusinessValidation = "MISSING_BUSINESS_VALIDATION" 23420 23421 // CreateAccountFailureReasonFailedBusinessValidation is a CreateAccountFailureReason enum value 23422 CreateAccountFailureReasonFailedBusinessValidation = "FAILED_BUSINESS_VALIDATION" 23423 23424 // CreateAccountFailureReasonPendingBusinessValidation is a CreateAccountFailureReason enum value 23425 CreateAccountFailureReasonPendingBusinessValidation = "PENDING_BUSINESS_VALIDATION" 23426 23427 // CreateAccountFailureReasonInvalidIdentityForBusinessValidation is a CreateAccountFailureReason enum value 23428 CreateAccountFailureReasonInvalidIdentityForBusinessValidation = "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION" 23429 23430 // CreateAccountFailureReasonUnknownBusinessValidation is a CreateAccountFailureReason enum value 23431 CreateAccountFailureReasonUnknownBusinessValidation = "UNKNOWN_BUSINESS_VALIDATION" 23432 23433 // CreateAccountFailureReasonMissingPaymentInstrument is a CreateAccountFailureReason enum value 23434 CreateAccountFailureReasonMissingPaymentInstrument = "MISSING_PAYMENT_INSTRUMENT" 23435) 23436 23437// CreateAccountFailureReason_Values returns all elements of the CreateAccountFailureReason enum 23438func CreateAccountFailureReason_Values() []string { 23439 return []string{ 23440 CreateAccountFailureReasonAccountLimitExceeded, 23441 CreateAccountFailureReasonEmailAlreadyExists, 23442 CreateAccountFailureReasonInvalidAddress, 23443 CreateAccountFailureReasonInvalidEmail, 23444 CreateAccountFailureReasonConcurrentAccountModification, 23445 CreateAccountFailureReasonInternalFailure, 23446 CreateAccountFailureReasonGovcloudAccountAlreadyExists, 23447 CreateAccountFailureReasonMissingBusinessValidation, 23448 CreateAccountFailureReasonFailedBusinessValidation, 23449 CreateAccountFailureReasonPendingBusinessValidation, 23450 CreateAccountFailureReasonInvalidIdentityForBusinessValidation, 23451 CreateAccountFailureReasonUnknownBusinessValidation, 23452 CreateAccountFailureReasonMissingPaymentInstrument, 23453 } 23454} 23455 23456const ( 23457 // CreateAccountStateInProgress is a CreateAccountState enum value 23458 CreateAccountStateInProgress = "IN_PROGRESS" 23459 23460 // CreateAccountStateSucceeded is a CreateAccountState enum value 23461 CreateAccountStateSucceeded = "SUCCEEDED" 23462 23463 // CreateAccountStateFailed is a CreateAccountState enum value 23464 CreateAccountStateFailed = "FAILED" 23465) 23466 23467// CreateAccountState_Values returns all elements of the CreateAccountState enum 23468func CreateAccountState_Values() []string { 23469 return []string{ 23470 CreateAccountStateInProgress, 23471 CreateAccountStateSucceeded, 23472 CreateAccountStateFailed, 23473 } 23474} 23475 23476const ( 23477 // EffectivePolicyTypeTagPolicy is a EffectivePolicyType enum value 23478 EffectivePolicyTypeTagPolicy = "TAG_POLICY" 23479 23480 // EffectivePolicyTypeBackupPolicy is a EffectivePolicyType enum value 23481 EffectivePolicyTypeBackupPolicy = "BACKUP_POLICY" 23482 23483 // EffectivePolicyTypeAiservicesOptOutPolicy is a EffectivePolicyType enum value 23484 EffectivePolicyTypeAiservicesOptOutPolicy = "AISERVICES_OPT_OUT_POLICY" 23485) 23486 23487// EffectivePolicyType_Values returns all elements of the EffectivePolicyType enum 23488func EffectivePolicyType_Values() []string { 23489 return []string{ 23490 EffectivePolicyTypeTagPolicy, 23491 EffectivePolicyTypeBackupPolicy, 23492 EffectivePolicyTypeAiservicesOptOutPolicy, 23493 } 23494} 23495 23496const ( 23497 // HandshakeConstraintViolationExceptionReasonAccountNumberLimitExceeded is a HandshakeConstraintViolationExceptionReason enum value 23498 HandshakeConstraintViolationExceptionReasonAccountNumberLimitExceeded = "ACCOUNT_NUMBER_LIMIT_EXCEEDED" 23499 23500 // HandshakeConstraintViolationExceptionReasonHandshakeRateLimitExceeded is a HandshakeConstraintViolationExceptionReason enum value 23501 HandshakeConstraintViolationExceptionReasonHandshakeRateLimitExceeded = "HANDSHAKE_RATE_LIMIT_EXCEEDED" 23502 23503 // HandshakeConstraintViolationExceptionReasonAlreadyInAnOrganization is a HandshakeConstraintViolationExceptionReason enum value 23504 HandshakeConstraintViolationExceptionReasonAlreadyInAnOrganization = "ALREADY_IN_AN_ORGANIZATION" 23505 23506 // HandshakeConstraintViolationExceptionReasonOrganizationAlreadyHasAllFeatures is a HandshakeConstraintViolationExceptionReason enum value 23507 HandshakeConstraintViolationExceptionReasonOrganizationAlreadyHasAllFeatures = "ORGANIZATION_ALREADY_HAS_ALL_FEATURES" 23508 23509 // HandshakeConstraintViolationExceptionReasonOrganizationIsAlreadyPendingAllFeaturesMigration is a HandshakeConstraintViolationExceptionReason enum value 23510 HandshakeConstraintViolationExceptionReasonOrganizationIsAlreadyPendingAllFeaturesMigration = "ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION" 23511 23512 // HandshakeConstraintViolationExceptionReasonInviteDisabledDuringEnableAllFeatures is a HandshakeConstraintViolationExceptionReason enum value 23513 HandshakeConstraintViolationExceptionReasonInviteDisabledDuringEnableAllFeatures = "INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES" 23514 23515 // HandshakeConstraintViolationExceptionReasonPaymentInstrumentRequired is a HandshakeConstraintViolationExceptionReason enum value 23516 HandshakeConstraintViolationExceptionReasonPaymentInstrumentRequired = "PAYMENT_INSTRUMENT_REQUIRED" 23517 23518 // HandshakeConstraintViolationExceptionReasonOrganizationFromDifferentSellerOfRecord is a HandshakeConstraintViolationExceptionReason enum value 23519 HandshakeConstraintViolationExceptionReasonOrganizationFromDifferentSellerOfRecord = "ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD" 23520 23521 // HandshakeConstraintViolationExceptionReasonOrganizationMembershipChangeRateLimitExceeded is a HandshakeConstraintViolationExceptionReason enum value 23522 HandshakeConstraintViolationExceptionReasonOrganizationMembershipChangeRateLimitExceeded = "ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED" 23523) 23524 23525// HandshakeConstraintViolationExceptionReason_Values returns all elements of the HandshakeConstraintViolationExceptionReason enum 23526func HandshakeConstraintViolationExceptionReason_Values() []string { 23527 return []string{ 23528 HandshakeConstraintViolationExceptionReasonAccountNumberLimitExceeded, 23529 HandshakeConstraintViolationExceptionReasonHandshakeRateLimitExceeded, 23530 HandshakeConstraintViolationExceptionReasonAlreadyInAnOrganization, 23531 HandshakeConstraintViolationExceptionReasonOrganizationAlreadyHasAllFeatures, 23532 HandshakeConstraintViolationExceptionReasonOrganizationIsAlreadyPendingAllFeaturesMigration, 23533 HandshakeConstraintViolationExceptionReasonInviteDisabledDuringEnableAllFeatures, 23534 HandshakeConstraintViolationExceptionReasonPaymentInstrumentRequired, 23535 HandshakeConstraintViolationExceptionReasonOrganizationFromDifferentSellerOfRecord, 23536 HandshakeConstraintViolationExceptionReasonOrganizationMembershipChangeRateLimitExceeded, 23537 } 23538} 23539 23540const ( 23541 // HandshakePartyTypeAccount is a HandshakePartyType enum value 23542 HandshakePartyTypeAccount = "ACCOUNT" 23543 23544 // HandshakePartyTypeOrganization is a HandshakePartyType enum value 23545 HandshakePartyTypeOrganization = "ORGANIZATION" 23546 23547 // HandshakePartyTypeEmail is a HandshakePartyType enum value 23548 HandshakePartyTypeEmail = "EMAIL" 23549) 23550 23551// HandshakePartyType_Values returns all elements of the HandshakePartyType enum 23552func HandshakePartyType_Values() []string { 23553 return []string{ 23554 HandshakePartyTypeAccount, 23555 HandshakePartyTypeOrganization, 23556 HandshakePartyTypeEmail, 23557 } 23558} 23559 23560const ( 23561 // HandshakeResourceTypeAccount is a HandshakeResourceType enum value 23562 HandshakeResourceTypeAccount = "ACCOUNT" 23563 23564 // HandshakeResourceTypeOrganization is a HandshakeResourceType enum value 23565 HandshakeResourceTypeOrganization = "ORGANIZATION" 23566 23567 // HandshakeResourceTypeOrganizationFeatureSet is a HandshakeResourceType enum value 23568 HandshakeResourceTypeOrganizationFeatureSet = "ORGANIZATION_FEATURE_SET" 23569 23570 // HandshakeResourceTypeEmail is a HandshakeResourceType enum value 23571 HandshakeResourceTypeEmail = "EMAIL" 23572 23573 // HandshakeResourceTypeMasterEmail is a HandshakeResourceType enum value 23574 HandshakeResourceTypeMasterEmail = "MASTER_EMAIL" 23575 23576 // HandshakeResourceTypeMasterName is a HandshakeResourceType enum value 23577 HandshakeResourceTypeMasterName = "MASTER_NAME" 23578 23579 // HandshakeResourceTypeNotes is a HandshakeResourceType enum value 23580 HandshakeResourceTypeNotes = "NOTES" 23581 23582 // HandshakeResourceTypeParentHandshake is a HandshakeResourceType enum value 23583 HandshakeResourceTypeParentHandshake = "PARENT_HANDSHAKE" 23584) 23585 23586// HandshakeResourceType_Values returns all elements of the HandshakeResourceType enum 23587func HandshakeResourceType_Values() []string { 23588 return []string{ 23589 HandshakeResourceTypeAccount, 23590 HandshakeResourceTypeOrganization, 23591 HandshakeResourceTypeOrganizationFeatureSet, 23592 HandshakeResourceTypeEmail, 23593 HandshakeResourceTypeMasterEmail, 23594 HandshakeResourceTypeMasterName, 23595 HandshakeResourceTypeNotes, 23596 HandshakeResourceTypeParentHandshake, 23597 } 23598} 23599 23600const ( 23601 // HandshakeStateRequested is a HandshakeState enum value 23602 HandshakeStateRequested = "REQUESTED" 23603 23604 // HandshakeStateOpen is a HandshakeState enum value 23605 HandshakeStateOpen = "OPEN" 23606 23607 // HandshakeStateCanceled is a HandshakeState enum value 23608 HandshakeStateCanceled = "CANCELED" 23609 23610 // HandshakeStateAccepted is a HandshakeState enum value 23611 HandshakeStateAccepted = "ACCEPTED" 23612 23613 // HandshakeStateDeclined is a HandshakeState enum value 23614 HandshakeStateDeclined = "DECLINED" 23615 23616 // HandshakeStateExpired is a HandshakeState enum value 23617 HandshakeStateExpired = "EXPIRED" 23618) 23619 23620// HandshakeState_Values returns all elements of the HandshakeState enum 23621func HandshakeState_Values() []string { 23622 return []string{ 23623 HandshakeStateRequested, 23624 HandshakeStateOpen, 23625 HandshakeStateCanceled, 23626 HandshakeStateAccepted, 23627 HandshakeStateDeclined, 23628 HandshakeStateExpired, 23629 } 23630} 23631 23632const ( 23633 // IAMUserAccessToBillingAllow is a IAMUserAccessToBilling enum value 23634 IAMUserAccessToBillingAllow = "ALLOW" 23635 23636 // IAMUserAccessToBillingDeny is a IAMUserAccessToBilling enum value 23637 IAMUserAccessToBillingDeny = "DENY" 23638) 23639 23640// IAMUserAccessToBilling_Values returns all elements of the IAMUserAccessToBilling enum 23641func IAMUserAccessToBilling_Values() []string { 23642 return []string{ 23643 IAMUserAccessToBillingAllow, 23644 IAMUserAccessToBillingDeny, 23645 } 23646} 23647 23648const ( 23649 // InvalidInputExceptionReasonInvalidPartyTypeTarget is a InvalidInputExceptionReason enum value 23650 InvalidInputExceptionReasonInvalidPartyTypeTarget = "INVALID_PARTY_TYPE_TARGET" 23651 23652 // InvalidInputExceptionReasonInvalidSyntaxOrganizationArn is a InvalidInputExceptionReason enum value 23653 InvalidInputExceptionReasonInvalidSyntaxOrganizationArn = "INVALID_SYNTAX_ORGANIZATION_ARN" 23654 23655 // InvalidInputExceptionReasonInvalidSyntaxPolicyId is a InvalidInputExceptionReason enum value 23656 InvalidInputExceptionReasonInvalidSyntaxPolicyId = "INVALID_SYNTAX_POLICY_ID" 23657 23658 // InvalidInputExceptionReasonInvalidEnum is a InvalidInputExceptionReason enum value 23659 InvalidInputExceptionReasonInvalidEnum = "INVALID_ENUM" 23660 23661 // InvalidInputExceptionReasonInvalidEnumPolicyType is a InvalidInputExceptionReason enum value 23662 InvalidInputExceptionReasonInvalidEnumPolicyType = "INVALID_ENUM_POLICY_TYPE" 23663 23664 // InvalidInputExceptionReasonInvalidListMember is a InvalidInputExceptionReason enum value 23665 InvalidInputExceptionReasonInvalidListMember = "INVALID_LIST_MEMBER" 23666 23667 // InvalidInputExceptionReasonMaxLengthExceeded is a InvalidInputExceptionReason enum value 23668 InvalidInputExceptionReasonMaxLengthExceeded = "MAX_LENGTH_EXCEEDED" 23669 23670 // InvalidInputExceptionReasonMaxValueExceeded is a InvalidInputExceptionReason enum value 23671 InvalidInputExceptionReasonMaxValueExceeded = "MAX_VALUE_EXCEEDED" 23672 23673 // InvalidInputExceptionReasonMinLengthExceeded is a InvalidInputExceptionReason enum value 23674 InvalidInputExceptionReasonMinLengthExceeded = "MIN_LENGTH_EXCEEDED" 23675 23676 // InvalidInputExceptionReasonMinValueExceeded is a InvalidInputExceptionReason enum value 23677 InvalidInputExceptionReasonMinValueExceeded = "MIN_VALUE_EXCEEDED" 23678 23679 // InvalidInputExceptionReasonImmutablePolicy is a InvalidInputExceptionReason enum value 23680 InvalidInputExceptionReasonImmutablePolicy = "IMMUTABLE_POLICY" 23681 23682 // InvalidInputExceptionReasonInvalidPattern is a InvalidInputExceptionReason enum value 23683 InvalidInputExceptionReasonInvalidPattern = "INVALID_PATTERN" 23684 23685 // InvalidInputExceptionReasonInvalidPatternTargetId is a InvalidInputExceptionReason enum value 23686 InvalidInputExceptionReasonInvalidPatternTargetId = "INVALID_PATTERN_TARGET_ID" 23687 23688 // InvalidInputExceptionReasonInputRequired is a InvalidInputExceptionReason enum value 23689 InvalidInputExceptionReasonInputRequired = "INPUT_REQUIRED" 23690 23691 // InvalidInputExceptionReasonInvalidNextToken is a InvalidInputExceptionReason enum value 23692 InvalidInputExceptionReasonInvalidNextToken = "INVALID_NEXT_TOKEN" 23693 23694 // InvalidInputExceptionReasonMaxLimitExceededFilter is a InvalidInputExceptionReason enum value 23695 InvalidInputExceptionReasonMaxLimitExceededFilter = "MAX_LIMIT_EXCEEDED_FILTER" 23696 23697 // InvalidInputExceptionReasonMovingAccountBetweenDifferentRoots is a InvalidInputExceptionReason enum value 23698 InvalidInputExceptionReasonMovingAccountBetweenDifferentRoots = "MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS" 23699 23700 // InvalidInputExceptionReasonInvalidFullNameTarget is a InvalidInputExceptionReason enum value 23701 InvalidInputExceptionReasonInvalidFullNameTarget = "INVALID_FULL_NAME_TARGET" 23702 23703 // InvalidInputExceptionReasonUnrecognizedServicePrincipal is a InvalidInputExceptionReason enum value 23704 InvalidInputExceptionReasonUnrecognizedServicePrincipal = "UNRECOGNIZED_SERVICE_PRINCIPAL" 23705 23706 // InvalidInputExceptionReasonInvalidRoleName is a InvalidInputExceptionReason enum value 23707 InvalidInputExceptionReasonInvalidRoleName = "INVALID_ROLE_NAME" 23708 23709 // InvalidInputExceptionReasonInvalidSystemTagsParameter is a InvalidInputExceptionReason enum value 23710 InvalidInputExceptionReasonInvalidSystemTagsParameter = "INVALID_SYSTEM_TAGS_PARAMETER" 23711 23712 // InvalidInputExceptionReasonDuplicateTagKey is a InvalidInputExceptionReason enum value 23713 InvalidInputExceptionReasonDuplicateTagKey = "DUPLICATE_TAG_KEY" 23714 23715 // InvalidInputExceptionReasonTargetNotSupported is a InvalidInputExceptionReason enum value 23716 InvalidInputExceptionReasonTargetNotSupported = "TARGET_NOT_SUPPORTED" 23717 23718 // InvalidInputExceptionReasonInvalidEmailAddressTarget is a InvalidInputExceptionReason enum value 23719 InvalidInputExceptionReasonInvalidEmailAddressTarget = "INVALID_EMAIL_ADDRESS_TARGET" 23720) 23721 23722// InvalidInputExceptionReason_Values returns all elements of the InvalidInputExceptionReason enum 23723func InvalidInputExceptionReason_Values() []string { 23724 return []string{ 23725 InvalidInputExceptionReasonInvalidPartyTypeTarget, 23726 InvalidInputExceptionReasonInvalidSyntaxOrganizationArn, 23727 InvalidInputExceptionReasonInvalidSyntaxPolicyId, 23728 InvalidInputExceptionReasonInvalidEnum, 23729 InvalidInputExceptionReasonInvalidEnumPolicyType, 23730 InvalidInputExceptionReasonInvalidListMember, 23731 InvalidInputExceptionReasonMaxLengthExceeded, 23732 InvalidInputExceptionReasonMaxValueExceeded, 23733 InvalidInputExceptionReasonMinLengthExceeded, 23734 InvalidInputExceptionReasonMinValueExceeded, 23735 InvalidInputExceptionReasonImmutablePolicy, 23736 InvalidInputExceptionReasonInvalidPattern, 23737 InvalidInputExceptionReasonInvalidPatternTargetId, 23738 InvalidInputExceptionReasonInputRequired, 23739 InvalidInputExceptionReasonInvalidNextToken, 23740 InvalidInputExceptionReasonMaxLimitExceededFilter, 23741 InvalidInputExceptionReasonMovingAccountBetweenDifferentRoots, 23742 InvalidInputExceptionReasonInvalidFullNameTarget, 23743 InvalidInputExceptionReasonUnrecognizedServicePrincipal, 23744 InvalidInputExceptionReasonInvalidRoleName, 23745 InvalidInputExceptionReasonInvalidSystemTagsParameter, 23746 InvalidInputExceptionReasonDuplicateTagKey, 23747 InvalidInputExceptionReasonTargetNotSupported, 23748 InvalidInputExceptionReasonInvalidEmailAddressTarget, 23749 } 23750} 23751 23752const ( 23753 // OrganizationFeatureSetAll is a OrganizationFeatureSet enum value 23754 OrganizationFeatureSetAll = "ALL" 23755 23756 // OrganizationFeatureSetConsolidatedBilling is a OrganizationFeatureSet enum value 23757 OrganizationFeatureSetConsolidatedBilling = "CONSOLIDATED_BILLING" 23758) 23759 23760// OrganizationFeatureSet_Values returns all elements of the OrganizationFeatureSet enum 23761func OrganizationFeatureSet_Values() []string { 23762 return []string{ 23763 OrganizationFeatureSetAll, 23764 OrganizationFeatureSetConsolidatedBilling, 23765 } 23766} 23767 23768const ( 23769 // ParentTypeRoot is a ParentType enum value 23770 ParentTypeRoot = "ROOT" 23771 23772 // ParentTypeOrganizationalUnit is a ParentType enum value 23773 ParentTypeOrganizationalUnit = "ORGANIZATIONAL_UNIT" 23774) 23775 23776// ParentType_Values returns all elements of the ParentType enum 23777func ParentType_Values() []string { 23778 return []string{ 23779 ParentTypeRoot, 23780 ParentTypeOrganizationalUnit, 23781 } 23782} 23783 23784const ( 23785 // PolicyTypeServiceControlPolicy is a PolicyType enum value 23786 PolicyTypeServiceControlPolicy = "SERVICE_CONTROL_POLICY" 23787 23788 // PolicyTypeTagPolicy is a PolicyType enum value 23789 PolicyTypeTagPolicy = "TAG_POLICY" 23790 23791 // PolicyTypeBackupPolicy is a PolicyType enum value 23792 PolicyTypeBackupPolicy = "BACKUP_POLICY" 23793 23794 // PolicyTypeAiservicesOptOutPolicy is a PolicyType enum value 23795 PolicyTypeAiservicesOptOutPolicy = "AISERVICES_OPT_OUT_POLICY" 23796) 23797 23798// PolicyType_Values returns all elements of the PolicyType enum 23799func PolicyType_Values() []string { 23800 return []string{ 23801 PolicyTypeServiceControlPolicy, 23802 PolicyTypeTagPolicy, 23803 PolicyTypeBackupPolicy, 23804 PolicyTypeAiservicesOptOutPolicy, 23805 } 23806} 23807 23808const ( 23809 // PolicyTypeStatusEnabled is a PolicyTypeStatus enum value 23810 PolicyTypeStatusEnabled = "ENABLED" 23811 23812 // PolicyTypeStatusPendingEnable is a PolicyTypeStatus enum value 23813 PolicyTypeStatusPendingEnable = "PENDING_ENABLE" 23814 23815 // PolicyTypeStatusPendingDisable is a PolicyTypeStatus enum value 23816 PolicyTypeStatusPendingDisable = "PENDING_DISABLE" 23817) 23818 23819// PolicyTypeStatus_Values returns all elements of the PolicyTypeStatus enum 23820func PolicyTypeStatus_Values() []string { 23821 return []string{ 23822 PolicyTypeStatusEnabled, 23823 PolicyTypeStatusPendingEnable, 23824 PolicyTypeStatusPendingDisable, 23825 } 23826} 23827 23828const ( 23829 // TargetTypeAccount is a TargetType enum value 23830 TargetTypeAccount = "ACCOUNT" 23831 23832 // TargetTypeOrganizationalUnit is a TargetType enum value 23833 TargetTypeOrganizationalUnit = "ORGANIZATIONAL_UNIT" 23834 23835 // TargetTypeRoot is a TargetType enum value 23836 TargetTypeRoot = "ROOT" 23837) 23838 23839// TargetType_Values returns all elements of the TargetType enum 23840func TargetType_Values() []string { 23841 return []string{ 23842 TargetTypeAccount, 23843 TargetTypeOrganizationalUnit, 23844 TargetTypeRoot, 23845 } 23846} 23847