// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
package organizations
import (
"fmt"
"time"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awsutil"
"github.com/aws/aws-sdk-go/aws/request"
"github.com/aws/aws-sdk-go/private/protocol"
"github.com/aws/aws-sdk-go/private/protocol/jsonrpc"
)
const opAcceptHandshake = "AcceptHandshake"
// AcceptHandshakeRequest generates a "aws/request.Request" representing the
// client's request for the AcceptHandshake operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See AcceptHandshake for more information on using the AcceptHandshake
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the AcceptHandshakeRequest method.
// req, resp := client.AcceptHandshakeRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AcceptHandshake
func (c *Organizations) AcceptHandshakeRequest(input *AcceptHandshakeInput) (req *request.Request, output *AcceptHandshakeOutput) {
op := &request.Operation{
Name: opAcceptHandshake,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &AcceptHandshakeInput{}
}
output = &AcceptHandshakeOutput{}
req = c.newRequest(op, input, output)
return
}
// AcceptHandshake API operation for AWS Organizations.
//
// Sends a response to the originator of a handshake agreeing to the action
// proposed by the handshake request.
//
// You can only call this operation by the following principals when they also
// have the relevant IAM permissions:
//
// - Invitation to join or Approve all features request handshakes: only
// a principal from the member account. The user who calls the API for an
// invitation to join must have the organizations:AcceptHandshake permission.
// If you enabled all features in the organization, the user must also have
// the iam:CreateServiceLinkedRole permission so that Organizations can create
// the required service-linked role named AWSServiceRoleForOrganizations.
// For more information, see Organizations and service-linked roles (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integration_services.html#orgs_integrate_services-using_slrs)
// in the Organizations User Guide.
//
// - Enable all features final confirmation handshake: only a principal from
// the management account. For more information about invitations, see Inviting
// an Amazon Web Services account to join your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_invites.html)
// in the Organizations User Guide. For more information about requests to
// enable all features in the organization, see Enabling all features in
// your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
// in the Organizations User Guide.
//
// After you accept a handshake, it continues to appear in the results of relevant
// APIs for only 30 days. After that, it's deleted.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation AcceptHandshake for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - HandshakeConstraintViolationException
// The requested operation would violate the constraint identified in the reason
// code.
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation:
//
// - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. Note that deleted and closed
// accounts still count toward your limit. If you get this exception immediately
// after creating the organization, wait one hour and try again. If after
// an hour it continues to fail with this error, contact Amazon Web Services
// Support (https://console.aws.amazon.com/support/home#/).
//
// - ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because
// the invited account is already a member of an organization.
//
// - HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// - INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations
// to join an organization while it's in the process of enabling all features.
// You can resume inviting accounts after you finalize the process when all
// accounts have agreed to the change.
//
// - ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid
// because the organization has already enabled all features.
//
// - ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake
// request is invalid because the organization has already started the process
// to enable all features.
//
// - ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because
// the account is from a different marketplace than the accounts in the organization.
// For example, accounts with India addresses must be associated with the
// AISPL marketplace. All accounts in an organization must be from the same
// marketplace.
//
// - ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to
// change the membership of an account too quickly after its previous change.
//
// - PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an
// account that doesn't have a payment instrument, such as a credit card,
// associated with it.
//
// - HandshakeNotFoundException
// We can't find a handshake with the HandshakeId that you specified.
//
// - InvalidHandshakeTransitionException
// You can't perform the operation on the handshake in its current state. For
// example, you can't cancel a handshake that was already accepted or accept
// a handshake that was already declined.
//
// - HandshakeAlreadyInStateException
// The specified handshake is already in the requested state. For example, you
// can't accept a handshake that was already accepted.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// - AccessDeniedForDependencyException
// The operation that you attempted requires you to have the iam:CreateServiceLinkedRole
// for organizations.amazonaws.com permission so that Organizations can create
// the required service-linked role. You don't have that permission.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AcceptHandshake
func (c *Organizations) AcceptHandshake(input *AcceptHandshakeInput) (*AcceptHandshakeOutput, error) {
req, out := c.AcceptHandshakeRequest(input)
return out, req.Send()
}
// AcceptHandshakeWithContext is the same as AcceptHandshake with the addition of
// the ability to pass a context and additional request options.
//
// See AcceptHandshake for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) AcceptHandshakeWithContext(ctx aws.Context, input *AcceptHandshakeInput, opts ...request.Option) (*AcceptHandshakeOutput, error) {
req, out := c.AcceptHandshakeRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opAttachPolicy = "AttachPolicy"
// AttachPolicyRequest generates a "aws/request.Request" representing the
// client's request for the AttachPolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See AttachPolicy for more information on using the AttachPolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the AttachPolicyRequest method.
// req, resp := client.AttachPolicyRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AttachPolicy
func (c *Organizations) AttachPolicyRequest(input *AttachPolicyInput) (req *request.Request, output *AttachPolicyOutput) {
op := &request.Operation{
Name: opAttachPolicy,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &AttachPolicyInput{}
}
output = &AttachPolicyOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
return
}
// AttachPolicy API operation for AWS Organizations.
//
// Attaches a policy to a root, an organizational unit (OU), or an individual
// account. How the policy affects accounts depends on the type of policy. Refer
// to the Organizations User Guide for information about each policy type:
//
// - AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html)
//
// - BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html)
//
// - SERVICE_CONTROL_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html)
//
// - TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html)
//
// This operation can be called only from the organization's management account
// or by a member account that is a delegated administrator for an Amazon Web
// Services service.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation AttachPolicy for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - ConstraintViolationException
// Performing this operation violates a minimum or maximum value limit. For
// example, attempting to remove the last service control policy (SCP) from
// an OU or root, inviting or creating too many accounts to the organization,
// or attaching too many policies to an account, OU, or root. This exception
// includes a reason that contains additional information about the violated
// limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
// account from the organization. You can't remove the management account.
// Instead, after you remove all member accounts, delete the organization
// itself.
//
// - ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
// an account from the organization that doesn't yet have enough information
// to exist as a standalone account. This account requires you to first complete
// phone verification. Follow the steps at Removing a member account from
// your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
// in the Organizations User Guide.
//
// - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can create in one day.
//
// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or
// your account isn't fully active. You must complete the account setup before
// you create an organization.
//
// - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. If you need more accounts,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/)
// to request an increase in your limit. Or the number of invitations that
// you tried to send would cause you to exceed the limit of accounts in your
// organization. Send fewer invitations or contact Amazon Web Services Support
// to request an increase in the number of accounts. Deleted and closed accounts
// still count toward your limit. If you get this exception when running
// a command immediately after creating the organization, wait one hour and
// try again. After an hour, if the command continues to fail with this error,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/).
//
// - CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot
// register a suspended account as a delegated administrator.
//
// - CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
// register the management account of the organization as a delegated administrator
// for an Amazon Web Services service integrated with Organizations. You
// can designate only a member account as a delegated administrator.
//
// - CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management
// account. To close the management account for the organization, you must
// first either remove or close all member accounts in the organization.
// Follow standard account closure process using root credentials.
//
// - CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
// an account that is registered as a delegated administrator for a service
// integrated with your organization. To complete this operation, you must
// first deregister this account as a delegated administrator.
//
// - CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota
// for the past 30 days.
//
// - CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can close at a time.
//
// - CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
// organization in the specified region, you must enable all features mode.
//
// - DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
// an Amazon Web Services account as a delegated administrator for an Amazon
// Web Services service that already has a delegated administrator. To complete
// this operation, you must first deregister any existing delegated administrators
// for this service.
//
// - EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
// valid for a limited period of time. You must resubmit the request and
// generate a new verfication code.
//
// - HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// - INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no
// supported payment method is associated with the account. Amazon Web Services
// does not support cards issued by financial institutions in Russia or Belarus.
// For more information, see Managing your Amazon Web Services payments (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-general.html).
//
// - MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
// in this organization, you first must migrate the organization's management
// account to the marketplace that corresponds to the management account's
// address. All accounts in an organization must be associated with the same
// marketplace.
//
// - MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon
// Web Services Regions in China. To create an organization, the master must
// have a valid business license. For more information, contact customer
// support.
//
// - MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
// must first provide a valid contact address and phone number for the management
// account. Then try the operation again.
//
// - MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
// management account must have an associated account in the Amazon Web Services
// GovCloud (US-West) Region. For more information, see Organizations (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
// in the Amazon Web Services GovCloud User Guide.
//
// - MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
// with this management account, you first must associate a valid payment
// instrument, such as a credit card, with the account. For more information,
// see Considerations before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
// to register more delegated administrators than allowed for the service
// principal.
//
// - MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
// number of policies of a certain type that can be attached to an entity
// at one time.
//
// - MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
// on this resource.
//
// - MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
// with this member account, you first must associate a valid payment instrument,
// such as a credit card, with the account. For more information, see Considerations
// before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
// policy from an entity that would cause the entity to have fewer than the
// minimum number of policies of a certain type required.
//
// - ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
// that requires the organization to be configured to support all features.
// An organization that supports only consolidated billing features can't
// perform this operation.
//
// - OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
// too many levels deep.
//
// - OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
// that you can have in an organization.
//
// - POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
// is larger than the maximum size.
//
// - POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
// policies that you can have in an organization.
//
// - SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator
// before you enabled service access. Call the EnableAWSServiceAccess API
// first.
//
// - TAG_POLICY_VIOLATION: You attempted to create or update a resource with
// tags that are not compliant with the tag policy requirements for this
// account.
//
// - WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account,
// there is a waiting period before you can remove it from the organization.
// If you get an error that indicates that a wait period is required, try
// again in a few days.
//
// - DuplicatePolicyAttachmentException
// The selected policy is already attached to the specified target.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - PolicyNotFoundException
// We can't find a policy with the PolicyId that you specified.
//
// - PolicyTypeNotEnabledException
// The specified policy type isn't currently enabled in this root. You can't
// attach policies of the specified type to entities in a root until you enable
// that type in the root. For more information, see Enabling all features in
// your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
// in the Organizations User Guide.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TargetNotFoundException
// We can't find a root, OU, account, or policy with the TargetId that you specified.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// - UnsupportedAPIEndpointException
// This action isn't available in the current Amazon Web Services Region.
//
// - PolicyChangesInProgressException
// Changes to the effective policy are in progress, and its contents can't be
// returned. Try the operation again later.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AttachPolicy
func (c *Organizations) AttachPolicy(input *AttachPolicyInput) (*AttachPolicyOutput, error) {
req, out := c.AttachPolicyRequest(input)
return out, req.Send()
}
// AttachPolicyWithContext is the same as AttachPolicy with the addition of
// the ability to pass a context and additional request options.
//
// See AttachPolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) AttachPolicyWithContext(ctx aws.Context, input *AttachPolicyInput, opts ...request.Option) (*AttachPolicyOutput, error) {
req, out := c.AttachPolicyRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opCancelHandshake = "CancelHandshake"
// CancelHandshakeRequest generates a "aws/request.Request" representing the
// client's request for the CancelHandshake operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CancelHandshake for more information on using the CancelHandshake
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the CancelHandshakeRequest method.
// req, resp := client.CancelHandshakeRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CancelHandshake
func (c *Organizations) CancelHandshakeRequest(input *CancelHandshakeInput) (req *request.Request, output *CancelHandshakeOutput) {
op := &request.Operation{
Name: opCancelHandshake,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &CancelHandshakeInput{}
}
output = &CancelHandshakeOutput{}
req = c.newRequest(op, input, output)
return
}
// CancelHandshake API operation for AWS Organizations.
//
// Cancels a handshake. Canceling a handshake sets the handshake state to CANCELED.
//
// This operation can be called only from the account that originated the handshake.
// The recipient of the handshake can't cancel it, but can use DeclineHandshake
// instead. After a handshake is canceled, the recipient can no longer respond
// to that handshake.
//
// After you cancel a handshake, it continues to appear in the results of relevant
// APIs for only 30 days. After that, it's deleted.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation CancelHandshake for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - HandshakeNotFoundException
// We can't find a handshake with the HandshakeId that you specified.
//
// - InvalidHandshakeTransitionException
// You can't perform the operation on the handshake in its current state. For
// example, you can't cancel a handshake that was already accepted or accept
// a handshake that was already declined.
//
// - HandshakeAlreadyInStateException
// The specified handshake is already in the requested state. For example, you
// can't accept a handshake that was already accepted.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CancelHandshake
func (c *Organizations) CancelHandshake(input *CancelHandshakeInput) (*CancelHandshakeOutput, error) {
req, out := c.CancelHandshakeRequest(input)
return out, req.Send()
}
// CancelHandshakeWithContext is the same as CancelHandshake with the addition of
// the ability to pass a context and additional request options.
//
// See CancelHandshake for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) CancelHandshakeWithContext(ctx aws.Context, input *CancelHandshakeInput, opts ...request.Option) (*CancelHandshakeOutput, error) {
req, out := c.CancelHandshakeRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opCloseAccount = "CloseAccount"
// CloseAccountRequest generates a "aws/request.Request" representing the
// client's request for the CloseAccount operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CloseAccount for more information on using the CloseAccount
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the CloseAccountRequest method.
// req, resp := client.CloseAccountRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CloseAccount
func (c *Organizations) CloseAccountRequest(input *CloseAccountInput) (req *request.Request, output *CloseAccountOutput) {
op := &request.Operation{
Name: opCloseAccount,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &CloseAccountInput{}
}
output = &CloseAccountOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
return
}
// CloseAccount API operation for AWS Organizations.
//
// Closes an Amazon Web Services member account within an organization. You
// can close an account when all features are enabled (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html).
// You can't close the management account with this API. This is an asynchronous
// request that Amazon Web Services performs in the background. Because CloseAccount
// operates asynchronously, it can return a successful completion message even
// though account closure might still be in progress. You need to wait a few
// minutes before the account is fully closed. To check the status of the request,
// do one of the following:
//
// - Use the AccountId that you sent in the CloseAccount request to provide
// as a parameter to the DescribeAccount operation. While the close account
// request is in progress, Account status will indicate PENDING_CLOSURE.
// When the close account request completes, the status will change to SUSPENDED.
//
// - Check the CloudTrail log for the CloseAccountResult event that gets
// published after the account closes successfully. For information on using
// CloudTrail with Organizations, see Logging and monitoring in Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_security_incident-response.html#orgs_cloudtrail-integration)
// in the Organizations User Guide.
//
// - You can close only 10% of member accounts, between 10 and 1000, within
// a rolling 30 day period. This quota is not bound by a calendar month,
// but starts when you close an account. After you reach this limit, you
// can close additional accounts. For more information, see Closing a member
// account in your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html)
// and Quotas for Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
// the Organizations User Guide.
//
// - To reinstate a closed account, contact Amazon Web Services Support within
// the 90-day grace period while the account is in SUSPENDED status.
//
// - If the Amazon Web Services account you attempt to close is linked to
// an Amazon Web Services GovCloud (US) account, the CloseAccount request
// will close both accounts. To learn important pre-closure details, see
// Closing an Amazon Web Services GovCloud (US) account (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/Closing-govcloud-account.html)
// in the Amazon Web Services GovCloud User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation CloseAccount for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AccountAlreadyClosedException
// You attempted to close an account that is already closed.
//
// - AccountNotFoundException
// We can't find an Amazon Web Services account with the AccountId that you
// specified, or the account whose credentials you used to make this request
// isn't a member of an organization.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - ConflictException
// The request failed because it conflicts with the current state of the specified
// resource.
//
// - ConstraintViolationException
// Performing this operation violates a minimum or maximum value limit. For
// example, attempting to remove the last service control policy (SCP) from
// an OU or root, inviting or creating too many accounts to the organization,
// or attaching too many policies to an account, OU, or root. This exception
// includes a reason that contains additional information about the violated
// limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
// account from the organization. You can't remove the management account.
// Instead, after you remove all member accounts, delete the organization
// itself.
//
// - ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
// an account from the organization that doesn't yet have enough information
// to exist as a standalone account. This account requires you to first complete
// phone verification. Follow the steps at Removing a member account from
// your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
// in the Organizations User Guide.
//
// - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can create in one day.
//
// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or
// your account isn't fully active. You must complete the account setup before
// you create an organization.
//
// - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. If you need more accounts,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/)
// to request an increase in your limit. Or the number of invitations that
// you tried to send would cause you to exceed the limit of accounts in your
// organization. Send fewer invitations or contact Amazon Web Services Support
// to request an increase in the number of accounts. Deleted and closed accounts
// still count toward your limit. If you get this exception when running
// a command immediately after creating the organization, wait one hour and
// try again. After an hour, if the command continues to fail with this error,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/).
//
// - CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot
// register a suspended account as a delegated administrator.
//
// - CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
// register the management account of the organization as a delegated administrator
// for an Amazon Web Services service integrated with Organizations. You
// can designate only a member account as a delegated administrator.
//
// - CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management
// account. To close the management account for the organization, you must
// first either remove or close all member accounts in the organization.
// Follow standard account closure process using root credentials.
//
// - CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
// an account that is registered as a delegated administrator for a service
// integrated with your organization. To complete this operation, you must
// first deregister this account as a delegated administrator.
//
// - CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota
// for the past 30 days.
//
// - CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can close at a time.
//
// - CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
// organization in the specified region, you must enable all features mode.
//
// - DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
// an Amazon Web Services account as a delegated administrator for an Amazon
// Web Services service that already has a delegated administrator. To complete
// this operation, you must first deregister any existing delegated administrators
// for this service.
//
// - EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
// valid for a limited period of time. You must resubmit the request and
// generate a new verfication code.
//
// - HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// - INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no
// supported payment method is associated with the account. Amazon Web Services
// does not support cards issued by financial institutions in Russia or Belarus.
// For more information, see Managing your Amazon Web Services payments (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-general.html).
//
// - MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
// in this organization, you first must migrate the organization's management
// account to the marketplace that corresponds to the management account's
// address. All accounts in an organization must be associated with the same
// marketplace.
//
// - MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon
// Web Services Regions in China. To create an organization, the master must
// have a valid business license. For more information, contact customer
// support.
//
// - MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
// must first provide a valid contact address and phone number for the management
// account. Then try the operation again.
//
// - MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
// management account must have an associated account in the Amazon Web Services
// GovCloud (US-West) Region. For more information, see Organizations (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
// in the Amazon Web Services GovCloud User Guide.
//
// - MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
// with this management account, you first must associate a valid payment
// instrument, such as a credit card, with the account. For more information,
// see Considerations before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
// to register more delegated administrators than allowed for the service
// principal.
//
// - MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
// number of policies of a certain type that can be attached to an entity
// at one time.
//
// - MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
// on this resource.
//
// - MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
// with this member account, you first must associate a valid payment instrument,
// such as a credit card, with the account. For more information, see Considerations
// before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
// policy from an entity that would cause the entity to have fewer than the
// minimum number of policies of a certain type required.
//
// - ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
// that requires the organization to be configured to support all features.
// An organization that supports only consolidated billing features can't
// perform this operation.
//
// - OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
// too many levels deep.
//
// - OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
// that you can have in an organization.
//
// - POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
// is larger than the maximum size.
//
// - POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
// policies that you can have in an organization.
//
// - SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator
// before you enabled service access. Call the EnableAWSServiceAccess API
// first.
//
// - TAG_POLICY_VIOLATION: You attempted to create or update a resource with
// tags that are not compliant with the tag policy requirements for this
// account.
//
// - WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account,
// there is a waiting period before you can remove it from the organization.
// If you get an error that indicates that a wait period is required, try
// again in a few days.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// - UnsupportedAPIEndpointException
// This action isn't available in the current Amazon Web Services Region.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CloseAccount
func (c *Organizations) CloseAccount(input *CloseAccountInput) (*CloseAccountOutput, error) {
req, out := c.CloseAccountRequest(input)
return out, req.Send()
}
// CloseAccountWithContext is the same as CloseAccount with the addition of
// the ability to pass a context and additional request options.
//
// See CloseAccount for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) CloseAccountWithContext(ctx aws.Context, input *CloseAccountInput, opts ...request.Option) (*CloseAccountOutput, error) {
req, out := c.CloseAccountRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opCreateAccount = "CreateAccount"
// CreateAccountRequest generates a "aws/request.Request" representing the
// client's request for the CreateAccount operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateAccount for more information on using the CreateAccount
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the CreateAccountRequest method.
// req, resp := client.CreateAccountRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount
func (c *Organizations) CreateAccountRequest(input *CreateAccountInput) (req *request.Request, output *CreateAccountOutput) {
op := &request.Operation{
Name: opCreateAccount,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &CreateAccountInput{}
}
output = &CreateAccountOutput{}
req = c.newRequest(op, input, output)
return
}
// CreateAccount API operation for AWS Organizations.
//
// Creates an Amazon Web Services account that is automatically a member of
// the organization whose credentials made the request. This is an asynchronous
// request that Amazon Web Services performs in the background. Because CreateAccount
// operates asynchronously, it can return a successful completion message even
// though account initialization might still be in progress. You might need
// to wait a few minutes before you can successfully access the account. To
// check the status of the request, do one of the following:
//
// - Use the Id value of the CreateAccountStatus response element from this
// operation to provide as a parameter to the DescribeCreateAccountStatus
// operation.
//
// - Check the CloudTrail log for the CreateAccountResult event. For information
// on using CloudTrail with Organizations, see Logging and monitoring in
// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_security_incident-response.html#orgs_cloudtrail-integration)
// in the Organizations User Guide.
//
// The user who calls the API to create an account must have the organizations:CreateAccount
// permission. If you enabled all features in the organization, Organizations
// creates the required service-linked role named AWSServiceRoleForOrganizations.
// For more information, see Organizations and service-linked roles (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs)
// in the Organizations User Guide.
//
// If the request includes tags, then the requester must have the organizations:TagResource
// permission.
//
// Organizations preconfigures the new member account with a role (named OrganizationAccountAccessRole
// by default) that grants users in the management account administrator permissions
// in the new member account. Principals in the management account can assume
// the role. Organizations clones the company name and address information for
// the new account from the organization's management account.
//
// This operation can be called only from the organization's management account.
//
// For more information about creating accounts, see Creating a member account
// in your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html)
// in the Organizations User Guide.
//
// - When you create an account in an organization using the Organizations
// console, API, or CLI commands, the information required for the account
// to operate as a standalone account, such as a payment method is not automatically
// collected. If you must remove an account from your organization later,
// you can do so only after you provide the missing information. For more
// information, see Considerations before removing an account from an organization
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - If you get an exception that indicates that you exceeded your account
// limits for the organization, contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/).
//
// - If you get an exception that indicates that the operation failed because
// your organization is still initializing, wait one hour and then try again.
// If the error persists, contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/).
//
// - Using CreateAccount to create multiple temporary accounts isn't recommended.
// You can only close an account from the Billing and Cost Management console,
// and you must be signed in as the root user. For information on the requirements
// and process for closing an account, see Closing a member account in your
// organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html)
// in the Organizations User Guide.
//
// When you create a member account with this operation, you can choose whether
// to create the account with the IAM User and Role Access to Billing Information
// switch enabled. If you enable it, IAM users and roles that have appropriate
// permissions can view billing information for the account. If you disable
// it, only the account root user can access billing information. For information
// about how to disable this switch for an account, see Granting access to your
// billing information and tools (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/control-access-billing.html#grantaccess).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation CreateAccount for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - ConstraintViolationException
// Performing this operation violates a minimum or maximum value limit. For
// example, attempting to remove the last service control policy (SCP) from
// an OU or root, inviting or creating too many accounts to the organization,
// or attaching too many policies to an account, OU, or root. This exception
// includes a reason that contains additional information about the violated
// limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
// account from the organization. You can't remove the management account.
// Instead, after you remove all member accounts, delete the organization
// itself.
//
// - ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
// an account from the organization that doesn't yet have enough information
// to exist as a standalone account. This account requires you to first complete
// phone verification. Follow the steps at Removing a member account from
// your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
// in the Organizations User Guide.
//
// - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can create in one day.
//
// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or
// your account isn't fully active. You must complete the account setup before
// you create an organization.
//
// - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. If you need more accounts,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/)
// to request an increase in your limit. Or the number of invitations that
// you tried to send would cause you to exceed the limit of accounts in your
// organization. Send fewer invitations or contact Amazon Web Services Support
// to request an increase in the number of accounts. Deleted and closed accounts
// still count toward your limit. If you get this exception when running
// a command immediately after creating the organization, wait one hour and
// try again. After an hour, if the command continues to fail with this error,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/).
//
// - CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot
// register a suspended account as a delegated administrator.
//
// - CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
// register the management account of the organization as a delegated administrator
// for an Amazon Web Services service integrated with Organizations. You
// can designate only a member account as a delegated administrator.
//
// - CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management
// account. To close the management account for the organization, you must
// first either remove or close all member accounts in the organization.
// Follow standard account closure process using root credentials.
//
// - CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
// an account that is registered as a delegated administrator for a service
// integrated with your organization. To complete this operation, you must
// first deregister this account as a delegated administrator.
//
// - CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota
// for the past 30 days.
//
// - CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can close at a time.
//
// - CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
// organization in the specified region, you must enable all features mode.
//
// - DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
// an Amazon Web Services account as a delegated administrator for an Amazon
// Web Services service that already has a delegated administrator. To complete
// this operation, you must first deregister any existing delegated administrators
// for this service.
//
// - EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
// valid for a limited period of time. You must resubmit the request and
// generate a new verfication code.
//
// - HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// - INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no
// supported payment method is associated with the account. Amazon Web Services
// does not support cards issued by financial institutions in Russia or Belarus.
// For more information, see Managing your Amazon Web Services payments (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-general.html).
//
// - MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
// in this organization, you first must migrate the organization's management
// account to the marketplace that corresponds to the management account's
// address. All accounts in an organization must be associated with the same
// marketplace.
//
// - MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon
// Web Services Regions in China. To create an organization, the master must
// have a valid business license. For more information, contact customer
// support.
//
// - MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
// must first provide a valid contact address and phone number for the management
// account. Then try the operation again.
//
// - MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
// management account must have an associated account in the Amazon Web Services
// GovCloud (US-West) Region. For more information, see Organizations (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
// in the Amazon Web Services GovCloud User Guide.
//
// - MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
// with this management account, you first must associate a valid payment
// instrument, such as a credit card, with the account. For more information,
// see Considerations before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
// to register more delegated administrators than allowed for the service
// principal.
//
// - MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
// number of policies of a certain type that can be attached to an entity
// at one time.
//
// - MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
// on this resource.
//
// - MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
// with this member account, you first must associate a valid payment instrument,
// such as a credit card, with the account. For more information, see Considerations
// before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
// policy from an entity that would cause the entity to have fewer than the
// minimum number of policies of a certain type required.
//
// - ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
// that requires the organization to be configured to support all features.
// An organization that supports only consolidated billing features can't
// perform this operation.
//
// - OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
// too many levels deep.
//
// - OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
// that you can have in an organization.
//
// - POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
// is larger than the maximum size.
//
// - POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
// policies that you can have in an organization.
//
// - SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator
// before you enabled service access. Call the EnableAWSServiceAccess API
// first.
//
// - TAG_POLICY_VIOLATION: You attempted to create or update a resource with
// tags that are not compliant with the tag policy requirements for this
// account.
//
// - WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account,
// there is a waiting period before you can remove it from the organization.
// If you get an error that indicates that a wait period is required, try
// again in a few days.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - FinalizingOrganizationException
// Organizations couldn't perform the operation because your organization hasn't
// finished initializing. This can take up to an hour. Try again later. If after
// one hour you continue to receive this error, contact Amazon Web Services
// Support (https://console.aws.amazon.com/support/home#/).
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// - UnsupportedAPIEndpointException
// This action isn't available in the current Amazon Web Services Region.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount
func (c *Organizations) CreateAccount(input *CreateAccountInput) (*CreateAccountOutput, error) {
req, out := c.CreateAccountRequest(input)
return out, req.Send()
}
// CreateAccountWithContext is the same as CreateAccount with the addition of
// the ability to pass a context and additional request options.
//
// See CreateAccount for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) CreateAccountWithContext(ctx aws.Context, input *CreateAccountInput, opts ...request.Option) (*CreateAccountOutput, error) {
req, out := c.CreateAccountRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opCreateGovCloudAccount = "CreateGovCloudAccount"
// CreateGovCloudAccountRequest generates a "aws/request.Request" representing the
// client's request for the CreateGovCloudAccount operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateGovCloudAccount for more information on using the CreateGovCloudAccount
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the CreateGovCloudAccountRequest method.
// req, resp := client.CreateGovCloudAccountRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccount
func (c *Organizations) CreateGovCloudAccountRequest(input *CreateGovCloudAccountInput) (req *request.Request, output *CreateGovCloudAccountOutput) {
op := &request.Operation{
Name: opCreateGovCloudAccount,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &CreateGovCloudAccountInput{}
}
output = &CreateGovCloudAccountOutput{}
req = c.newRequest(op, input, output)
return
}
// CreateGovCloudAccount API operation for AWS Organizations.
//
// This action is available if all of the following are true:
//
// - You're authorized to create accounts in the Amazon Web Services GovCloud
// (US) Region. For more information on the Amazon Web Services GovCloud
// (US) Region, see the Amazon Web Services GovCloud User Guide. (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/welcome.html)
//
// - You already have an account in the Amazon Web Services GovCloud (US)
// Region that is paired with a management account of an organization in
// the commercial Region.
//
// - You call this action from the management account of your organization
// in the commercial Region.
//
// - You have the organizations:CreateGovCloudAccount permission.
//
// Organizations automatically creates the required service-linked role named
// AWSServiceRoleForOrganizations. For more information, see Organizations and
// service-linked roles (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs)
// in the Organizations User Guide.
//
// Amazon Web Services automatically enables CloudTrail for Amazon Web Services
// GovCloud (US) accounts, but you should also do the following:
//
// - Verify that CloudTrail is enabled to store logs.
//
// - Create an Amazon S3 bucket for CloudTrail log storage. For more information,
// see Verifying CloudTrail Is Enabled (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/verifying-cloudtrail.html)
// in the Amazon Web Services GovCloud User Guide.
//
// If the request includes tags, then the requester must have the organizations:TagResource
// permission. The tags are attached to the commercial account associated with
// the GovCloud account, rather than the GovCloud account itself. To add tags
// to the GovCloud account, call the TagResource operation in the GovCloud Region
// after the new GovCloud account exists.
//
// You call this action from the management account of your organization in
// the commercial Region to create a standalone Amazon Web Services account
// in the Amazon Web Services GovCloud (US) Region. After the account is created,
// the management account of an organization in the Amazon Web Services GovCloud
// (US) Region can invite it to that organization. For more information on inviting
// standalone accounts in the Amazon Web Services GovCloud (US) to join an organization,
// see Organizations (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
// in the Amazon Web Services GovCloud User Guide.
//
// Calling CreateGovCloudAccount is an asynchronous request that Amazon Web
// Services performs in the background. Because CreateGovCloudAccount operates
// asynchronously, it can return a successful completion message even though
// account initialization might still be in progress. You might need to wait
// a few minutes before you can successfully access the account. To check the
// status of the request, do one of the following:
//
// - Use the OperationId response element from this operation to provide
// as a parameter to the DescribeCreateAccountStatus operation.
//
// - Check the CloudTrail log for the CreateAccountResult event. For information
// on using CloudTrail with Organizations, see Logging and monitoring in
// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_security_incident-response.html)
// in the Organizations User Guide.
//
// When you call the CreateGovCloudAccount action, you create two accounts:
// a standalone account in the Amazon Web Services GovCloud (US) Region and
// an associated account in the commercial Region for billing and support purposes.
// The account in the commercial Region is automatically a member of the organization
// whose credentials made the request. Both accounts are associated with the
// same email address.
//
// A role is created in the new account in the commercial Region that allows
// the management account in the organization in the commercial Region to assume
// it. An Amazon Web Services GovCloud (US) account is then created and associated
// with the commercial account that you just created. A role is also created
// in the new Amazon Web Services GovCloud (US) account that can be assumed
// by the Amazon Web Services GovCloud (US) account that is associated with
// the management account of the commercial organization. For more information
// and to view a diagram that explains how account access works, see Organizations
// (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
// in the Amazon Web Services GovCloud User Guide.
//
// For more information about creating accounts, see Creating a member account
// in your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html)
// in the Organizations User Guide.
//
// - When you create an account in an organization using the Organizations
// console, API, or CLI commands, the information required for the account
// to operate as a standalone account is not automatically collected. This
// includes a payment method and signing the end user license agreement (EULA).
// If you must remove an account from your organization later, you can do
// so only after you provide the missing information. For more information,
// see Considerations before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - If you get an exception that indicates that you exceeded your account
// limits for the organization, contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/).
//
// - If you get an exception that indicates that the operation failed because
// your organization is still initializing, wait one hour and then try again.
// If the error persists, contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/).
//
// - Using CreateGovCloudAccount to create multiple temporary accounts isn't
// recommended. You can only close an account from the Amazon Web Services
// Billing and Cost Management console, and you must be signed in as the
// root user. For information on the requirements and process for closing
// an account, see Closing a member account in your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html)
// in the Organizations User Guide.
//
// When you create a member account with this operation, you can choose whether
// to create the account with the IAM User and Role Access to Billing Information
// switch enabled. If you enable it, IAM users and roles that have appropriate
// permissions can view billing information for the account. If you disable
// it, only the account root user can access billing information. For information
// about how to disable this switch for an account, see Granting access to your
// billing information and tools (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation CreateGovCloudAccount for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - ConstraintViolationException
// Performing this operation violates a minimum or maximum value limit. For
// example, attempting to remove the last service control policy (SCP) from
// an OU or root, inviting or creating too many accounts to the organization,
// or attaching too many policies to an account, OU, or root. This exception
// includes a reason that contains additional information about the violated
// limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
// account from the organization. You can't remove the management account.
// Instead, after you remove all member accounts, delete the organization
// itself.
//
// - ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
// an account from the organization that doesn't yet have enough information
// to exist as a standalone account. This account requires you to first complete
// phone verification. Follow the steps at Removing a member account from
// your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
// in the Organizations User Guide.
//
// - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can create in one day.
//
// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or
// your account isn't fully active. You must complete the account setup before
// you create an organization.
//
// - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. If you need more accounts,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/)
// to request an increase in your limit. Or the number of invitations that
// you tried to send would cause you to exceed the limit of accounts in your
// organization. Send fewer invitations or contact Amazon Web Services Support
// to request an increase in the number of accounts. Deleted and closed accounts
// still count toward your limit. If you get this exception when running
// a command immediately after creating the organization, wait one hour and
// try again. After an hour, if the command continues to fail with this error,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/).
//
// - CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot
// register a suspended account as a delegated administrator.
//
// - CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
// register the management account of the organization as a delegated administrator
// for an Amazon Web Services service integrated with Organizations. You
// can designate only a member account as a delegated administrator.
//
// - CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management
// account. To close the management account for the organization, you must
// first either remove or close all member accounts in the organization.
// Follow standard account closure process using root credentials.
//
// - CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
// an account that is registered as a delegated administrator for a service
// integrated with your organization. To complete this operation, you must
// first deregister this account as a delegated administrator.
//
// - CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota
// for the past 30 days.
//
// - CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can close at a time.
//
// - CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
// organization in the specified region, you must enable all features mode.
//
// - DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
// an Amazon Web Services account as a delegated administrator for an Amazon
// Web Services service that already has a delegated administrator. To complete
// this operation, you must first deregister any existing delegated administrators
// for this service.
//
// - EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
// valid for a limited period of time. You must resubmit the request and
// generate a new verfication code.
//
// - HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// - INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no
// supported payment method is associated with the account. Amazon Web Services
// does not support cards issued by financial institutions in Russia or Belarus.
// For more information, see Managing your Amazon Web Services payments (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-general.html).
//
// - MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
// in this organization, you first must migrate the organization's management
// account to the marketplace that corresponds to the management account's
// address. All accounts in an organization must be associated with the same
// marketplace.
//
// - MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon
// Web Services Regions in China. To create an organization, the master must
// have a valid business license. For more information, contact customer
// support.
//
// - MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
// must first provide a valid contact address and phone number for the management
// account. Then try the operation again.
//
// - MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
// management account must have an associated account in the Amazon Web Services
// GovCloud (US-West) Region. For more information, see Organizations (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
// in the Amazon Web Services GovCloud User Guide.
//
// - MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
// with this management account, you first must associate a valid payment
// instrument, such as a credit card, with the account. For more information,
// see Considerations before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
// to register more delegated administrators than allowed for the service
// principal.
//
// - MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
// number of policies of a certain type that can be attached to an entity
// at one time.
//
// - MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
// on this resource.
//
// - MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
// with this member account, you first must associate a valid payment instrument,
// such as a credit card, with the account. For more information, see Considerations
// before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
// policy from an entity that would cause the entity to have fewer than the
// minimum number of policies of a certain type required.
//
// - ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
// that requires the organization to be configured to support all features.
// An organization that supports only consolidated billing features can't
// perform this operation.
//
// - OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
// too many levels deep.
//
// - OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
// that you can have in an organization.
//
// - POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
// is larger than the maximum size.
//
// - POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
// policies that you can have in an organization.
//
// - SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator
// before you enabled service access. Call the EnableAWSServiceAccess API
// first.
//
// - TAG_POLICY_VIOLATION: You attempted to create or update a resource with
// tags that are not compliant with the tag policy requirements for this
// account.
//
// - WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account,
// there is a waiting period before you can remove it from the organization.
// If you get an error that indicates that a wait period is required, try
// again in a few days.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - FinalizingOrganizationException
// Organizations couldn't perform the operation because your organization hasn't
// finished initializing. This can take up to an hour. Try again later. If after
// one hour you continue to receive this error, contact Amazon Web Services
// Support (https://console.aws.amazon.com/support/home#/).
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// - UnsupportedAPIEndpointException
// This action isn't available in the current Amazon Web Services Region.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccount
func (c *Organizations) CreateGovCloudAccount(input *CreateGovCloudAccountInput) (*CreateGovCloudAccountOutput, error) {
req, out := c.CreateGovCloudAccountRequest(input)
return out, req.Send()
}
// CreateGovCloudAccountWithContext is the same as CreateGovCloudAccount with the addition of
// the ability to pass a context and additional request options.
//
// See CreateGovCloudAccount for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) CreateGovCloudAccountWithContext(ctx aws.Context, input *CreateGovCloudAccountInput, opts ...request.Option) (*CreateGovCloudAccountOutput, error) {
req, out := c.CreateGovCloudAccountRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opCreateOrganization = "CreateOrganization"
// CreateOrganizationRequest generates a "aws/request.Request" representing the
// client's request for the CreateOrganization operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateOrganization for more information on using the CreateOrganization
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the CreateOrganizationRequest method.
// req, resp := client.CreateOrganizationRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganization
func (c *Organizations) CreateOrganizationRequest(input *CreateOrganizationInput) (req *request.Request, output *CreateOrganizationOutput) {
op := &request.Operation{
Name: opCreateOrganization,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &CreateOrganizationInput{}
}
output = &CreateOrganizationOutput{}
req = c.newRequest(op, input, output)
return
}
// CreateOrganization API operation for AWS Organizations.
//
// Creates an Amazon Web Services organization. The account whose user is calling
// the CreateOrganization operation automatically becomes the management account
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#account)
// of the new organization.
//
// This operation must be called using credentials from the account that is
// to become the new organization's management account. The principal must also
// have the relevant IAM permissions.
//
// By default (or if you set the FeatureSet parameter to ALL), the new organization
// is created with all features enabled and service control policies automatically
// enabled in the root. If you instead choose to create the organization supporting
// only the consolidated billing features by setting the FeatureSet parameter
// to CONSOLIDATED_BILLING, no policy types are enabled by default and you can't
// use organization policies.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation CreateOrganization for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AlreadyInOrganizationException
// This account is already a member of an organization. An account can belong
// to only one organization at a time.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - ConstraintViolationException
// Performing this operation violates a minimum or maximum value limit. For
// example, attempting to remove the last service control policy (SCP) from
// an OU or root, inviting or creating too many accounts to the organization,
// or attaching too many policies to an account, OU, or root. This exception
// includes a reason that contains additional information about the violated
// limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
// account from the organization. You can't remove the management account.
// Instead, after you remove all member accounts, delete the organization
// itself.
//
// - ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
// an account from the organization that doesn't yet have enough information
// to exist as a standalone account. This account requires you to first complete
// phone verification. Follow the steps at Removing a member account from
// your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
// in the Organizations User Guide.
//
// - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can create in one day.
//
// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or
// your account isn't fully active. You must complete the account setup before
// you create an organization.
//
// - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. If you need more accounts,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/)
// to request an increase in your limit. Or the number of invitations that
// you tried to send would cause you to exceed the limit of accounts in your
// organization. Send fewer invitations or contact Amazon Web Services Support
// to request an increase in the number of accounts. Deleted and closed accounts
// still count toward your limit. If you get this exception when running
// a command immediately after creating the organization, wait one hour and
// try again. After an hour, if the command continues to fail with this error,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/).
//
// - CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot
// register a suspended account as a delegated administrator.
//
// - CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
// register the management account of the organization as a delegated administrator
// for an Amazon Web Services service integrated with Organizations. You
// can designate only a member account as a delegated administrator.
//
// - CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management
// account. To close the management account for the organization, you must
// first either remove or close all member accounts in the organization.
// Follow standard account closure process using root credentials.
//
// - CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
// an account that is registered as a delegated administrator for a service
// integrated with your organization. To complete this operation, you must
// first deregister this account as a delegated administrator.
//
// - CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota
// for the past 30 days.
//
// - CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can close at a time.
//
// - CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
// organization in the specified region, you must enable all features mode.
//
// - DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
// an Amazon Web Services account as a delegated administrator for an Amazon
// Web Services service that already has a delegated administrator. To complete
// this operation, you must first deregister any existing delegated administrators
// for this service.
//
// - EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
// valid for a limited period of time. You must resubmit the request and
// generate a new verfication code.
//
// - HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// - INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no
// supported payment method is associated with the account. Amazon Web Services
// does not support cards issued by financial institutions in Russia or Belarus.
// For more information, see Managing your Amazon Web Services payments (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-general.html).
//
// - MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
// in this organization, you first must migrate the organization's management
// account to the marketplace that corresponds to the management account's
// address. All accounts in an organization must be associated with the same
// marketplace.
//
// - MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon
// Web Services Regions in China. To create an organization, the master must
// have a valid business license. For more information, contact customer
// support.
//
// - MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
// must first provide a valid contact address and phone number for the management
// account. Then try the operation again.
//
// - MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
// management account must have an associated account in the Amazon Web Services
// GovCloud (US-West) Region. For more information, see Organizations (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
// in the Amazon Web Services GovCloud User Guide.
//
// - MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
// with this management account, you first must associate a valid payment
// instrument, such as a credit card, with the account. For more information,
// see Considerations before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
// to register more delegated administrators than allowed for the service
// principal.
//
// - MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
// number of policies of a certain type that can be attached to an entity
// at one time.
//
// - MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
// on this resource.
//
// - MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
// with this member account, you first must associate a valid payment instrument,
// such as a credit card, with the account. For more information, see Considerations
// before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
// policy from an entity that would cause the entity to have fewer than the
// minimum number of policies of a certain type required.
//
// - ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
// that requires the organization to be configured to support all features.
// An organization that supports only consolidated billing features can't
// perform this operation.
//
// - OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
// too many levels deep.
//
// - OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
// that you can have in an organization.
//
// - POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
// is larger than the maximum size.
//
// - POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
// policies that you can have in an organization.
//
// - SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator
// before you enabled service access. Call the EnableAWSServiceAccess API
// first.
//
// - TAG_POLICY_VIOLATION: You attempted to create or update a resource with
// tags that are not compliant with the tag policy requirements for this
// account.
//
// - WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account,
// there is a waiting period before you can remove it from the organization.
// If you get an error that indicates that a wait period is required, try
// again in a few days.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// - AccessDeniedForDependencyException
// The operation that you attempted requires you to have the iam:CreateServiceLinkedRole
// for organizations.amazonaws.com permission so that Organizations can create
// the required service-linked role. You don't have that permission.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganization
func (c *Organizations) CreateOrganization(input *CreateOrganizationInput) (*CreateOrganizationOutput, error) {
req, out := c.CreateOrganizationRequest(input)
return out, req.Send()
}
// CreateOrganizationWithContext is the same as CreateOrganization with the addition of
// the ability to pass a context and additional request options.
//
// See CreateOrganization for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) CreateOrganizationWithContext(ctx aws.Context, input *CreateOrganizationInput, opts ...request.Option) (*CreateOrganizationOutput, error) {
req, out := c.CreateOrganizationRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opCreateOrganizationalUnit = "CreateOrganizationalUnit"
// CreateOrganizationalUnitRequest generates a "aws/request.Request" representing the
// client's request for the CreateOrganizationalUnit operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateOrganizationalUnit for more information on using the CreateOrganizationalUnit
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the CreateOrganizationalUnitRequest method.
// req, resp := client.CreateOrganizationalUnitRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationalUnit
func (c *Organizations) CreateOrganizationalUnitRequest(input *CreateOrganizationalUnitInput) (req *request.Request, output *CreateOrganizationalUnitOutput) {
op := &request.Operation{
Name: opCreateOrganizationalUnit,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &CreateOrganizationalUnitInput{}
}
output = &CreateOrganizationalUnitOutput{}
req = c.newRequest(op, input, output)
return
}
// CreateOrganizationalUnit API operation for AWS Organizations.
//
// Creates an organizational unit (OU) within a root or parent OU. An OU is
// a container for accounts that enables you to organize your accounts to apply
// policies according to your business requirements. The number of levels deep
// that you can nest OUs is dependent upon the policy types enabled for that
// root. For service control policies, the limit is five.
//
// For more information about OUs, see Managing organizational units (OUs) (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_ous.html)
// in the Organizations User Guide.
//
// If the request includes tags, then the requester must have the organizations:TagResource
// permission.
//
// This operation can be called only from the organization's management account.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation CreateOrganizationalUnit for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - ConstraintViolationException
// Performing this operation violates a minimum or maximum value limit. For
// example, attempting to remove the last service control policy (SCP) from
// an OU or root, inviting or creating too many accounts to the organization,
// or attaching too many policies to an account, OU, or root. This exception
// includes a reason that contains additional information about the violated
// limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
// account from the organization. You can't remove the management account.
// Instead, after you remove all member accounts, delete the organization
// itself.
//
// - ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
// an account from the organization that doesn't yet have enough information
// to exist as a standalone account. This account requires you to first complete
// phone verification. Follow the steps at Removing a member account from
// your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
// in the Organizations User Guide.
//
// - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can create in one day.
//
// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or
// your account isn't fully active. You must complete the account setup before
// you create an organization.
//
// - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. If you need more accounts,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/)
// to request an increase in your limit. Or the number of invitations that
// you tried to send would cause you to exceed the limit of accounts in your
// organization. Send fewer invitations or contact Amazon Web Services Support
// to request an increase in the number of accounts. Deleted and closed accounts
// still count toward your limit. If you get this exception when running
// a command immediately after creating the organization, wait one hour and
// try again. After an hour, if the command continues to fail with this error,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/).
//
// - CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot
// register a suspended account as a delegated administrator.
//
// - CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
// register the management account of the organization as a delegated administrator
// for an Amazon Web Services service integrated with Organizations. You
// can designate only a member account as a delegated administrator.
//
// - CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management
// account. To close the management account for the organization, you must
// first either remove or close all member accounts in the organization.
// Follow standard account closure process using root credentials.
//
// - CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
// an account that is registered as a delegated administrator for a service
// integrated with your organization. To complete this operation, you must
// first deregister this account as a delegated administrator.
//
// - CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota
// for the past 30 days.
//
// - CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can close at a time.
//
// - CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
// organization in the specified region, you must enable all features mode.
//
// - DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
// an Amazon Web Services account as a delegated administrator for an Amazon
// Web Services service that already has a delegated administrator. To complete
// this operation, you must first deregister any existing delegated administrators
// for this service.
//
// - EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
// valid for a limited period of time. You must resubmit the request and
// generate a new verfication code.
//
// - HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// - INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no
// supported payment method is associated with the account. Amazon Web Services
// does not support cards issued by financial institutions in Russia or Belarus.
// For more information, see Managing your Amazon Web Services payments (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-general.html).
//
// - MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
// in this organization, you first must migrate the organization's management
// account to the marketplace that corresponds to the management account's
// address. All accounts in an organization must be associated with the same
// marketplace.
//
// - MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon
// Web Services Regions in China. To create an organization, the master must
// have a valid business license. For more information, contact customer
// support.
//
// - MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
// must first provide a valid contact address and phone number for the management
// account. Then try the operation again.
//
// - MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
// management account must have an associated account in the Amazon Web Services
// GovCloud (US-West) Region. For more information, see Organizations (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
// in the Amazon Web Services GovCloud User Guide.
//
// - MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
// with this management account, you first must associate a valid payment
// instrument, such as a credit card, with the account. For more information,
// see Considerations before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
// to register more delegated administrators than allowed for the service
// principal.
//
// - MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
// number of policies of a certain type that can be attached to an entity
// at one time.
//
// - MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
// on this resource.
//
// - MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
// with this member account, you first must associate a valid payment instrument,
// such as a credit card, with the account. For more information, see Considerations
// before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
// policy from an entity that would cause the entity to have fewer than the
// minimum number of policies of a certain type required.
//
// - ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
// that requires the organization to be configured to support all features.
// An organization that supports only consolidated billing features can't
// perform this operation.
//
// - OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
// too many levels deep.
//
// - OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
// that you can have in an organization.
//
// - POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
// is larger than the maximum size.
//
// - POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
// policies that you can have in an organization.
//
// - SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator
// before you enabled service access. Call the EnableAWSServiceAccess API
// first.
//
// - TAG_POLICY_VIOLATION: You attempted to create or update a resource with
// tags that are not compliant with the tag policy requirements for this
// account.
//
// - WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account,
// there is a waiting period before you can remove it from the organization.
// If you get an error that indicates that a wait period is required, try
// again in a few days.
//
// - DuplicateOrganizationalUnitException
// An OU with the same name already exists.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - ParentNotFoundException
// We can't find a root or OU with the ParentId that you specified.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationalUnit
func (c *Organizations) CreateOrganizationalUnit(input *CreateOrganizationalUnitInput) (*CreateOrganizationalUnitOutput, error) {
req, out := c.CreateOrganizationalUnitRequest(input)
return out, req.Send()
}
// CreateOrganizationalUnitWithContext is the same as CreateOrganizationalUnit with the addition of
// the ability to pass a context and additional request options.
//
// See CreateOrganizationalUnit for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) CreateOrganizationalUnitWithContext(ctx aws.Context, input *CreateOrganizationalUnitInput, opts ...request.Option) (*CreateOrganizationalUnitOutput, error) {
req, out := c.CreateOrganizationalUnitRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opCreatePolicy = "CreatePolicy"
// CreatePolicyRequest generates a "aws/request.Request" representing the
// client's request for the CreatePolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreatePolicy for more information on using the CreatePolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the CreatePolicyRequest method.
// req, resp := client.CreatePolicyRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicy
func (c *Organizations) CreatePolicyRequest(input *CreatePolicyInput) (req *request.Request, output *CreatePolicyOutput) {
op := &request.Operation{
Name: opCreatePolicy,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &CreatePolicyInput{}
}
output = &CreatePolicyOutput{}
req = c.newRequest(op, input, output)
return
}
// CreatePolicy API operation for AWS Organizations.
//
// Creates a policy of a specified type that you can attach to a root, an organizational
// unit (OU), or an individual Amazon Web Services account.
//
// For more information about policies and their use, see Managing Organizations
// policies (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html).
//
// If the request includes tags, then the requester must have the organizations:TagResource
// permission.
//
// This operation can be called only from the organization's management account
// or by a member account that is a delegated administrator for an Amazon Web
// Services service.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation CreatePolicy for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - ConstraintViolationException
// Performing this operation violates a minimum or maximum value limit. For
// example, attempting to remove the last service control policy (SCP) from
// an OU or root, inviting or creating too many accounts to the organization,
// or attaching too many policies to an account, OU, or root. This exception
// includes a reason that contains additional information about the violated
// limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
// account from the organization. You can't remove the management account.
// Instead, after you remove all member accounts, delete the organization
// itself.
//
// - ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
// an account from the organization that doesn't yet have enough information
// to exist as a standalone account. This account requires you to first complete
// phone verification. Follow the steps at Removing a member account from
// your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
// in the Organizations User Guide.
//
// - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can create in one day.
//
// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or
// your account isn't fully active. You must complete the account setup before
// you create an organization.
//
// - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. If you need more accounts,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/)
// to request an increase in your limit. Or the number of invitations that
// you tried to send would cause you to exceed the limit of accounts in your
// organization. Send fewer invitations or contact Amazon Web Services Support
// to request an increase in the number of accounts. Deleted and closed accounts
// still count toward your limit. If you get this exception when running
// a command immediately after creating the organization, wait one hour and
// try again. After an hour, if the command continues to fail with this error,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/).
//
// - CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot
// register a suspended account as a delegated administrator.
//
// - CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
// register the management account of the organization as a delegated administrator
// for an Amazon Web Services service integrated with Organizations. You
// can designate only a member account as a delegated administrator.
//
// - CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management
// account. To close the management account for the organization, you must
// first either remove or close all member accounts in the organization.
// Follow standard account closure process using root credentials.
//
// - CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
// an account that is registered as a delegated administrator for a service
// integrated with your organization. To complete this operation, you must
// first deregister this account as a delegated administrator.
//
// - CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota
// for the past 30 days.
//
// - CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can close at a time.
//
// - CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
// organization in the specified region, you must enable all features mode.
//
// - DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
// an Amazon Web Services account as a delegated administrator for an Amazon
// Web Services service that already has a delegated administrator. To complete
// this operation, you must first deregister any existing delegated administrators
// for this service.
//
// - EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
// valid for a limited period of time. You must resubmit the request and
// generate a new verfication code.
//
// - HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// - INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no
// supported payment method is associated with the account. Amazon Web Services
// does not support cards issued by financial institutions in Russia or Belarus.
// For more information, see Managing your Amazon Web Services payments (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-general.html).
//
// - MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
// in this organization, you first must migrate the organization's management
// account to the marketplace that corresponds to the management account's
// address. All accounts in an organization must be associated with the same
// marketplace.
//
// - MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon
// Web Services Regions in China. To create an organization, the master must
// have a valid business license. For more information, contact customer
// support.
//
// - MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
// must first provide a valid contact address and phone number for the management
// account. Then try the operation again.
//
// - MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
// management account must have an associated account in the Amazon Web Services
// GovCloud (US-West) Region. For more information, see Organizations (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
// in the Amazon Web Services GovCloud User Guide.
//
// - MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
// with this management account, you first must associate a valid payment
// instrument, such as a credit card, with the account. For more information,
// see Considerations before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
// to register more delegated administrators than allowed for the service
// principal.
//
// - MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
// number of policies of a certain type that can be attached to an entity
// at one time.
//
// - MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
// on this resource.
//
// - MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
// with this member account, you first must associate a valid payment instrument,
// such as a credit card, with the account. For more information, see Considerations
// before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
// policy from an entity that would cause the entity to have fewer than the
// minimum number of policies of a certain type required.
//
// - ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
// that requires the organization to be configured to support all features.
// An organization that supports only consolidated billing features can't
// perform this operation.
//
// - OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
// too many levels deep.
//
// - OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
// that you can have in an organization.
//
// - POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
// is larger than the maximum size.
//
// - POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
// policies that you can have in an organization.
//
// - SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator
// before you enabled service access. Call the EnableAWSServiceAccess API
// first.
//
// - TAG_POLICY_VIOLATION: You attempted to create or update a resource with
// tags that are not compliant with the tag policy requirements for this
// account.
//
// - WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account,
// there is a waiting period before you can remove it from the organization.
// If you get an error that indicates that a wait period is required, try
// again in a few days.
//
// - DuplicatePolicyException
// A policy with the same name already exists.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - MalformedPolicyDocumentException
// The provided policy document doesn't meet the requirements of the specified
// policy type. For example, the syntax might be incorrect. For details about
// service control policy syntax, see SCP syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_syntax.html)
// in the Organizations User Guide.
//
// - PolicyTypeNotAvailableForOrganizationException
// You can't use the specified policy type with the feature set currently enabled
// for this organization. For example, you can enable SCPs only after you enable
// all features in the organization. For more information, see Managing Organizations
// policies (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root)in
// the Organizations User Guide.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// - UnsupportedAPIEndpointException
// This action isn't available in the current Amazon Web Services Region.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicy
func (c *Organizations) CreatePolicy(input *CreatePolicyInput) (*CreatePolicyOutput, error) {
req, out := c.CreatePolicyRequest(input)
return out, req.Send()
}
// CreatePolicyWithContext is the same as CreatePolicy with the addition of
// the ability to pass a context and additional request options.
//
// See CreatePolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) CreatePolicyWithContext(ctx aws.Context, input *CreatePolicyInput, opts ...request.Option) (*CreatePolicyOutput, error) {
req, out := c.CreatePolicyRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDeclineHandshake = "DeclineHandshake"
// DeclineHandshakeRequest generates a "aws/request.Request" representing the
// client's request for the DeclineHandshake operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeclineHandshake for more information on using the DeclineHandshake
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the DeclineHandshakeRequest method.
// req, resp := client.DeclineHandshakeRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeclineHandshake
func (c *Organizations) DeclineHandshakeRequest(input *DeclineHandshakeInput) (req *request.Request, output *DeclineHandshakeOutput) {
op := &request.Operation{
Name: opDeclineHandshake,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DeclineHandshakeInput{}
}
output = &DeclineHandshakeOutput{}
req = c.newRequest(op, input, output)
return
}
// DeclineHandshake API operation for AWS Organizations.
//
// Declines a handshake request. This sets the handshake state to DECLINED and
// effectively deactivates the request.
//
// This operation can be called only from the account that received the handshake.
// The originator of the handshake can use CancelHandshake instead. The originator
// can't reactivate a declined request, but can reinitiate the process with
// a new handshake request.
//
// After you decline a handshake, it continues to appear in the results of relevant
// APIs for only 30 days. After that, it's deleted.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation DeclineHandshake for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - HandshakeNotFoundException
// We can't find a handshake with the HandshakeId that you specified.
//
// - InvalidHandshakeTransitionException
// You can't perform the operation on the handshake in its current state. For
// example, you can't cancel a handshake that was already accepted or accept
// a handshake that was already declined.
//
// - HandshakeAlreadyInStateException
// The specified handshake is already in the requested state. For example, you
// can't accept a handshake that was already accepted.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeclineHandshake
func (c *Organizations) DeclineHandshake(input *DeclineHandshakeInput) (*DeclineHandshakeOutput, error) {
req, out := c.DeclineHandshakeRequest(input)
return out, req.Send()
}
// DeclineHandshakeWithContext is the same as DeclineHandshake with the addition of
// the ability to pass a context and additional request options.
//
// See DeclineHandshake for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) DeclineHandshakeWithContext(ctx aws.Context, input *DeclineHandshakeInput, opts ...request.Option) (*DeclineHandshakeOutput, error) {
req, out := c.DeclineHandshakeRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDeleteOrganization = "DeleteOrganization"
// DeleteOrganizationRequest generates a "aws/request.Request" representing the
// client's request for the DeleteOrganization operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteOrganization for more information on using the DeleteOrganization
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the DeleteOrganizationRequest method.
// req, resp := client.DeleteOrganizationRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganization
func (c *Organizations) DeleteOrganizationRequest(input *DeleteOrganizationInput) (req *request.Request, output *DeleteOrganizationOutput) {
op := &request.Operation{
Name: opDeleteOrganization,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DeleteOrganizationInput{}
}
output = &DeleteOrganizationOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
return
}
// DeleteOrganization API operation for AWS Organizations.
//
// Deletes the organization. You can delete an organization only by using credentials
// from the management account. The organization must be empty of member accounts.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation DeleteOrganization for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - OrganizationNotEmptyException
// The organization isn't empty. To delete an organization, you must first remove
// all accounts except the management account.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganization
func (c *Organizations) DeleteOrganization(input *DeleteOrganizationInput) (*DeleteOrganizationOutput, error) {
req, out := c.DeleteOrganizationRequest(input)
return out, req.Send()
}
// DeleteOrganizationWithContext is the same as DeleteOrganization with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteOrganization for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) DeleteOrganizationWithContext(ctx aws.Context, input *DeleteOrganizationInput, opts ...request.Option) (*DeleteOrganizationOutput, error) {
req, out := c.DeleteOrganizationRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDeleteOrganizationalUnit = "DeleteOrganizationalUnit"
// DeleteOrganizationalUnitRequest generates a "aws/request.Request" representing the
// client's request for the DeleteOrganizationalUnit operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteOrganizationalUnit for more information on using the DeleteOrganizationalUnit
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the DeleteOrganizationalUnitRequest method.
// req, resp := client.DeleteOrganizationalUnitRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganizationalUnit
func (c *Organizations) DeleteOrganizationalUnitRequest(input *DeleteOrganizationalUnitInput) (req *request.Request, output *DeleteOrganizationalUnitOutput) {
op := &request.Operation{
Name: opDeleteOrganizationalUnit,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DeleteOrganizationalUnitInput{}
}
output = &DeleteOrganizationalUnitOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
return
}
// DeleteOrganizationalUnit API operation for AWS Organizations.
//
// Deletes an organizational unit (OU) from a root or another OU. You must first
// remove all accounts and child OUs from the OU that you want to delete.
//
// This operation can be called only from the organization's management account.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation DeleteOrganizationalUnit for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - OrganizationalUnitNotEmptyException
// The specified OU is not empty. Move all accounts to another root or to other
// OUs, remove all child OUs, and try the operation again.
//
// - OrganizationalUnitNotFoundException
// We can't find an OU with the OrganizationalUnitId that you specified.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganizationalUnit
func (c *Organizations) DeleteOrganizationalUnit(input *DeleteOrganizationalUnitInput) (*DeleteOrganizationalUnitOutput, error) {
req, out := c.DeleteOrganizationalUnitRequest(input)
return out, req.Send()
}
// DeleteOrganizationalUnitWithContext is the same as DeleteOrganizationalUnit with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteOrganizationalUnit for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) DeleteOrganizationalUnitWithContext(ctx aws.Context, input *DeleteOrganizationalUnitInput, opts ...request.Option) (*DeleteOrganizationalUnitOutput, error) {
req, out := c.DeleteOrganizationalUnitRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDeletePolicy = "DeletePolicy"
// DeletePolicyRequest generates a "aws/request.Request" representing the
// client's request for the DeletePolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeletePolicy for more information on using the DeletePolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the DeletePolicyRequest method.
// req, resp := client.DeletePolicyRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeletePolicy
func (c *Organizations) DeletePolicyRequest(input *DeletePolicyInput) (req *request.Request, output *DeletePolicyOutput) {
op := &request.Operation{
Name: opDeletePolicy,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DeletePolicyInput{}
}
output = &DeletePolicyOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
return
}
// DeletePolicy API operation for AWS Organizations.
//
// Deletes the specified policy from your organization. Before you perform this
// operation, you must first detach the policy from all organizational units
// (OUs), roots, and accounts.
//
// This operation can be called only from the organization's management account
// or by a member account that is a delegated administrator for an Amazon Web
// Services service.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation DeletePolicy for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - PolicyInUseException
// The policy is attached to one or more entities. You must detach it from all
// roots, OUs, and accounts before performing this operation.
//
// - PolicyNotFoundException
// We can't find a policy with the PolicyId that you specified.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// - UnsupportedAPIEndpointException
// This action isn't available in the current Amazon Web Services Region.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeletePolicy
func (c *Organizations) DeletePolicy(input *DeletePolicyInput) (*DeletePolicyOutput, error) {
req, out := c.DeletePolicyRequest(input)
return out, req.Send()
}
// DeletePolicyWithContext is the same as DeletePolicy with the addition of
// the ability to pass a context and additional request options.
//
// See DeletePolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) DeletePolicyWithContext(ctx aws.Context, input *DeletePolicyInput, opts ...request.Option) (*DeletePolicyOutput, error) {
req, out := c.DeletePolicyRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDeleteResourcePolicy = "DeleteResourcePolicy"
// DeleteResourcePolicyRequest generates a "aws/request.Request" representing the
// client's request for the DeleteResourcePolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteResourcePolicy for more information on using the DeleteResourcePolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the DeleteResourcePolicyRequest method.
// req, resp := client.DeleteResourcePolicyRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteResourcePolicy
func (c *Organizations) DeleteResourcePolicyRequest(input *DeleteResourcePolicyInput) (req *request.Request, output *DeleteResourcePolicyOutput) {
op := &request.Operation{
Name: opDeleteResourcePolicy,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DeleteResourcePolicyInput{}
}
output = &DeleteResourcePolicyOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
return
}
// DeleteResourcePolicy API operation for AWS Organizations.
//
// Deletes the resource policy from your organization.
//
// You can only call this operation from the organization's management account.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation DeleteResourcePolicy for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - UnsupportedAPIEndpointException
// This action isn't available in the current Amazon Web Services Region.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - ConstraintViolationException
// Performing this operation violates a minimum or maximum value limit. For
// example, attempting to remove the last service control policy (SCP) from
// an OU or root, inviting or creating too many accounts to the organization,
// or attaching too many policies to an account, OU, or root. This exception
// includes a reason that contains additional information about the violated
// limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
// account from the organization. You can't remove the management account.
// Instead, after you remove all member accounts, delete the organization
// itself.
//
// - ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
// an account from the organization that doesn't yet have enough information
// to exist as a standalone account. This account requires you to first complete
// phone verification. Follow the steps at Removing a member account from
// your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
// in the Organizations User Guide.
//
// - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can create in one day.
//
// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or
// your account isn't fully active. You must complete the account setup before
// you create an organization.
//
// - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. If you need more accounts,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/)
// to request an increase in your limit. Or the number of invitations that
// you tried to send would cause you to exceed the limit of accounts in your
// organization. Send fewer invitations or contact Amazon Web Services Support
// to request an increase in the number of accounts. Deleted and closed accounts
// still count toward your limit. If you get this exception when running
// a command immediately after creating the organization, wait one hour and
// try again. After an hour, if the command continues to fail with this error,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/).
//
// - CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot
// register a suspended account as a delegated administrator.
//
// - CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
// register the management account of the organization as a delegated administrator
// for an Amazon Web Services service integrated with Organizations. You
// can designate only a member account as a delegated administrator.
//
// - CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management
// account. To close the management account for the organization, you must
// first either remove or close all member accounts in the organization.
// Follow standard account closure process using root credentials.
//
// - CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
// an account that is registered as a delegated administrator for a service
// integrated with your organization. To complete this operation, you must
// first deregister this account as a delegated administrator.
//
// - CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota
// for the past 30 days.
//
// - CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can close at a time.
//
// - CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
// organization in the specified region, you must enable all features mode.
//
// - DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
// an Amazon Web Services account as a delegated administrator for an Amazon
// Web Services service that already has a delegated administrator. To complete
// this operation, you must first deregister any existing delegated administrators
// for this service.
//
// - EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
// valid for a limited period of time. You must resubmit the request and
// generate a new verfication code.
//
// - HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// - INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no
// supported payment method is associated with the account. Amazon Web Services
// does not support cards issued by financial institutions in Russia or Belarus.
// For more information, see Managing your Amazon Web Services payments (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-general.html).
//
// - MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
// in this organization, you first must migrate the organization's management
// account to the marketplace that corresponds to the management account's
// address. All accounts in an organization must be associated with the same
// marketplace.
//
// - MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon
// Web Services Regions in China. To create an organization, the master must
// have a valid business license. For more information, contact customer
// support.
//
// - MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
// must first provide a valid contact address and phone number for the management
// account. Then try the operation again.
//
// - MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
// management account must have an associated account in the Amazon Web Services
// GovCloud (US-West) Region. For more information, see Organizations (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
// in the Amazon Web Services GovCloud User Guide.
//
// - MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
// with this management account, you first must associate a valid payment
// instrument, such as a credit card, with the account. For more information,
// see Considerations before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
// to register more delegated administrators than allowed for the service
// principal.
//
// - MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
// number of policies of a certain type that can be attached to an entity
// at one time.
//
// - MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
// on this resource.
//
// - MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
// with this member account, you first must associate a valid payment instrument,
// such as a credit card, with the account. For more information, see Considerations
// before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
// policy from an entity that would cause the entity to have fewer than the
// minimum number of policies of a certain type required.
//
// - ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
// that requires the organization to be configured to support all features.
// An organization that supports only consolidated billing features can't
// perform this operation.
//
// - OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
// too many levels deep.
//
// - OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
// that you can have in an organization.
//
// - POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
// is larger than the maximum size.
//
// - POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
// policies that you can have in an organization.
//
// - SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator
// before you enabled service access. Call the EnableAWSServiceAccess API
// first.
//
// - TAG_POLICY_VIOLATION: You attempted to create or update a resource with
// tags that are not compliant with the tag policy requirements for this
// account.
//
// - WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account,
// there is a waiting period before you can remove it from the organization.
// If you get an error that indicates that a wait period is required, try
// again in a few days.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - ResourcePolicyNotFoundException
// We can't find a resource policy request with the parameter that you specified.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteResourcePolicy
func (c *Organizations) DeleteResourcePolicy(input *DeleteResourcePolicyInput) (*DeleteResourcePolicyOutput, error) {
req, out := c.DeleteResourcePolicyRequest(input)
return out, req.Send()
}
// DeleteResourcePolicyWithContext is the same as DeleteResourcePolicy with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteResourcePolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) DeleteResourcePolicyWithContext(ctx aws.Context, input *DeleteResourcePolicyInput, opts ...request.Option) (*DeleteResourcePolicyOutput, error) {
req, out := c.DeleteResourcePolicyRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDeregisterDelegatedAdministrator = "DeregisterDelegatedAdministrator"
// DeregisterDelegatedAdministratorRequest generates a "aws/request.Request" representing the
// client's request for the DeregisterDelegatedAdministrator operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeregisterDelegatedAdministrator for more information on using the DeregisterDelegatedAdministrator
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the DeregisterDelegatedAdministratorRequest method.
// req, resp := client.DeregisterDelegatedAdministratorRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeregisterDelegatedAdministrator
func (c *Organizations) DeregisterDelegatedAdministratorRequest(input *DeregisterDelegatedAdministratorInput) (req *request.Request, output *DeregisterDelegatedAdministratorOutput) {
op := &request.Operation{
Name: opDeregisterDelegatedAdministrator,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DeregisterDelegatedAdministratorInput{}
}
output = &DeregisterDelegatedAdministratorOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
return
}
// DeregisterDelegatedAdministrator API operation for AWS Organizations.
//
// Removes the specified member Amazon Web Services account as a delegated administrator
// for the specified Amazon Web Services service.
//
// Deregistering a delegated administrator can have unintended impacts on the
// functionality of the enabled Amazon Web Services service. See the documentation
// for the enabled service before you deregister a delegated administrator so
// that you understand any potential impacts.
//
// You can run this action only for Amazon Web Services services that support
// this feature. For a current list of services that support it, see the column
// Supports Delegated Administrator in the table at Amazon Web Services Services
// that you can use with Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html)
// in the Organizations User Guide.
//
// This operation can be called only from the organization's management account.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation DeregisterDelegatedAdministrator for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AccountNotFoundException
// We can't find an Amazon Web Services account with the AccountId that you
// specified, or the account whose credentials you used to make this request
// isn't a member of an organization.
//
// - AccountNotRegisteredException
// The specified account is not a delegated administrator for this Amazon Web
// Services service.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - ConstraintViolationException
// Performing this operation violates a minimum or maximum value limit. For
// example, attempting to remove the last service control policy (SCP) from
// an OU or root, inviting or creating too many accounts to the organization,
// or attaching too many policies to an account, OU, or root. This exception
// includes a reason that contains additional information about the violated
// limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
// account from the organization. You can't remove the management account.
// Instead, after you remove all member accounts, delete the organization
// itself.
//
// - ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
// an account from the organization that doesn't yet have enough information
// to exist as a standalone account. This account requires you to first complete
// phone verification. Follow the steps at Removing a member account from
// your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
// in the Organizations User Guide.
//
// - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can create in one day.
//
// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or
// your account isn't fully active. You must complete the account setup before
// you create an organization.
//
// - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. If you need more accounts,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/)
// to request an increase in your limit. Or the number of invitations that
// you tried to send would cause you to exceed the limit of accounts in your
// organization. Send fewer invitations or contact Amazon Web Services Support
// to request an increase in the number of accounts. Deleted and closed accounts
// still count toward your limit. If you get this exception when running
// a command immediately after creating the organization, wait one hour and
// try again. After an hour, if the command continues to fail with this error,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/).
//
// - CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot
// register a suspended account as a delegated administrator.
//
// - CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
// register the management account of the organization as a delegated administrator
// for an Amazon Web Services service integrated with Organizations. You
// can designate only a member account as a delegated administrator.
//
// - CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management
// account. To close the management account for the organization, you must
// first either remove or close all member accounts in the organization.
// Follow standard account closure process using root credentials.
//
// - CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
// an account that is registered as a delegated administrator for a service
// integrated with your organization. To complete this operation, you must
// first deregister this account as a delegated administrator.
//
// - CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota
// for the past 30 days.
//
// - CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can close at a time.
//
// - CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
// organization in the specified region, you must enable all features mode.
//
// - DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
// an Amazon Web Services account as a delegated administrator for an Amazon
// Web Services service that already has a delegated administrator. To complete
// this operation, you must first deregister any existing delegated administrators
// for this service.
//
// - EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
// valid for a limited period of time. You must resubmit the request and
// generate a new verfication code.
//
// - HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// - INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no
// supported payment method is associated with the account. Amazon Web Services
// does not support cards issued by financial institutions in Russia or Belarus.
// For more information, see Managing your Amazon Web Services payments (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-general.html).
//
// - MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
// in this organization, you first must migrate the organization's management
// account to the marketplace that corresponds to the management account's
// address. All accounts in an organization must be associated with the same
// marketplace.
//
// - MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon
// Web Services Regions in China. To create an organization, the master must
// have a valid business license. For more information, contact customer
// support.
//
// - MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
// must first provide a valid contact address and phone number for the management
// account. Then try the operation again.
//
// - MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
// management account must have an associated account in the Amazon Web Services
// GovCloud (US-West) Region. For more information, see Organizations (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
// in the Amazon Web Services GovCloud User Guide.
//
// - MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
// with this management account, you first must associate a valid payment
// instrument, such as a credit card, with the account. For more information,
// see Considerations before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
// to register more delegated administrators than allowed for the service
// principal.
//
// - MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
// number of policies of a certain type that can be attached to an entity
// at one time.
//
// - MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
// on this resource.
//
// - MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
// with this member account, you first must associate a valid payment instrument,
// such as a credit card, with the account. For more information, see Considerations
// before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
// policy from an entity that would cause the entity to have fewer than the
// minimum number of policies of a certain type required.
//
// - ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
// that requires the organization to be configured to support all features.
// An organization that supports only consolidated billing features can't
// perform this operation.
//
// - OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
// too many levels deep.
//
// - OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
// that you can have in an organization.
//
// - POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
// is larger than the maximum size.
//
// - POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
// policies that you can have in an organization.
//
// - SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator
// before you enabled service access. Call the EnableAWSServiceAccess API
// first.
//
// - TAG_POLICY_VIOLATION: You attempted to create or update a resource with
// tags that are not compliant with the tag policy requirements for this
// account.
//
// - WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account,
// there is a waiting period before you can remove it from the organization.
// If you get an error that indicates that a wait period is required, try
// again in a few days.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - UnsupportedAPIEndpointException
// This action isn't available in the current Amazon Web Services Region.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeregisterDelegatedAdministrator
func (c *Organizations) DeregisterDelegatedAdministrator(input *DeregisterDelegatedAdministratorInput) (*DeregisterDelegatedAdministratorOutput, error) {
req, out := c.DeregisterDelegatedAdministratorRequest(input)
return out, req.Send()
}
// DeregisterDelegatedAdministratorWithContext is the same as DeregisterDelegatedAdministrator with the addition of
// the ability to pass a context and additional request options.
//
// See DeregisterDelegatedAdministrator for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) DeregisterDelegatedAdministratorWithContext(ctx aws.Context, input *DeregisterDelegatedAdministratorInput, opts ...request.Option) (*DeregisterDelegatedAdministratorOutput, error) {
req, out := c.DeregisterDelegatedAdministratorRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDescribeAccount = "DescribeAccount"
// DescribeAccountRequest generates a "aws/request.Request" representing the
// client's request for the DescribeAccount operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DescribeAccount for more information on using the DescribeAccount
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the DescribeAccountRequest method.
// req, resp := client.DescribeAccountRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeAccount
func (c *Organizations) DescribeAccountRequest(input *DescribeAccountInput) (req *request.Request, output *DescribeAccountOutput) {
op := &request.Operation{
Name: opDescribeAccount,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DescribeAccountInput{}
}
output = &DescribeAccountOutput{}
req = c.newRequest(op, input, output)
return
}
// DescribeAccount API operation for AWS Organizations.
//
// Retrieves Organizations-related information about the specified account.
//
// This operation can be called only from the organization's management account
// or by a member account that is a delegated administrator for an Amazon Web
// Services service.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation DescribeAccount for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AccountNotFoundException
// We can't find an Amazon Web Services account with the AccountId that you
// specified, or the account whose credentials you used to make this request
// isn't a member of an organization.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeAccount
func (c *Organizations) DescribeAccount(input *DescribeAccountInput) (*DescribeAccountOutput, error) {
req, out := c.DescribeAccountRequest(input)
return out, req.Send()
}
// DescribeAccountWithContext is the same as DescribeAccount with the addition of
// the ability to pass a context and additional request options.
//
// See DescribeAccount for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) DescribeAccountWithContext(ctx aws.Context, input *DescribeAccountInput, opts ...request.Option) (*DescribeAccountOutput, error) {
req, out := c.DescribeAccountRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDescribeCreateAccountStatus = "DescribeCreateAccountStatus"
// DescribeCreateAccountStatusRequest generates a "aws/request.Request" representing the
// client's request for the DescribeCreateAccountStatus operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DescribeCreateAccountStatus for more information on using the DescribeCreateAccountStatus
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the DescribeCreateAccountStatusRequest method.
// req, resp := client.DescribeCreateAccountStatusRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus
func (c *Organizations) DescribeCreateAccountStatusRequest(input *DescribeCreateAccountStatusInput) (req *request.Request, output *DescribeCreateAccountStatusOutput) {
op := &request.Operation{
Name: opDescribeCreateAccountStatus,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DescribeCreateAccountStatusInput{}
}
output = &DescribeCreateAccountStatusOutput{}
req = c.newRequest(op, input, output)
return
}
// DescribeCreateAccountStatus API operation for AWS Organizations.
//
// Retrieves the current status of an asynchronous request to create an account.
//
// This operation can be called only from the organization's management account
// or by a member account that is a delegated administrator for an Amazon Web
// Services service.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation DescribeCreateAccountStatus for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - CreateAccountStatusNotFoundException
// We can't find an create account request with the CreateAccountRequestId that
// you specified.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// - UnsupportedAPIEndpointException
// This action isn't available in the current Amazon Web Services Region.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus
func (c *Organizations) DescribeCreateAccountStatus(input *DescribeCreateAccountStatusInput) (*DescribeCreateAccountStatusOutput, error) {
req, out := c.DescribeCreateAccountStatusRequest(input)
return out, req.Send()
}
// DescribeCreateAccountStatusWithContext is the same as DescribeCreateAccountStatus with the addition of
// the ability to pass a context and additional request options.
//
// See DescribeCreateAccountStatus for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) DescribeCreateAccountStatusWithContext(ctx aws.Context, input *DescribeCreateAccountStatusInput, opts ...request.Option) (*DescribeCreateAccountStatusOutput, error) {
req, out := c.DescribeCreateAccountStatusRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDescribeEffectivePolicy = "DescribeEffectivePolicy"
// DescribeEffectivePolicyRequest generates a "aws/request.Request" representing the
// client's request for the DescribeEffectivePolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DescribeEffectivePolicy for more information on using the DescribeEffectivePolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the DescribeEffectivePolicyRequest method.
// req, resp := client.DescribeEffectivePolicyRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeEffectivePolicy
func (c *Organizations) DescribeEffectivePolicyRequest(input *DescribeEffectivePolicyInput) (req *request.Request, output *DescribeEffectivePolicyOutput) {
op := &request.Operation{
Name: opDescribeEffectivePolicy,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DescribeEffectivePolicyInput{}
}
output = &DescribeEffectivePolicyOutput{}
req = c.newRequest(op, input, output)
return
}
// DescribeEffectivePolicy API operation for AWS Organizations.
//
// Returns the contents of the effective policy for specified policy type and
// account. The effective policy is the aggregation of any policies of the specified
// type that the account inherits, plus any policy of that type that is directly
// attached to the account.
//
// This operation applies only to policy types other than service control policies
// (SCPs).
//
// For more information about policy inheritance, see Understanding management
// policy inheritance (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_inheritance_mgmt.html)
// in the Organizations User Guide.
//
// This operation can be called from any account in the organization.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation DescribeEffectivePolicy for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - ConstraintViolationException
// Performing this operation violates a minimum or maximum value limit. For
// example, attempting to remove the last service control policy (SCP) from
// an OU or root, inviting or creating too many accounts to the organization,
// or attaching too many policies to an account, OU, or root. This exception
// includes a reason that contains additional information about the violated
// limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
// account from the organization. You can't remove the management account.
// Instead, after you remove all member accounts, delete the organization
// itself.
//
// - ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
// an account from the organization that doesn't yet have enough information
// to exist as a standalone account. This account requires you to first complete
// phone verification. Follow the steps at Removing a member account from
// your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
// in the Organizations User Guide.
//
// - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can create in one day.
//
// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or
// your account isn't fully active. You must complete the account setup before
// you create an organization.
//
// - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. If you need more accounts,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/)
// to request an increase in your limit. Or the number of invitations that
// you tried to send would cause you to exceed the limit of accounts in your
// organization. Send fewer invitations or contact Amazon Web Services Support
// to request an increase in the number of accounts. Deleted and closed accounts
// still count toward your limit. If you get this exception when running
// a command immediately after creating the organization, wait one hour and
// try again. After an hour, if the command continues to fail with this error,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/).
//
// - CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot
// register a suspended account as a delegated administrator.
//
// - CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
// register the management account of the organization as a delegated administrator
// for an Amazon Web Services service integrated with Organizations. You
// can designate only a member account as a delegated administrator.
//
// - CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management
// account. To close the management account for the organization, you must
// first either remove or close all member accounts in the organization.
// Follow standard account closure process using root credentials.
//
// - CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
// an account that is registered as a delegated administrator for a service
// integrated with your organization. To complete this operation, you must
// first deregister this account as a delegated administrator.
//
// - CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota
// for the past 30 days.
//
// - CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can close at a time.
//
// - CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
// organization in the specified region, you must enable all features mode.
//
// - DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
// an Amazon Web Services account as a delegated administrator for an Amazon
// Web Services service that already has a delegated administrator. To complete
// this operation, you must first deregister any existing delegated administrators
// for this service.
//
// - EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
// valid for a limited period of time. You must resubmit the request and
// generate a new verfication code.
//
// - HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// - INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no
// supported payment method is associated with the account. Amazon Web Services
// does not support cards issued by financial institutions in Russia or Belarus.
// For more information, see Managing your Amazon Web Services payments (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-general.html).
//
// - MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
// in this organization, you first must migrate the organization's management
// account to the marketplace that corresponds to the management account's
// address. All accounts in an organization must be associated with the same
// marketplace.
//
// - MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon
// Web Services Regions in China. To create an organization, the master must
// have a valid business license. For more information, contact customer
// support.
//
// - MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
// must first provide a valid contact address and phone number for the management
// account. Then try the operation again.
//
// - MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
// management account must have an associated account in the Amazon Web Services
// GovCloud (US-West) Region. For more information, see Organizations (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
// in the Amazon Web Services GovCloud User Guide.
//
// - MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
// with this management account, you first must associate a valid payment
// instrument, such as a credit card, with the account. For more information,
// see Considerations before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
// to register more delegated administrators than allowed for the service
// principal.
//
// - MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
// number of policies of a certain type that can be attached to an entity
// at one time.
//
// - MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
// on this resource.
//
// - MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
// with this member account, you first must associate a valid payment instrument,
// such as a credit card, with the account. For more information, see Considerations
// before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
// policy from an entity that would cause the entity to have fewer than the
// minimum number of policies of a certain type required.
//
// - ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
// that requires the organization to be configured to support all features.
// An organization that supports only consolidated billing features can't
// perform this operation.
//
// - OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
// too many levels deep.
//
// - OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
// that you can have in an organization.
//
// - POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
// is larger than the maximum size.
//
// - POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
// policies that you can have in an organization.
//
// - SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator
// before you enabled service access. Call the EnableAWSServiceAccess API
// first.
//
// - TAG_POLICY_VIOLATION: You attempted to create or update a resource with
// tags that are not compliant with the tag policy requirements for this
// account.
//
// - WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account,
// there is a waiting period before you can remove it from the organization.
// If you get an error that indicates that a wait period is required, try
// again in a few days.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// - TargetNotFoundException
// We can't find a root, OU, account, or policy with the TargetId that you specified.
//
// - EffectivePolicyNotFoundException
// If you ran this action on the management account, this policy type is not
// enabled. If you ran the action on a member account, the account doesn't have
// an effective policy of this type. Contact the administrator of your organization
// about attaching a policy of this type to the account.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - UnsupportedAPIEndpointException
// This action isn't available in the current Amazon Web Services Region.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeEffectivePolicy
func (c *Organizations) DescribeEffectivePolicy(input *DescribeEffectivePolicyInput) (*DescribeEffectivePolicyOutput, error) {
req, out := c.DescribeEffectivePolicyRequest(input)
return out, req.Send()
}
// DescribeEffectivePolicyWithContext is the same as DescribeEffectivePolicy with the addition of
// the ability to pass a context and additional request options.
//
// See DescribeEffectivePolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) DescribeEffectivePolicyWithContext(ctx aws.Context, input *DescribeEffectivePolicyInput, opts ...request.Option) (*DescribeEffectivePolicyOutput, error) {
req, out := c.DescribeEffectivePolicyRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDescribeHandshake = "DescribeHandshake"
// DescribeHandshakeRequest generates a "aws/request.Request" representing the
// client's request for the DescribeHandshake operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DescribeHandshake for more information on using the DescribeHandshake
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the DescribeHandshakeRequest method.
// req, resp := client.DescribeHandshakeRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeHandshake
func (c *Organizations) DescribeHandshakeRequest(input *DescribeHandshakeInput) (req *request.Request, output *DescribeHandshakeOutput) {
op := &request.Operation{
Name: opDescribeHandshake,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DescribeHandshakeInput{}
}
output = &DescribeHandshakeOutput{}
req = c.newRequest(op, input, output)
return
}
// DescribeHandshake API operation for AWS Organizations.
//
// Retrieves information about a previously requested handshake. The handshake
// ID comes from the response to the original InviteAccountToOrganization operation
// that generated the handshake.
//
// You can access handshakes that are ACCEPTED, DECLINED, or CANCELED for only
// 30 days after they change to that state. They're then deleted and no longer
// accessible.
//
// This operation can be called from any account in the organization.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation DescribeHandshake for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - HandshakeNotFoundException
// We can't find a handshake with the HandshakeId that you specified.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeHandshake
func (c *Organizations) DescribeHandshake(input *DescribeHandshakeInput) (*DescribeHandshakeOutput, error) {
req, out := c.DescribeHandshakeRequest(input)
return out, req.Send()
}
// DescribeHandshakeWithContext is the same as DescribeHandshake with the addition of
// the ability to pass a context and additional request options.
//
// See DescribeHandshake for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) DescribeHandshakeWithContext(ctx aws.Context, input *DescribeHandshakeInput, opts ...request.Option) (*DescribeHandshakeOutput, error) {
req, out := c.DescribeHandshakeRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDescribeOrganization = "DescribeOrganization"
// DescribeOrganizationRequest generates a "aws/request.Request" representing the
// client's request for the DescribeOrganization operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DescribeOrganization for more information on using the DescribeOrganization
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the DescribeOrganizationRequest method.
// req, resp := client.DescribeOrganizationRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganization
func (c *Organizations) DescribeOrganizationRequest(input *DescribeOrganizationInput) (req *request.Request, output *DescribeOrganizationOutput) {
op := &request.Operation{
Name: opDescribeOrganization,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DescribeOrganizationInput{}
}
output = &DescribeOrganizationOutput{}
req = c.newRequest(op, input, output)
return
}
// DescribeOrganization API operation for AWS Organizations.
//
// Retrieves information about the organization that the user's account belongs
// to.
//
// This operation can be called from any account in the organization.
//
// Even if a policy type is shown as available in the organization, you can
// disable it separately at the root level with DisablePolicyType. Use ListRoots
// to see the status of policy types for a specified root.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation DescribeOrganization for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganization
func (c *Organizations) DescribeOrganization(input *DescribeOrganizationInput) (*DescribeOrganizationOutput, error) {
req, out := c.DescribeOrganizationRequest(input)
return out, req.Send()
}
// DescribeOrganizationWithContext is the same as DescribeOrganization with the addition of
// the ability to pass a context and additional request options.
//
// See DescribeOrganization for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) DescribeOrganizationWithContext(ctx aws.Context, input *DescribeOrganizationInput, opts ...request.Option) (*DescribeOrganizationOutput, error) {
req, out := c.DescribeOrganizationRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDescribeOrganizationalUnit = "DescribeOrganizationalUnit"
// DescribeOrganizationalUnitRequest generates a "aws/request.Request" representing the
// client's request for the DescribeOrganizationalUnit operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DescribeOrganizationalUnit for more information on using the DescribeOrganizationalUnit
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the DescribeOrganizationalUnitRequest method.
// req, resp := client.DescribeOrganizationalUnitRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationalUnit
func (c *Organizations) DescribeOrganizationalUnitRequest(input *DescribeOrganizationalUnitInput) (req *request.Request, output *DescribeOrganizationalUnitOutput) {
op := &request.Operation{
Name: opDescribeOrganizationalUnit,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DescribeOrganizationalUnitInput{}
}
output = &DescribeOrganizationalUnitOutput{}
req = c.newRequest(op, input, output)
return
}
// DescribeOrganizationalUnit API operation for AWS Organizations.
//
// Retrieves information about an organizational unit (OU).
//
// This operation can be called only from the organization's management account
// or by a member account that is a delegated administrator for an Amazon Web
// Services service.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation DescribeOrganizationalUnit for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - OrganizationalUnitNotFoundException
// We can't find an OU with the OrganizationalUnitId that you specified.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationalUnit
func (c *Organizations) DescribeOrganizationalUnit(input *DescribeOrganizationalUnitInput) (*DescribeOrganizationalUnitOutput, error) {
req, out := c.DescribeOrganizationalUnitRequest(input)
return out, req.Send()
}
// DescribeOrganizationalUnitWithContext is the same as DescribeOrganizationalUnit with the addition of
// the ability to pass a context and additional request options.
//
// See DescribeOrganizationalUnit for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) DescribeOrganizationalUnitWithContext(ctx aws.Context, input *DescribeOrganizationalUnitInput, opts ...request.Option) (*DescribeOrganizationalUnitOutput, error) {
req, out := c.DescribeOrganizationalUnitRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDescribePolicy = "DescribePolicy"
// DescribePolicyRequest generates a "aws/request.Request" representing the
// client's request for the DescribePolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DescribePolicy for more information on using the DescribePolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the DescribePolicyRequest method.
// req, resp := client.DescribePolicyRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribePolicy
func (c *Organizations) DescribePolicyRequest(input *DescribePolicyInput) (req *request.Request, output *DescribePolicyOutput) {
op := &request.Operation{
Name: opDescribePolicy,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DescribePolicyInput{}
}
output = &DescribePolicyOutput{}
req = c.newRequest(op, input, output)
return
}
// DescribePolicy API operation for AWS Organizations.
//
// Retrieves information about a policy.
//
// This operation can be called only from the organization's management account
// or by a member account that is a delegated administrator for an Amazon Web
// Services service.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation DescribePolicy for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - PolicyNotFoundException
// We can't find a policy with the PolicyId that you specified.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// - UnsupportedAPIEndpointException
// This action isn't available in the current Amazon Web Services Region.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribePolicy
func (c *Organizations) DescribePolicy(input *DescribePolicyInput) (*DescribePolicyOutput, error) {
req, out := c.DescribePolicyRequest(input)
return out, req.Send()
}
// DescribePolicyWithContext is the same as DescribePolicy with the addition of
// the ability to pass a context and additional request options.
//
// See DescribePolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) DescribePolicyWithContext(ctx aws.Context, input *DescribePolicyInput, opts ...request.Option) (*DescribePolicyOutput, error) {
req, out := c.DescribePolicyRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDescribeResourcePolicy = "DescribeResourcePolicy"
// DescribeResourcePolicyRequest generates a "aws/request.Request" representing the
// client's request for the DescribeResourcePolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DescribeResourcePolicy for more information on using the DescribeResourcePolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the DescribeResourcePolicyRequest method.
// req, resp := client.DescribeResourcePolicyRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeResourcePolicy
func (c *Organizations) DescribeResourcePolicyRequest(input *DescribeResourcePolicyInput) (req *request.Request, output *DescribeResourcePolicyOutput) {
op := &request.Operation{
Name: opDescribeResourcePolicy,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DescribeResourcePolicyInput{}
}
output = &DescribeResourcePolicyOutput{}
req = c.newRequest(op, input, output)
return
}
// DescribeResourcePolicy API operation for AWS Organizations.
//
// Retrieves information about a resource policy.
//
// This operation can be called only from the organization's management account
// or by a member account that is a delegated administrator for an Amazon Web
// Services service.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation DescribeResourcePolicy for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - UnsupportedAPIEndpointException
// This action isn't available in the current Amazon Web Services Region.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - ResourcePolicyNotFoundException
// We can't find a resource policy request with the parameter that you specified.
//
// - ConstraintViolationException
// Performing this operation violates a minimum or maximum value limit. For
// example, attempting to remove the last service control policy (SCP) from
// an OU or root, inviting or creating too many accounts to the organization,
// or attaching too many policies to an account, OU, or root. This exception
// includes a reason that contains additional information about the violated
// limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
// account from the organization. You can't remove the management account.
// Instead, after you remove all member accounts, delete the organization
// itself.
//
// - ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
// an account from the organization that doesn't yet have enough information
// to exist as a standalone account. This account requires you to first complete
// phone verification. Follow the steps at Removing a member account from
// your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
// in the Organizations User Guide.
//
// - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can create in one day.
//
// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or
// your account isn't fully active. You must complete the account setup before
// you create an organization.
//
// - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. If you need more accounts,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/)
// to request an increase in your limit. Or the number of invitations that
// you tried to send would cause you to exceed the limit of accounts in your
// organization. Send fewer invitations or contact Amazon Web Services Support
// to request an increase in the number of accounts. Deleted and closed accounts
// still count toward your limit. If you get this exception when running
// a command immediately after creating the organization, wait one hour and
// try again. After an hour, if the command continues to fail with this error,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/).
//
// - CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot
// register a suspended account as a delegated administrator.
//
// - CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
// register the management account of the organization as a delegated administrator
// for an Amazon Web Services service integrated with Organizations. You
// can designate only a member account as a delegated administrator.
//
// - CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management
// account. To close the management account for the organization, you must
// first either remove or close all member accounts in the organization.
// Follow standard account closure process using root credentials.
//
// - CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
// an account that is registered as a delegated administrator for a service
// integrated with your organization. To complete this operation, you must
// first deregister this account as a delegated administrator.
//
// - CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota
// for the past 30 days.
//
// - CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can close at a time.
//
// - CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
// organization in the specified region, you must enable all features mode.
//
// - DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
// an Amazon Web Services account as a delegated administrator for an Amazon
// Web Services service that already has a delegated administrator. To complete
// this operation, you must first deregister any existing delegated administrators
// for this service.
//
// - EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
// valid for a limited period of time. You must resubmit the request and
// generate a new verfication code.
//
// - HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// - INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no
// supported payment method is associated with the account. Amazon Web Services
// does not support cards issued by financial institutions in Russia or Belarus.
// For more information, see Managing your Amazon Web Services payments (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-general.html).
//
// - MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
// in this organization, you first must migrate the organization's management
// account to the marketplace that corresponds to the management account's
// address. All accounts in an organization must be associated with the same
// marketplace.
//
// - MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon
// Web Services Regions in China. To create an organization, the master must
// have a valid business license. For more information, contact customer
// support.
//
// - MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
// must first provide a valid contact address and phone number for the management
// account. Then try the operation again.
//
// - MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
// management account must have an associated account in the Amazon Web Services
// GovCloud (US-West) Region. For more information, see Organizations (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
// in the Amazon Web Services GovCloud User Guide.
//
// - MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
// with this management account, you first must associate a valid payment
// instrument, such as a credit card, with the account. For more information,
// see Considerations before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
// to register more delegated administrators than allowed for the service
// principal.
//
// - MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
// number of policies of a certain type that can be attached to an entity
// at one time.
//
// - MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
// on this resource.
//
// - MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
// with this member account, you first must associate a valid payment instrument,
// such as a credit card, with the account. For more information, see Considerations
// before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
// policy from an entity that would cause the entity to have fewer than the
// minimum number of policies of a certain type required.
//
// - ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
// that requires the organization to be configured to support all features.
// An organization that supports only consolidated billing features can't
// perform this operation.
//
// - OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
// too many levels deep.
//
// - OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
// that you can have in an organization.
//
// - POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
// is larger than the maximum size.
//
// - POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
// policies that you can have in an organization.
//
// - SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator
// before you enabled service access. Call the EnableAWSServiceAccess API
// first.
//
// - TAG_POLICY_VIOLATION: You attempted to create or update a resource with
// tags that are not compliant with the tag policy requirements for this
// account.
//
// - WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account,
// there is a waiting period before you can remove it from the organization.
// If you get an error that indicates that a wait period is required, try
// again in a few days.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeResourcePolicy
func (c *Organizations) DescribeResourcePolicy(input *DescribeResourcePolicyInput) (*DescribeResourcePolicyOutput, error) {
req, out := c.DescribeResourcePolicyRequest(input)
return out, req.Send()
}
// DescribeResourcePolicyWithContext is the same as DescribeResourcePolicy with the addition of
// the ability to pass a context and additional request options.
//
// See DescribeResourcePolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) DescribeResourcePolicyWithContext(ctx aws.Context, input *DescribeResourcePolicyInput, opts ...request.Option) (*DescribeResourcePolicyOutput, error) {
req, out := c.DescribeResourcePolicyRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDetachPolicy = "DetachPolicy"
// DetachPolicyRequest generates a "aws/request.Request" representing the
// client's request for the DetachPolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DetachPolicy for more information on using the DetachPolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the DetachPolicyRequest method.
// req, resp := client.DetachPolicyRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DetachPolicy
func (c *Organizations) DetachPolicyRequest(input *DetachPolicyInput) (req *request.Request, output *DetachPolicyOutput) {
op := &request.Operation{
Name: opDetachPolicy,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DetachPolicyInput{}
}
output = &DetachPolicyOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
return
}
// DetachPolicy API operation for AWS Organizations.
//
// Detaches a policy from a target root, organizational unit (OU), or account.
//
// If the policy being detached is a service control policy (SCP), the changes
// to permissions for Identity and Access Management (IAM) users and roles in
// affected accounts are immediate.
//
// Every root, OU, and account must have at least one SCP attached. If you want
// to replace the default FullAWSAccess policy with an SCP that limits the permissions
// that can be delegated, you must attach the replacement SCP before you can
// remove the default SCP. This is the authorization strategy of an "allow list
// (https://docs.aws.amazon.com/organizations/latest/userguide/SCP_strategies.html#orgs_policies_allowlist)".
// If you instead attach a second SCP and leave the FullAWSAccess SCP still
// attached, and specify "Effect": "Deny" in the second SCP to override the
// "Effect": "Allow" in the FullAWSAccess policy (or any other attached SCP),
// you're using the authorization strategy of a "deny list (https://docs.aws.amazon.com/organizations/latest/userguide/SCP_strategies.html#orgs_policies_denylist)".
//
// This operation can be called only from the organization's management account
// or by a member account that is a delegated administrator for an Amazon Web
// Services service.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation DetachPolicy for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - ConstraintViolationException
// Performing this operation violates a minimum or maximum value limit. For
// example, attempting to remove the last service control policy (SCP) from
// an OU or root, inviting or creating too many accounts to the organization,
// or attaching too many policies to an account, OU, or root. This exception
// includes a reason that contains additional information about the violated
// limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
// account from the organization. You can't remove the management account.
// Instead, after you remove all member accounts, delete the organization
// itself.
//
// - ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
// an account from the organization that doesn't yet have enough information
// to exist as a standalone account. This account requires you to first complete
// phone verification. Follow the steps at Removing a member account from
// your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
// in the Organizations User Guide.
//
// - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can create in one day.
//
// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or
// your account isn't fully active. You must complete the account setup before
// you create an organization.
//
// - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. If you need more accounts,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/)
// to request an increase in your limit. Or the number of invitations that
// you tried to send would cause you to exceed the limit of accounts in your
// organization. Send fewer invitations or contact Amazon Web Services Support
// to request an increase in the number of accounts. Deleted and closed accounts
// still count toward your limit. If you get this exception when running
// a command immediately after creating the organization, wait one hour and
// try again. After an hour, if the command continues to fail with this error,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/).
//
// - CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot
// register a suspended account as a delegated administrator.
//
// - CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
// register the management account of the organization as a delegated administrator
// for an Amazon Web Services service integrated with Organizations. You
// can designate only a member account as a delegated administrator.
//
// - CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management
// account. To close the management account for the organization, you must
// first either remove or close all member accounts in the organization.
// Follow standard account closure process using root credentials.
//
// - CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
// an account that is registered as a delegated administrator for a service
// integrated with your organization. To complete this operation, you must
// first deregister this account as a delegated administrator.
//
// - CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota
// for the past 30 days.
//
// - CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can close at a time.
//
// - CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
// organization in the specified region, you must enable all features mode.
//
// - DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
// an Amazon Web Services account as a delegated administrator for an Amazon
// Web Services service that already has a delegated administrator. To complete
// this operation, you must first deregister any existing delegated administrators
// for this service.
//
// - EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
// valid for a limited period of time. You must resubmit the request and
// generate a new verfication code.
//
// - HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// - INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no
// supported payment method is associated with the account. Amazon Web Services
// does not support cards issued by financial institutions in Russia or Belarus.
// For more information, see Managing your Amazon Web Services payments (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-general.html).
//
// - MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
// in this organization, you first must migrate the organization's management
// account to the marketplace that corresponds to the management account's
// address. All accounts in an organization must be associated with the same
// marketplace.
//
// - MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon
// Web Services Regions in China. To create an organization, the master must
// have a valid business license. For more information, contact customer
// support.
//
// - MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
// must first provide a valid contact address and phone number for the management
// account. Then try the operation again.
//
// - MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
// management account must have an associated account in the Amazon Web Services
// GovCloud (US-West) Region. For more information, see Organizations (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
// in the Amazon Web Services GovCloud User Guide.
//
// - MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
// with this management account, you first must associate a valid payment
// instrument, such as a credit card, with the account. For more information,
// see Considerations before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
// to register more delegated administrators than allowed for the service
// principal.
//
// - MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
// number of policies of a certain type that can be attached to an entity
// at one time.
//
// - MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
// on this resource.
//
// - MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
// with this member account, you first must associate a valid payment instrument,
// such as a credit card, with the account. For more information, see Considerations
// before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
// policy from an entity that would cause the entity to have fewer than the
// minimum number of policies of a certain type required.
//
// - ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
// that requires the organization to be configured to support all features.
// An organization that supports only consolidated billing features can't
// perform this operation.
//
// - OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
// too many levels deep.
//
// - OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
// that you can have in an organization.
//
// - POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
// is larger than the maximum size.
//
// - POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
// policies that you can have in an organization.
//
// - SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator
// before you enabled service access. Call the EnableAWSServiceAccess API
// first.
//
// - TAG_POLICY_VIOLATION: You attempted to create or update a resource with
// tags that are not compliant with the tag policy requirements for this
// account.
//
// - WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account,
// there is a waiting period before you can remove it from the organization.
// If you get an error that indicates that a wait period is required, try
// again in a few days.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - PolicyNotAttachedException
// The policy isn't attached to the specified target in the specified root.
//
// - PolicyNotFoundException
// We can't find a policy with the PolicyId that you specified.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TargetNotFoundException
// We can't find a root, OU, account, or policy with the TargetId that you specified.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// - UnsupportedAPIEndpointException
// This action isn't available in the current Amazon Web Services Region.
//
// - PolicyChangesInProgressException
// Changes to the effective policy are in progress, and its contents can't be
// returned. Try the operation again later.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DetachPolicy
func (c *Organizations) DetachPolicy(input *DetachPolicyInput) (*DetachPolicyOutput, error) {
req, out := c.DetachPolicyRequest(input)
return out, req.Send()
}
// DetachPolicyWithContext is the same as DetachPolicy with the addition of
// the ability to pass a context and additional request options.
//
// See DetachPolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) DetachPolicyWithContext(ctx aws.Context, input *DetachPolicyInput, opts ...request.Option) (*DetachPolicyOutput, error) {
req, out := c.DetachPolicyRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDisableAWSServiceAccess = "DisableAWSServiceAccess"
// DisableAWSServiceAccessRequest generates a "aws/request.Request" representing the
// client's request for the DisableAWSServiceAccess operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DisableAWSServiceAccess for more information on using the DisableAWSServiceAccess
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the DisableAWSServiceAccessRequest method.
// req, resp := client.DisableAWSServiceAccessRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisableAWSServiceAccess
func (c *Organizations) DisableAWSServiceAccessRequest(input *DisableAWSServiceAccessInput) (req *request.Request, output *DisableAWSServiceAccessOutput) {
op := &request.Operation{
Name: opDisableAWSServiceAccess,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DisableAWSServiceAccessInput{}
}
output = &DisableAWSServiceAccessOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
return
}
// DisableAWSServiceAccess API operation for AWS Organizations.
//
// Disables the integration of an Amazon Web Services service (the service that
// is specified by ServicePrincipal) with Organizations. When you disable integration,
// the specified service no longer can create a service-linked role (https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html)
// in new accounts in your organization. This means the service can't perform
// operations on your behalf on any new accounts in your organization. The service
// can still perform operations in older accounts until the service completes
// its clean-up from Organizations.
//
// We strongly recommend that you don't use this command to disable integration
// between Organizations and the specified Amazon Web Services service. Instead,
// use the console or commands that are provided by the specified service. This
// lets the trusted service perform any required initialization when enabling
// trusted access, such as creating any required resources and any required
// clean up of resources when disabling trusted access.
//
// For information about how to disable trusted service access to your organization
// using the trusted service, see the Learn more link under the Supports Trusted
// Access column at Amazon Web Services services that you can use with Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html).
// on this page.
//
// If you disable access by using this command, it causes the following actions
// to occur:
//
// - The service can no longer create a service-linked role in the accounts
// in your organization. This means that the service can't perform operations
// on your behalf on any new accounts in your organization. The service can
// still perform operations in older accounts until the service completes
// its clean-up from Organizations.
//
// - The service can no longer perform tasks in the member accounts in the
// organization, unless those operations are explicitly permitted by the
// IAM policies that are attached to your roles. This includes any data aggregation
// from the member accounts to the management account, or to a delegated
// administrator account, where relevant.
//
// - Some services detect this and clean up any remaining data or resources
// related to the integration, while other services stop accessing the organization
// but leave any historical data and configuration in place to support a
// possible re-enabling of the integration.
//
// Using the other service's console or commands to disable the integration
// ensures that the other service is aware that it can clean up any resources
// that are required only for the integration. How the service cleans up its
// resources in the organization's accounts depends on that service. For more
// information, see the documentation for the other Amazon Web Services service.
//
// After you perform the DisableAWSServiceAccess operation, the specified service
// can no longer perform operations in your organization's accounts
//
// For more information about integrating other services with Organizations,
// including the list of services that work with Organizations, see Using Organizations
// with other Amazon Web Services services (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html)
// in the Organizations User Guide.
//
// This operation can be called only from the organization's management account.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation DisableAWSServiceAccess for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - ConstraintViolationException
// Performing this operation violates a minimum or maximum value limit. For
// example, attempting to remove the last service control policy (SCP) from
// an OU or root, inviting or creating too many accounts to the organization,
// or attaching too many policies to an account, OU, or root. This exception
// includes a reason that contains additional information about the violated
// limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
// account from the organization. You can't remove the management account.
// Instead, after you remove all member accounts, delete the organization
// itself.
//
// - ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
// an account from the organization that doesn't yet have enough information
// to exist as a standalone account. This account requires you to first complete
// phone verification. Follow the steps at Removing a member account from
// your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
// in the Organizations User Guide.
//
// - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can create in one day.
//
// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or
// your account isn't fully active. You must complete the account setup before
// you create an organization.
//
// - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. If you need more accounts,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/)
// to request an increase in your limit. Or the number of invitations that
// you tried to send would cause you to exceed the limit of accounts in your
// organization. Send fewer invitations or contact Amazon Web Services Support
// to request an increase in the number of accounts. Deleted and closed accounts
// still count toward your limit. If you get this exception when running
// a command immediately after creating the organization, wait one hour and
// try again. After an hour, if the command continues to fail with this error,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/).
//
// - CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot
// register a suspended account as a delegated administrator.
//
// - CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
// register the management account of the organization as a delegated administrator
// for an Amazon Web Services service integrated with Organizations. You
// can designate only a member account as a delegated administrator.
//
// - CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management
// account. To close the management account for the organization, you must
// first either remove or close all member accounts in the organization.
// Follow standard account closure process using root credentials.
//
// - CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
// an account that is registered as a delegated administrator for a service
// integrated with your organization. To complete this operation, you must
// first deregister this account as a delegated administrator.
//
// - CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota
// for the past 30 days.
//
// - CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can close at a time.
//
// - CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
// organization in the specified region, you must enable all features mode.
//
// - DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
// an Amazon Web Services account as a delegated administrator for an Amazon
// Web Services service that already has a delegated administrator. To complete
// this operation, you must first deregister any existing delegated administrators
// for this service.
//
// - EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
// valid for a limited period of time. You must resubmit the request and
// generate a new verfication code.
//
// - HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// - INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no
// supported payment method is associated with the account. Amazon Web Services
// does not support cards issued by financial institutions in Russia or Belarus.
// For more information, see Managing your Amazon Web Services payments (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-general.html).
//
// - MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
// in this organization, you first must migrate the organization's management
// account to the marketplace that corresponds to the management account's
// address. All accounts in an organization must be associated with the same
// marketplace.
//
// - MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon
// Web Services Regions in China. To create an organization, the master must
// have a valid business license. For more information, contact customer
// support.
//
// - MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
// must first provide a valid contact address and phone number for the management
// account. Then try the operation again.
//
// - MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
// management account must have an associated account in the Amazon Web Services
// GovCloud (US-West) Region. For more information, see Organizations (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
// in the Amazon Web Services GovCloud User Guide.
//
// - MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
// with this management account, you first must associate a valid payment
// instrument, such as a credit card, with the account. For more information,
// see Considerations before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
// to register more delegated administrators than allowed for the service
// principal.
//
// - MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
// number of policies of a certain type that can be attached to an entity
// at one time.
//
// - MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
// on this resource.
//
// - MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
// with this member account, you first must associate a valid payment instrument,
// such as a credit card, with the account. For more information, see Considerations
// before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
// policy from an entity that would cause the entity to have fewer than the
// minimum number of policies of a certain type required.
//
// - ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
// that requires the organization to be configured to support all features.
// An organization that supports only consolidated billing features can't
// perform this operation.
//
// - OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
// too many levels deep.
//
// - OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
// that you can have in an organization.
//
// - POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
// is larger than the maximum size.
//
// - POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
// policies that you can have in an organization.
//
// - SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator
// before you enabled service access. Call the EnableAWSServiceAccess API
// first.
//
// - TAG_POLICY_VIOLATION: You attempted to create or update a resource with
// tags that are not compliant with the tag policy requirements for this
// account.
//
// - WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account,
// there is a waiting period before you can remove it from the organization.
// If you get an error that indicates that a wait period is required, try
// again in a few days.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// - UnsupportedAPIEndpointException
// This action isn't available in the current Amazon Web Services Region.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisableAWSServiceAccess
func (c *Organizations) DisableAWSServiceAccess(input *DisableAWSServiceAccessInput) (*DisableAWSServiceAccessOutput, error) {
req, out := c.DisableAWSServiceAccessRequest(input)
return out, req.Send()
}
// DisableAWSServiceAccessWithContext is the same as DisableAWSServiceAccess with the addition of
// the ability to pass a context and additional request options.
//
// See DisableAWSServiceAccess for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) DisableAWSServiceAccessWithContext(ctx aws.Context, input *DisableAWSServiceAccessInput, opts ...request.Option) (*DisableAWSServiceAccessOutput, error) {
req, out := c.DisableAWSServiceAccessRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDisablePolicyType = "DisablePolicyType"
// DisablePolicyTypeRequest generates a "aws/request.Request" representing the
// client's request for the DisablePolicyType operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DisablePolicyType for more information on using the DisablePolicyType
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the DisablePolicyTypeRequest method.
// req, resp := client.DisablePolicyTypeRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyType
func (c *Organizations) DisablePolicyTypeRequest(input *DisablePolicyTypeInput) (req *request.Request, output *DisablePolicyTypeOutput) {
op := &request.Operation{
Name: opDisablePolicyType,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DisablePolicyTypeInput{}
}
output = &DisablePolicyTypeOutput{}
req = c.newRequest(op, input, output)
return
}
// DisablePolicyType API operation for AWS Organizations.
//
// Disables an organizational policy type in a root. A policy of a certain type
// can be attached to entities in a root only if that type is enabled in the
// root. After you perform this operation, you no longer can attach policies
// of the specified type to that root or to any organizational unit (OU) or
// account in that root. You can undo this by using the EnablePolicyType operation.
//
// This is an asynchronous request that Amazon Web Services performs in the
// background. If you disable a policy type for a root, it still appears enabled
// for the organization if all features (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
// are enabled for the organization. Amazon Web Services recommends that you
// first use ListRoots to see the status of policy types for a specified root,
// and then use this operation.
//
// This operation can be called only from the organization's management account
// or by a member account that is a delegated administrator for an Amazon Web
// Services service.
//
// To view the status of available policy types in the organization, use DescribeOrganization.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation DisablePolicyType for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - ConstraintViolationException
// Performing this operation violates a minimum or maximum value limit. For
// example, attempting to remove the last service control policy (SCP) from
// an OU or root, inviting or creating too many accounts to the organization,
// or attaching too many policies to an account, OU, or root. This exception
// includes a reason that contains additional information about the violated
// limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
// account from the organization. You can't remove the management account.
// Instead, after you remove all member accounts, delete the organization
// itself.
//
// - ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
// an account from the organization that doesn't yet have enough information
// to exist as a standalone account. This account requires you to first complete
// phone verification. Follow the steps at Removing a member account from
// your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
// in the Organizations User Guide.
//
// - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can create in one day.
//
// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or
// your account isn't fully active. You must complete the account setup before
// you create an organization.
//
// - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. If you need more accounts,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/)
// to request an increase in your limit. Or the number of invitations that
// you tried to send would cause you to exceed the limit of accounts in your
// organization. Send fewer invitations or contact Amazon Web Services Support
// to request an increase in the number of accounts. Deleted and closed accounts
// still count toward your limit. If you get this exception when running
// a command immediately after creating the organization, wait one hour and
// try again. After an hour, if the command continues to fail with this error,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/).
//
// - CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot
// register a suspended account as a delegated administrator.
//
// - CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
// register the management account of the organization as a delegated administrator
// for an Amazon Web Services service integrated with Organizations. You
// can designate only a member account as a delegated administrator.
//
// - CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management
// account. To close the management account for the organization, you must
// first either remove or close all member accounts in the organization.
// Follow standard account closure process using root credentials.
//
// - CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
// an account that is registered as a delegated administrator for a service
// integrated with your organization. To complete this operation, you must
// first deregister this account as a delegated administrator.
//
// - CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota
// for the past 30 days.
//
// - CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can close at a time.
//
// - CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
// organization in the specified region, you must enable all features mode.
//
// - DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
// an Amazon Web Services account as a delegated administrator for an Amazon
// Web Services service that already has a delegated administrator. To complete
// this operation, you must first deregister any existing delegated administrators
// for this service.
//
// - EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
// valid for a limited period of time. You must resubmit the request and
// generate a new verfication code.
//
// - HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// - INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no
// supported payment method is associated with the account. Amazon Web Services
// does not support cards issued by financial institutions in Russia or Belarus.
// For more information, see Managing your Amazon Web Services payments (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-general.html).
//
// - MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
// in this organization, you first must migrate the organization's management
// account to the marketplace that corresponds to the management account's
// address. All accounts in an organization must be associated with the same
// marketplace.
//
// - MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon
// Web Services Regions in China. To create an organization, the master must
// have a valid business license. For more information, contact customer
// support.
//
// - MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
// must first provide a valid contact address and phone number for the management
// account. Then try the operation again.
//
// - MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
// management account must have an associated account in the Amazon Web Services
// GovCloud (US-West) Region. For more information, see Organizations (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
// in the Amazon Web Services GovCloud User Guide.
//
// - MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
// with this management account, you first must associate a valid payment
// instrument, such as a credit card, with the account. For more information,
// see Considerations before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
// to register more delegated administrators than allowed for the service
// principal.
//
// - MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
// number of policies of a certain type that can be attached to an entity
// at one time.
//
// - MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
// on this resource.
//
// - MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
// with this member account, you first must associate a valid payment instrument,
// such as a credit card, with the account. For more information, see Considerations
// before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
// policy from an entity that would cause the entity to have fewer than the
// minimum number of policies of a certain type required.
//
// - ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
// that requires the organization to be configured to support all features.
// An organization that supports only consolidated billing features can't
// perform this operation.
//
// - OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
// too many levels deep.
//
// - OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
// that you can have in an organization.
//
// - POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
// is larger than the maximum size.
//
// - POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
// policies that you can have in an organization.
//
// - SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator
// before you enabled service access. Call the EnableAWSServiceAccess API
// first.
//
// - TAG_POLICY_VIOLATION: You attempted to create or update a resource with
// tags that are not compliant with the tag policy requirements for this
// account.
//
// - WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account,
// there is a waiting period before you can remove it from the organization.
// If you get an error that indicates that a wait period is required, try
// again in a few days.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - PolicyTypeNotEnabledException
// The specified policy type isn't currently enabled in this root. You can't
// attach policies of the specified type to entities in a root until you enable
// that type in the root. For more information, see Enabling all features in
// your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
// in the Organizations User Guide.
//
// - RootNotFoundException
// We can't find a root with the RootId that you specified.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// - UnsupportedAPIEndpointException
// This action isn't available in the current Amazon Web Services Region.
//
// - PolicyChangesInProgressException
// Changes to the effective policy are in progress, and its contents can't be
// returned. Try the operation again later.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyType
func (c *Organizations) DisablePolicyType(input *DisablePolicyTypeInput) (*DisablePolicyTypeOutput, error) {
req, out := c.DisablePolicyTypeRequest(input)
return out, req.Send()
}
// DisablePolicyTypeWithContext is the same as DisablePolicyType with the addition of
// the ability to pass a context and additional request options.
//
// See DisablePolicyType for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) DisablePolicyTypeWithContext(ctx aws.Context, input *DisablePolicyTypeInput, opts ...request.Option) (*DisablePolicyTypeOutput, error) {
req, out := c.DisablePolicyTypeRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opEnableAWSServiceAccess = "EnableAWSServiceAccess"
// EnableAWSServiceAccessRequest generates a "aws/request.Request" representing the
// client's request for the EnableAWSServiceAccess operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See EnableAWSServiceAccess for more information on using the EnableAWSServiceAccess
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the EnableAWSServiceAccessRequest method.
// req, resp := client.EnableAWSServiceAccessRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAWSServiceAccess
func (c *Organizations) EnableAWSServiceAccessRequest(input *EnableAWSServiceAccessInput) (req *request.Request, output *EnableAWSServiceAccessOutput) {
op := &request.Operation{
Name: opEnableAWSServiceAccess,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &EnableAWSServiceAccessInput{}
}
output = &EnableAWSServiceAccessOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
return
}
// EnableAWSServiceAccess API operation for AWS Organizations.
//
// Enables the integration of an Amazon Web Services service (the service that
// is specified by ServicePrincipal) with Organizations. When you enable integration,
// you allow the specified service to create a service-linked role (https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html)
// in all the accounts in your organization. This allows the service to perform
// operations on your behalf in your organization and its accounts.
//
// We recommend that you enable integration between Organizations and the specified
// Amazon Web Services service by using the console or commands that are provided
// by the specified service. Doing so ensures that the service is aware that
// it can create the resources that are required for the integration. How the
// service creates those resources in the organization's accounts depends on
// that service. For more information, see the documentation for the other Amazon
// Web Services service.
//
// For more information about enabling services to integrate with Organizations,
// see Using Organizations with other Amazon Web Services services (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html)
// in the Organizations User Guide.
//
// You can only call this operation from the organization's management account
// and only if the organization has enabled all features (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation EnableAWSServiceAccess for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - ConstraintViolationException
// Performing this operation violates a minimum or maximum value limit. For
// example, attempting to remove the last service control policy (SCP) from
// an OU or root, inviting or creating too many accounts to the organization,
// or attaching too many policies to an account, OU, or root. This exception
// includes a reason that contains additional information about the violated
// limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
// account from the organization. You can't remove the management account.
// Instead, after you remove all member accounts, delete the organization
// itself.
//
// - ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
// an account from the organization that doesn't yet have enough information
// to exist as a standalone account. This account requires you to first complete
// phone verification. Follow the steps at Removing a member account from
// your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
// in the Organizations User Guide.
//
// - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can create in one day.
//
// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or
// your account isn't fully active. You must complete the account setup before
// you create an organization.
//
// - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. If you need more accounts,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/)
// to request an increase in your limit. Or the number of invitations that
// you tried to send would cause you to exceed the limit of accounts in your
// organization. Send fewer invitations or contact Amazon Web Services Support
// to request an increase in the number of accounts. Deleted and closed accounts
// still count toward your limit. If you get this exception when running
// a command immediately after creating the organization, wait one hour and
// try again. After an hour, if the command continues to fail with this error,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/).
//
// - CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot
// register a suspended account as a delegated administrator.
//
// - CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
// register the management account of the organization as a delegated administrator
// for an Amazon Web Services service integrated with Organizations. You
// can designate only a member account as a delegated administrator.
//
// - CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management
// account. To close the management account for the organization, you must
// first either remove or close all member accounts in the organization.
// Follow standard account closure process using root credentials.
//
// - CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
// an account that is registered as a delegated administrator for a service
// integrated with your organization. To complete this operation, you must
// first deregister this account as a delegated administrator.
//
// - CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota
// for the past 30 days.
//
// - CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can close at a time.
//
// - CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
// organization in the specified region, you must enable all features mode.
//
// - DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
// an Amazon Web Services account as a delegated administrator for an Amazon
// Web Services service that already has a delegated administrator. To complete
// this operation, you must first deregister any existing delegated administrators
// for this service.
//
// - EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
// valid for a limited period of time. You must resubmit the request and
// generate a new verfication code.
//
// - HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// - INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no
// supported payment method is associated with the account. Amazon Web Services
// does not support cards issued by financial institutions in Russia or Belarus.
// For more information, see Managing your Amazon Web Services payments (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-general.html).
//
// - MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
// in this organization, you first must migrate the organization's management
// account to the marketplace that corresponds to the management account's
// address. All accounts in an organization must be associated with the same
// marketplace.
//
// - MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon
// Web Services Regions in China. To create an organization, the master must
// have a valid business license. For more information, contact customer
// support.
//
// - MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
// must first provide a valid contact address and phone number for the management
// account. Then try the operation again.
//
// - MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
// management account must have an associated account in the Amazon Web Services
// GovCloud (US-West) Region. For more information, see Organizations (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
// in the Amazon Web Services GovCloud User Guide.
//
// - MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
// with this management account, you first must associate a valid payment
// instrument, such as a credit card, with the account. For more information,
// see Considerations before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
// to register more delegated administrators than allowed for the service
// principal.
//
// - MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
// number of policies of a certain type that can be attached to an entity
// at one time.
//
// - MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
// on this resource.
//
// - MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
// with this member account, you first must associate a valid payment instrument,
// such as a credit card, with the account. For more information, see Considerations
// before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
// policy from an entity that would cause the entity to have fewer than the
// minimum number of policies of a certain type required.
//
// - ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
// that requires the organization to be configured to support all features.
// An organization that supports only consolidated billing features can't
// perform this operation.
//
// - OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
// too many levels deep.
//
// - OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
// that you can have in an organization.
//
// - POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
// is larger than the maximum size.
//
// - POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
// policies that you can have in an organization.
//
// - SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator
// before you enabled service access. Call the EnableAWSServiceAccess API
// first.
//
// - TAG_POLICY_VIOLATION: You attempted to create or update a resource with
// tags that are not compliant with the tag policy requirements for this
// account.
//
// - WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account,
// there is a waiting period before you can remove it from the organization.
// If you get an error that indicates that a wait period is required, try
// again in a few days.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// - UnsupportedAPIEndpointException
// This action isn't available in the current Amazon Web Services Region.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAWSServiceAccess
func (c *Organizations) EnableAWSServiceAccess(input *EnableAWSServiceAccessInput) (*EnableAWSServiceAccessOutput, error) {
req, out := c.EnableAWSServiceAccessRequest(input)
return out, req.Send()
}
// EnableAWSServiceAccessWithContext is the same as EnableAWSServiceAccess with the addition of
// the ability to pass a context and additional request options.
//
// See EnableAWSServiceAccess for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) EnableAWSServiceAccessWithContext(ctx aws.Context, input *EnableAWSServiceAccessInput, opts ...request.Option) (*EnableAWSServiceAccessOutput, error) {
req, out := c.EnableAWSServiceAccessRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opEnableAllFeatures = "EnableAllFeatures"
// EnableAllFeaturesRequest generates a "aws/request.Request" representing the
// client's request for the EnableAllFeatures operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See EnableAllFeatures for more information on using the EnableAllFeatures
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the EnableAllFeaturesRequest method.
// req, resp := client.EnableAllFeaturesRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAllFeatures
func (c *Organizations) EnableAllFeaturesRequest(input *EnableAllFeaturesInput) (req *request.Request, output *EnableAllFeaturesOutput) {
op := &request.Operation{
Name: opEnableAllFeatures,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &EnableAllFeaturesInput{}
}
output = &EnableAllFeaturesOutput{}
req = c.newRequest(op, input, output)
return
}
// EnableAllFeatures API operation for AWS Organizations.
//
// Enables all features in an organization. This enables the use of organization
// policies that can restrict the services and actions that can be called in
// each account. Until you enable all features, you have access only to consolidated
// billing, and you can't use any of the advanced account administration features
// that Organizations supports. For more information, see Enabling all features
// in your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
// in the Organizations User Guide.
//
// This operation is required only for organizations that were created explicitly
// with only the consolidated billing features enabled. Calling this operation
// sends a handshake to every invited account in the organization. The feature
// set change can be finalized and the additional features enabled only after
// all administrators in the invited accounts approve the change by accepting
// the handshake.
//
// After you enable all features, you can separately enable or disable individual
// policy types in a root using EnablePolicyType and DisablePolicyType. To see
// the status of policy types in a root, use ListRoots.
//
// After all invited member accounts accept the handshake, you finalize the
// feature set change by accepting the handshake that contains "Action": "ENABLE_ALL_FEATURES".
// This completes the change.
//
// After you enable all features in your organization, the management account
// in the organization can apply policies on all member accounts. These policies
// can restrict what users and even administrators in those accounts can do.
// The management account can apply policies that prevent accounts from leaving
// the organization. Ensure that your account administrators are aware of this.
//
// This operation can be called only from the organization's management account.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation EnableAllFeatures for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - HandshakeConstraintViolationException
// The requested operation would violate the constraint identified in the reason
// code.
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation:
//
// - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. Note that deleted and closed
// accounts still count toward your limit. If you get this exception immediately
// after creating the organization, wait one hour and try again. If after
// an hour it continues to fail with this error, contact Amazon Web Services
// Support (https://console.aws.amazon.com/support/home#/).
//
// - ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because
// the invited account is already a member of an organization.
//
// - HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// - INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations
// to join an organization while it's in the process of enabling all features.
// You can resume inviting accounts after you finalize the process when all
// accounts have agreed to the change.
//
// - ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid
// because the organization has already enabled all features.
//
// - ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake
// request is invalid because the organization has already started the process
// to enable all features.
//
// - ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because
// the account is from a different marketplace than the accounts in the organization.
// For example, accounts with India addresses must be associated with the
// AISPL marketplace. All accounts in an organization must be from the same
// marketplace.
//
// - ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to
// change the membership of an account too quickly after its previous change.
//
// - PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an
// account that doesn't have a payment instrument, such as a credit card,
// associated with it.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAllFeatures
func (c *Organizations) EnableAllFeatures(input *EnableAllFeaturesInput) (*EnableAllFeaturesOutput, error) {
req, out := c.EnableAllFeaturesRequest(input)
return out, req.Send()
}
// EnableAllFeaturesWithContext is the same as EnableAllFeatures with the addition of
// the ability to pass a context and additional request options.
//
// See EnableAllFeatures for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) EnableAllFeaturesWithContext(ctx aws.Context, input *EnableAllFeaturesInput, opts ...request.Option) (*EnableAllFeaturesOutput, error) {
req, out := c.EnableAllFeaturesRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opEnablePolicyType = "EnablePolicyType"
// EnablePolicyTypeRequest generates a "aws/request.Request" representing the
// client's request for the EnablePolicyType operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See EnablePolicyType for more information on using the EnablePolicyType
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the EnablePolicyTypeRequest method.
// req, resp := client.EnablePolicyTypeRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyType
func (c *Organizations) EnablePolicyTypeRequest(input *EnablePolicyTypeInput) (req *request.Request, output *EnablePolicyTypeOutput) {
op := &request.Operation{
Name: opEnablePolicyType,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &EnablePolicyTypeInput{}
}
output = &EnablePolicyTypeOutput{}
req = c.newRequest(op, input, output)
return
}
// EnablePolicyType API operation for AWS Organizations.
//
// Enables a policy type in a root. After you enable a policy type in a root,
// you can attach policies of that type to the root, any organizational unit
// (OU), or account in that root. You can undo this by using the DisablePolicyType
// operation.
//
// This is an asynchronous request that Amazon Web Services performs in the
// background. Amazon Web Services recommends that you first use ListRoots to
// see the status of policy types for a specified root, and then use this operation.
//
// This operation can be called only from the organization's management account
// or by a member account that is a delegated administrator for an Amazon Web
// Services service.
//
// You can enable a policy type in a root only if that policy type is available
// in the organization. To view the status of available policy types in the
// organization, use DescribeOrganization.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation EnablePolicyType for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - ConstraintViolationException
// Performing this operation violates a minimum or maximum value limit. For
// example, attempting to remove the last service control policy (SCP) from
// an OU or root, inviting or creating too many accounts to the organization,
// or attaching too many policies to an account, OU, or root. This exception
// includes a reason that contains additional information about the violated
// limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
// account from the organization. You can't remove the management account.
// Instead, after you remove all member accounts, delete the organization
// itself.
//
// - ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
// an account from the organization that doesn't yet have enough information
// to exist as a standalone account. This account requires you to first complete
// phone verification. Follow the steps at Removing a member account from
// your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
// in the Organizations User Guide.
//
// - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can create in one day.
//
// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or
// your account isn't fully active. You must complete the account setup before
// you create an organization.
//
// - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. If you need more accounts,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/)
// to request an increase in your limit. Or the number of invitations that
// you tried to send would cause you to exceed the limit of accounts in your
// organization. Send fewer invitations or contact Amazon Web Services Support
// to request an increase in the number of accounts. Deleted and closed accounts
// still count toward your limit. If you get this exception when running
// a command immediately after creating the organization, wait one hour and
// try again. After an hour, if the command continues to fail with this error,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/).
//
// - CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot
// register a suspended account as a delegated administrator.
//
// - CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
// register the management account of the organization as a delegated administrator
// for an Amazon Web Services service integrated with Organizations. You
// can designate only a member account as a delegated administrator.
//
// - CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management
// account. To close the management account for the organization, you must
// first either remove or close all member accounts in the organization.
// Follow standard account closure process using root credentials.
//
// - CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
// an account that is registered as a delegated administrator for a service
// integrated with your organization. To complete this operation, you must
// first deregister this account as a delegated administrator.
//
// - CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota
// for the past 30 days.
//
// - CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can close at a time.
//
// - CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
// organization in the specified region, you must enable all features mode.
//
// - DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
// an Amazon Web Services account as a delegated administrator for an Amazon
// Web Services service that already has a delegated administrator. To complete
// this operation, you must first deregister any existing delegated administrators
// for this service.
//
// - EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
// valid for a limited period of time. You must resubmit the request and
// generate a new verfication code.
//
// - HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// - INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no
// supported payment method is associated with the account. Amazon Web Services
// does not support cards issued by financial institutions in Russia or Belarus.
// For more information, see Managing your Amazon Web Services payments (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-general.html).
//
// - MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
// in this organization, you first must migrate the organization's management
// account to the marketplace that corresponds to the management account's
// address. All accounts in an organization must be associated with the same
// marketplace.
//
// - MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon
// Web Services Regions in China. To create an organization, the master must
// have a valid business license. For more information, contact customer
// support.
//
// - MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
// must first provide a valid contact address and phone number for the management
// account. Then try the operation again.
//
// - MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
// management account must have an associated account in the Amazon Web Services
// GovCloud (US-West) Region. For more information, see Organizations (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
// in the Amazon Web Services GovCloud User Guide.
//
// - MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
// with this management account, you first must associate a valid payment
// instrument, such as a credit card, with the account. For more information,
// see Considerations before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
// to register more delegated administrators than allowed for the service
// principal.
//
// - MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
// number of policies of a certain type that can be attached to an entity
// at one time.
//
// - MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
// on this resource.
//
// - MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
// with this member account, you first must associate a valid payment instrument,
// such as a credit card, with the account. For more information, see Considerations
// before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
// policy from an entity that would cause the entity to have fewer than the
// minimum number of policies of a certain type required.
//
// - ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
// that requires the organization to be configured to support all features.
// An organization that supports only consolidated billing features can't
// perform this operation.
//
// - OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
// too many levels deep.
//
// - OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
// that you can have in an organization.
//
// - POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
// is larger than the maximum size.
//
// - POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
// policies that you can have in an organization.
//
// - SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator
// before you enabled service access. Call the EnableAWSServiceAccess API
// first.
//
// - TAG_POLICY_VIOLATION: You attempted to create or update a resource with
// tags that are not compliant with the tag policy requirements for this
// account.
//
// - WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account,
// there is a waiting period before you can remove it from the organization.
// If you get an error that indicates that a wait period is required, try
// again in a few days.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - PolicyTypeAlreadyEnabledException
// The specified policy type is already enabled in the specified root.
//
// - RootNotFoundException
// We can't find a root with the RootId that you specified.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// - PolicyTypeNotAvailableForOrganizationException
// You can't use the specified policy type with the feature set currently enabled
// for this organization. For example, you can enable SCPs only after you enable
// all features in the organization. For more information, see Managing Organizations
// policies (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root)in
// the Organizations User Guide.
//
// - UnsupportedAPIEndpointException
// This action isn't available in the current Amazon Web Services Region.
//
// - PolicyChangesInProgressException
// Changes to the effective policy are in progress, and its contents can't be
// returned. Try the operation again later.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyType
func (c *Organizations) EnablePolicyType(input *EnablePolicyTypeInput) (*EnablePolicyTypeOutput, error) {
req, out := c.EnablePolicyTypeRequest(input)
return out, req.Send()
}
// EnablePolicyTypeWithContext is the same as EnablePolicyType with the addition of
// the ability to pass a context and additional request options.
//
// See EnablePolicyType for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) EnablePolicyTypeWithContext(ctx aws.Context, input *EnablePolicyTypeInput, opts ...request.Option) (*EnablePolicyTypeOutput, error) {
req, out := c.EnablePolicyTypeRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opInviteAccountToOrganization = "InviteAccountToOrganization"
// InviteAccountToOrganizationRequest generates a "aws/request.Request" representing the
// client's request for the InviteAccountToOrganization operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See InviteAccountToOrganization for more information on using the InviteAccountToOrganization
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the InviteAccountToOrganizationRequest method.
// req, resp := client.InviteAccountToOrganizationRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/InviteAccountToOrganization
func (c *Organizations) InviteAccountToOrganizationRequest(input *InviteAccountToOrganizationInput) (req *request.Request, output *InviteAccountToOrganizationOutput) {
op := &request.Operation{
Name: opInviteAccountToOrganization,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &InviteAccountToOrganizationInput{}
}
output = &InviteAccountToOrganizationOutput{}
req = c.newRequest(op, input, output)
return
}
// InviteAccountToOrganization API operation for AWS Organizations.
//
// Sends an invitation to another account to join your organization as a member
// account. Organizations sends email on your behalf to the email address that
// is associated with the other account's owner. The invitation is implemented
// as a Handshake whose details are in the response.
//
// - You can invite Amazon Web Services accounts only from the same seller
// as the management account. For example, if your organization's management
// account was created by Amazon Internet Services Pvt. Ltd (AISPL), an Amazon
// Web Services seller in India, you can invite only other AISPL accounts
// to your organization. You can't combine accounts from AISPL and Amazon
// Web Services or from any other Amazon Web Services seller. For more information,
// see Consolidated billing in India (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/useconsolidatedbilling-India.html).
//
// - If you receive an exception that indicates that you exceeded your account
// limits for the organization or that the operation failed because your
// organization is still initializing, wait one hour and then try again.
// If the error persists after an hour, contact Amazon Web Services Support
// (https://console.aws.amazon.com/support/home#/).
//
// If the request includes tags, then the requester must have the organizations:TagResource
// permission.
//
// This operation can be called only from the organization's management account.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation InviteAccountToOrganization for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - AccountOwnerNotVerifiedException
// You can't invite an existing account to your organization until you verify
// that you own the email address associated with the management account. For
// more information, see Email address verification (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_create.html#about-email-verification)
// in the Organizations User Guide.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - HandshakeConstraintViolationException
// The requested operation would violate the constraint identified in the reason
// code.
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation:
//
// - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. Note that deleted and closed
// accounts still count toward your limit. If you get this exception immediately
// after creating the organization, wait one hour and try again. If after
// an hour it continues to fail with this error, contact Amazon Web Services
// Support (https://console.aws.amazon.com/support/home#/).
//
// - ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because
// the invited account is already a member of an organization.
//
// - HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// - INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations
// to join an organization while it's in the process of enabling all features.
// You can resume inviting accounts after you finalize the process when all
// accounts have agreed to the change.
//
// - ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid
// because the organization has already enabled all features.
//
// - ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake
// request is invalid because the organization has already started the process
// to enable all features.
//
// - ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because
// the account is from a different marketplace than the accounts in the organization.
// For example, accounts with India addresses must be associated with the
// AISPL marketplace. All accounts in an organization must be from the same
// marketplace.
//
// - ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to
// change the membership of an account too quickly after its previous change.
//
// - PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an
// account that doesn't have a payment instrument, such as a credit card,
// associated with it.
//
// - DuplicateHandshakeException
// A handshake with the same action and target already exists. For example,
// if you invited an account to join your organization, the invited account
// might already have a pending invitation from this organization. If you intend
// to resend an invitation to an account, ensure that existing handshakes that
// might be considered duplicates are canceled or declined.
//
// - ConstraintViolationException
// Performing this operation violates a minimum or maximum value limit. For
// example, attempting to remove the last service control policy (SCP) from
// an OU or root, inviting or creating too many accounts to the organization,
// or attaching too many policies to an account, OU, or root. This exception
// includes a reason that contains additional information about the violated
// limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
// account from the organization. You can't remove the management account.
// Instead, after you remove all member accounts, delete the organization
// itself.
//
// - ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
// an account from the organization that doesn't yet have enough information
// to exist as a standalone account. This account requires you to first complete
// phone verification. Follow the steps at Removing a member account from
// your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
// in the Organizations User Guide.
//
// - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can create in one day.
//
// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or
// your account isn't fully active. You must complete the account setup before
// you create an organization.
//
// - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. If you need more accounts,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/)
// to request an increase in your limit. Or the number of invitations that
// you tried to send would cause you to exceed the limit of accounts in your
// organization. Send fewer invitations or contact Amazon Web Services Support
// to request an increase in the number of accounts. Deleted and closed accounts
// still count toward your limit. If you get this exception when running
// a command immediately after creating the organization, wait one hour and
// try again. After an hour, if the command continues to fail with this error,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/).
//
// - CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot
// register a suspended account as a delegated administrator.
//
// - CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
// register the management account of the organization as a delegated administrator
// for an Amazon Web Services service integrated with Organizations. You
// can designate only a member account as a delegated administrator.
//
// - CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management
// account. To close the management account for the organization, you must
// first either remove or close all member accounts in the organization.
// Follow standard account closure process using root credentials.
//
// - CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
// an account that is registered as a delegated administrator for a service
// integrated with your organization. To complete this operation, you must
// first deregister this account as a delegated administrator.
//
// - CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota
// for the past 30 days.
//
// - CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can close at a time.
//
// - CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
// organization in the specified region, you must enable all features mode.
//
// - DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
// an Amazon Web Services account as a delegated administrator for an Amazon
// Web Services service that already has a delegated administrator. To complete
// this operation, you must first deregister any existing delegated administrators
// for this service.
//
// - EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
// valid for a limited period of time. You must resubmit the request and
// generate a new verfication code.
//
// - HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// - INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no
// supported payment method is associated with the account. Amazon Web Services
// does not support cards issued by financial institutions in Russia or Belarus.
// For more information, see Managing your Amazon Web Services payments (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-general.html).
//
// - MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
// in this organization, you first must migrate the organization's management
// account to the marketplace that corresponds to the management account's
// address. All accounts in an organization must be associated with the same
// marketplace.
//
// - MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon
// Web Services Regions in China. To create an organization, the master must
// have a valid business license. For more information, contact customer
// support.
//
// - MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
// must first provide a valid contact address and phone number for the management
// account. Then try the operation again.
//
// - MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
// management account must have an associated account in the Amazon Web Services
// GovCloud (US-West) Region. For more information, see Organizations (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
// in the Amazon Web Services GovCloud User Guide.
//
// - MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
// with this management account, you first must associate a valid payment
// instrument, such as a credit card, with the account. For more information,
// see Considerations before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
// to register more delegated administrators than allowed for the service
// principal.
//
// - MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
// number of policies of a certain type that can be attached to an entity
// at one time.
//
// - MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
// on this resource.
//
// - MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
// with this member account, you first must associate a valid payment instrument,
// such as a credit card, with the account. For more information, see Considerations
// before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
// policy from an entity that would cause the entity to have fewer than the
// minimum number of policies of a certain type required.
//
// - ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
// that requires the organization to be configured to support all features.
// An organization that supports only consolidated billing features can't
// perform this operation.
//
// - OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
// too many levels deep.
//
// - OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
// that you can have in an organization.
//
// - POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
// is larger than the maximum size.
//
// - POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
// policies that you can have in an organization.
//
// - SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator
// before you enabled service access. Call the EnableAWSServiceAccess API
// first.
//
// - TAG_POLICY_VIOLATION: You attempted to create or update a resource with
// tags that are not compliant with the tag policy requirements for this
// account.
//
// - WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account,
// there is a waiting period before you can remove it from the organization.
// If you get an error that indicates that a wait period is required, try
// again in a few days.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - FinalizingOrganizationException
// Organizations couldn't perform the operation because your organization hasn't
// finished initializing. This can take up to an hour. Try again later. If after
// one hour you continue to receive this error, contact Amazon Web Services
// Support (https://console.aws.amazon.com/support/home#/).
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/InviteAccountToOrganization
func (c *Organizations) InviteAccountToOrganization(input *InviteAccountToOrganizationInput) (*InviteAccountToOrganizationOutput, error) {
req, out := c.InviteAccountToOrganizationRequest(input)
return out, req.Send()
}
// InviteAccountToOrganizationWithContext is the same as InviteAccountToOrganization with the addition of
// the ability to pass a context and additional request options.
//
// See InviteAccountToOrganization for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) InviteAccountToOrganizationWithContext(ctx aws.Context, input *InviteAccountToOrganizationInput, opts ...request.Option) (*InviteAccountToOrganizationOutput, error) {
req, out := c.InviteAccountToOrganizationRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opLeaveOrganization = "LeaveOrganization"
// LeaveOrganizationRequest generates a "aws/request.Request" representing the
// client's request for the LeaveOrganization operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See LeaveOrganization for more information on using the LeaveOrganization
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the LeaveOrganizationRequest method.
// req, resp := client.LeaveOrganizationRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/LeaveOrganization
func (c *Organizations) LeaveOrganizationRequest(input *LeaveOrganizationInput) (req *request.Request, output *LeaveOrganizationOutput) {
op := &request.Operation{
Name: opLeaveOrganization,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &LeaveOrganizationInput{}
}
output = &LeaveOrganizationOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
return
}
// LeaveOrganization API operation for AWS Organizations.
//
// Removes a member account from its parent organization. This version of the
// operation is performed by the account that wants to leave. To remove a member
// account as a user in the management account, use RemoveAccountFromOrganization
// instead.
//
// This operation can be called only from a member account in the organization.
//
// - The management account in an organization with all features enabled
// can set service control policies (SCPs) that can restrict what administrators
// of member accounts can do. This includes preventing them from successfully
// calling LeaveOrganization and leaving the organization.
//
// - You can leave an organization as a member account only if the account
// is configured with the information required to operate as a standalone
// account. When you create an account in an organization using the Organizations
// console, API, or CLI commands, the information required of standalone
// accounts is not automatically collected. For each account that you want
// to make standalone, you must perform the following steps. If any of the
// steps are already completed for this account, that step doesn't appear.
// Choose a support plan Provide and verify the required contact information
// Provide a current payment method Amazon Web Services uses the payment
// method to charge for any billable (not free tier) Amazon Web Services
// activity that occurs while the account isn't attached to an organization.
// For more information, see Considerations before removing an account from
// an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - The account that you want to leave must not be a delegated administrator
// account for any Amazon Web Services service enabled for your organization.
// If the account is a delegated administrator, you must first change the
// delegated administrator account to another account that is remaining in
// the organization.
//
// - You can leave an organization only after you enable IAM user access
// to billing in your account. For more information, see About IAM access
// to the Billing and Cost Management console (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate)
// in the Amazon Web Services Billing and Cost Management User Guide.
//
// - After the account leaves the organization, all tags that were attached
// to the account object in the organization are deleted. Amazon Web Services
// accounts outside of an organization do not support tags.
//
// - A newly created account has a waiting period before it can be removed
// from its organization. If you get an error that indicates that a wait
// period is required, then try again in a few days.
//
// - If you are using an organization principal to call LeaveOrganization
// across multiple accounts, you can only do this up to 5 accounts per second
// in a single organization.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation LeaveOrganization for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AccountNotFoundException
// We can't find an Amazon Web Services account with the AccountId that you
// specified, or the account whose credentials you used to make this request
// isn't a member of an organization.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - ConstraintViolationException
// Performing this operation violates a minimum or maximum value limit. For
// example, attempting to remove the last service control policy (SCP) from
// an OU or root, inviting or creating too many accounts to the organization,
// or attaching too many policies to an account, OU, or root. This exception
// includes a reason that contains additional information about the violated
// limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
// account from the organization. You can't remove the management account.
// Instead, after you remove all member accounts, delete the organization
// itself.
//
// - ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
// an account from the organization that doesn't yet have enough information
// to exist as a standalone account. This account requires you to first complete
// phone verification. Follow the steps at Removing a member account from
// your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
// in the Organizations User Guide.
//
// - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can create in one day.
//
// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or
// your account isn't fully active. You must complete the account setup before
// you create an organization.
//
// - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. If you need more accounts,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/)
// to request an increase in your limit. Or the number of invitations that
// you tried to send would cause you to exceed the limit of accounts in your
// organization. Send fewer invitations or contact Amazon Web Services Support
// to request an increase in the number of accounts. Deleted and closed accounts
// still count toward your limit. If you get this exception when running
// a command immediately after creating the organization, wait one hour and
// try again. After an hour, if the command continues to fail with this error,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/).
//
// - CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot
// register a suspended account as a delegated administrator.
//
// - CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
// register the management account of the organization as a delegated administrator
// for an Amazon Web Services service integrated with Organizations. You
// can designate only a member account as a delegated administrator.
//
// - CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management
// account. To close the management account for the organization, you must
// first either remove or close all member accounts in the organization.
// Follow standard account closure process using root credentials.
//
// - CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
// an account that is registered as a delegated administrator for a service
// integrated with your organization. To complete this operation, you must
// first deregister this account as a delegated administrator.
//
// - CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota
// for the past 30 days.
//
// - CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can close at a time.
//
// - CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
// organization in the specified region, you must enable all features mode.
//
// - DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
// an Amazon Web Services account as a delegated administrator for an Amazon
// Web Services service that already has a delegated administrator. To complete
// this operation, you must first deregister any existing delegated administrators
// for this service.
//
// - EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
// valid for a limited period of time. You must resubmit the request and
// generate a new verfication code.
//
// - HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// - INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no
// supported payment method is associated with the account. Amazon Web Services
// does not support cards issued by financial institutions in Russia or Belarus.
// For more information, see Managing your Amazon Web Services payments (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-general.html).
//
// - MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
// in this organization, you first must migrate the organization's management
// account to the marketplace that corresponds to the management account's
// address. All accounts in an organization must be associated with the same
// marketplace.
//
// - MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon
// Web Services Regions in China. To create an organization, the master must
// have a valid business license. For more information, contact customer
// support.
//
// - MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
// must first provide a valid contact address and phone number for the management
// account. Then try the operation again.
//
// - MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
// management account must have an associated account in the Amazon Web Services
// GovCloud (US-West) Region. For more information, see Organizations (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
// in the Amazon Web Services GovCloud User Guide.
//
// - MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
// with this management account, you first must associate a valid payment
// instrument, such as a credit card, with the account. For more information,
// see Considerations before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
// to register more delegated administrators than allowed for the service
// principal.
//
// - MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
// number of policies of a certain type that can be attached to an entity
// at one time.
//
// - MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
// on this resource.
//
// - MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
// with this member account, you first must associate a valid payment instrument,
// such as a credit card, with the account. For more information, see Considerations
// before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
// policy from an entity that would cause the entity to have fewer than the
// minimum number of policies of a certain type required.
//
// - ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
// that requires the organization to be configured to support all features.
// An organization that supports only consolidated billing features can't
// perform this operation.
//
// - OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
// too many levels deep.
//
// - OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
// that you can have in an organization.
//
// - POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
// is larger than the maximum size.
//
// - POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
// policies that you can have in an organization.
//
// - SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator
// before you enabled service access. Call the EnableAWSServiceAccess API
// first.
//
// - TAG_POLICY_VIOLATION: You attempted to create or update a resource with
// tags that are not compliant with the tag policy requirements for this
// account.
//
// - WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account,
// there is a waiting period before you can remove it from the organization.
// If you get an error that indicates that a wait period is required, try
// again in a few days.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - MasterCannotLeaveOrganizationException
// You can't remove a management account from an organization. If you want the
// management account to become a member account in another organization, you
// must first delete the current organization of the management account.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/LeaveOrganization
func (c *Organizations) LeaveOrganization(input *LeaveOrganizationInput) (*LeaveOrganizationOutput, error) {
req, out := c.LeaveOrganizationRequest(input)
return out, req.Send()
}
// LeaveOrganizationWithContext is the same as LeaveOrganization with the addition of
// the ability to pass a context and additional request options.
//
// See LeaveOrganization for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) LeaveOrganizationWithContext(ctx aws.Context, input *LeaveOrganizationInput, opts ...request.Option) (*LeaveOrganizationOutput, error) {
req, out := c.LeaveOrganizationRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opListAWSServiceAccessForOrganization = "ListAWSServiceAccessForOrganization"
// ListAWSServiceAccessForOrganizationRequest generates a "aws/request.Request" representing the
// client's request for the ListAWSServiceAccessForOrganization operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListAWSServiceAccessForOrganization for more information on using the ListAWSServiceAccessForOrganization
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the ListAWSServiceAccessForOrganizationRequest method.
// req, resp := client.ListAWSServiceAccessForOrganizationRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAWSServiceAccessForOrganization
func (c *Organizations) ListAWSServiceAccessForOrganizationRequest(input *ListAWSServiceAccessForOrganizationInput) (req *request.Request, output *ListAWSServiceAccessForOrganizationOutput) {
op := &request.Operation{
Name: opListAWSServiceAccessForOrganization,
HTTPMethod: "POST",
HTTPPath: "/",
Paginator: &request.Paginator{
InputTokens: []string{"NextToken"},
OutputTokens: []string{"NextToken"},
LimitToken: "MaxResults",
TruncationToken: "",
},
}
if input == nil {
input = &ListAWSServiceAccessForOrganizationInput{}
}
output = &ListAWSServiceAccessForOrganizationOutput{}
req = c.newRequest(op, input, output)
return
}
// ListAWSServiceAccessForOrganization API operation for AWS Organizations.
//
// Returns a list of the Amazon Web Services services that you enabled to integrate
// with your organization. After a service on this list creates the resources
// that it requires for the integration, it can perform operations on your organization
// and its accounts.
//
// For more information about integrating other services with Organizations,
// including the list of services that currently work with Organizations, see
// Using Organizations with other Amazon Web Services services (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html)
// in the Organizations User Guide.
//
// This operation can be called only from the organization's management account
// or by a member account that is a delegated administrator for an Amazon Web
// Services service.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation ListAWSServiceAccessForOrganization for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - ConstraintViolationException
// Performing this operation violates a minimum or maximum value limit. For
// example, attempting to remove the last service control policy (SCP) from
// an OU or root, inviting or creating too many accounts to the organization,
// or attaching too many policies to an account, OU, or root. This exception
// includes a reason that contains additional information about the violated
// limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
// account from the organization. You can't remove the management account.
// Instead, after you remove all member accounts, delete the organization
// itself.
//
// - ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
// an account from the organization that doesn't yet have enough information
// to exist as a standalone account. This account requires you to first complete
// phone verification. Follow the steps at Removing a member account from
// your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
// in the Organizations User Guide.
//
// - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can create in one day.
//
// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or
// your account isn't fully active. You must complete the account setup before
// you create an organization.
//
// - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. If you need more accounts,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/)
// to request an increase in your limit. Or the number of invitations that
// you tried to send would cause you to exceed the limit of accounts in your
// organization. Send fewer invitations or contact Amazon Web Services Support
// to request an increase in the number of accounts. Deleted and closed accounts
// still count toward your limit. If you get this exception when running
// a command immediately after creating the organization, wait one hour and
// try again. After an hour, if the command continues to fail with this error,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/).
//
// - CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot
// register a suspended account as a delegated administrator.
//
// - CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
// register the management account of the organization as a delegated administrator
// for an Amazon Web Services service integrated with Organizations. You
// can designate only a member account as a delegated administrator.
//
// - CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management
// account. To close the management account for the organization, you must
// first either remove or close all member accounts in the organization.
// Follow standard account closure process using root credentials.
//
// - CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
// an account that is registered as a delegated administrator for a service
// integrated with your organization. To complete this operation, you must
// first deregister this account as a delegated administrator.
//
// - CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota
// for the past 30 days.
//
// - CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can close at a time.
//
// - CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
// organization in the specified region, you must enable all features mode.
//
// - DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
// an Amazon Web Services account as a delegated administrator for an Amazon
// Web Services service that already has a delegated administrator. To complete
// this operation, you must first deregister any existing delegated administrators
// for this service.
//
// - EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
// valid for a limited period of time. You must resubmit the request and
// generate a new verfication code.
//
// - HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// - INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no
// supported payment method is associated with the account. Amazon Web Services
// does not support cards issued by financial institutions in Russia or Belarus.
// For more information, see Managing your Amazon Web Services payments (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-general.html).
//
// - MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
// in this organization, you first must migrate the organization's management
// account to the marketplace that corresponds to the management account's
// address. All accounts in an organization must be associated with the same
// marketplace.
//
// - MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon
// Web Services Regions in China. To create an organization, the master must
// have a valid business license. For more information, contact customer
// support.
//
// - MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
// must first provide a valid contact address and phone number for the management
// account. Then try the operation again.
//
// - MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
// management account must have an associated account in the Amazon Web Services
// GovCloud (US-West) Region. For more information, see Organizations (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
// in the Amazon Web Services GovCloud User Guide.
//
// - MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
// with this management account, you first must associate a valid payment
// instrument, such as a credit card, with the account. For more information,
// see Considerations before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
// to register more delegated administrators than allowed for the service
// principal.
//
// - MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
// number of policies of a certain type that can be attached to an entity
// at one time.
//
// - MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
// on this resource.
//
// - MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
// with this member account, you first must associate a valid payment instrument,
// such as a credit card, with the account. For more information, see Considerations
// before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
// policy from an entity that would cause the entity to have fewer than the
// minimum number of policies of a certain type required.
//
// - ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
// that requires the organization to be configured to support all features.
// An organization that supports only consolidated billing features can't
// perform this operation.
//
// - OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
// too many levels deep.
//
// - OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
// that you can have in an organization.
//
// - POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
// is larger than the maximum size.
//
// - POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
// policies that you can have in an organization.
//
// - SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator
// before you enabled service access. Call the EnableAWSServiceAccess API
// first.
//
// - TAG_POLICY_VIOLATION: You attempted to create or update a resource with
// tags that are not compliant with the tag policy requirements for this
// account.
//
// - WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account,
// there is a waiting period before you can remove it from the organization.
// If you get an error that indicates that a wait period is required, try
// again in a few days.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// - UnsupportedAPIEndpointException
// This action isn't available in the current Amazon Web Services Region.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAWSServiceAccessForOrganization
func (c *Organizations) ListAWSServiceAccessForOrganization(input *ListAWSServiceAccessForOrganizationInput) (*ListAWSServiceAccessForOrganizationOutput, error) {
req, out := c.ListAWSServiceAccessForOrganizationRequest(input)
return out, req.Send()
}
// ListAWSServiceAccessForOrganizationWithContext is the same as ListAWSServiceAccessForOrganization with the addition of
// the ability to pass a context and additional request options.
//
// See ListAWSServiceAccessForOrganization for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) ListAWSServiceAccessForOrganizationWithContext(ctx aws.Context, input *ListAWSServiceAccessForOrganizationInput, opts ...request.Option) (*ListAWSServiceAccessForOrganizationOutput, error) {
req, out := c.ListAWSServiceAccessForOrganizationRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
// ListAWSServiceAccessForOrganizationPages iterates over the pages of a ListAWSServiceAccessForOrganization operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListAWSServiceAccessForOrganization method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
// // Example iterating over at most 3 pages of a ListAWSServiceAccessForOrganization operation.
// pageNum := 0
// err := client.ListAWSServiceAccessForOrganizationPages(params,
// func(page *organizations.ListAWSServiceAccessForOrganizationOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
func (c *Organizations) ListAWSServiceAccessForOrganizationPages(input *ListAWSServiceAccessForOrganizationInput, fn func(*ListAWSServiceAccessForOrganizationOutput, bool) bool) error {
return c.ListAWSServiceAccessForOrganizationPagesWithContext(aws.BackgroundContext(), input, fn)
}
// ListAWSServiceAccessForOrganizationPagesWithContext same as ListAWSServiceAccessForOrganizationPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) ListAWSServiceAccessForOrganizationPagesWithContext(ctx aws.Context, input *ListAWSServiceAccessForOrganizationInput, fn func(*ListAWSServiceAccessForOrganizationOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
var inCpy *ListAWSServiceAccessForOrganizationInput
if input != nil {
tmp := *input
inCpy = &tmp
}
req, _ := c.ListAWSServiceAccessForOrganizationRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
},
}
for p.Next() {
if !fn(p.Page().(*ListAWSServiceAccessForOrganizationOutput), !p.HasNextPage()) {
break
}
}
return p.Err()
}
const opListAccounts = "ListAccounts"
// ListAccountsRequest generates a "aws/request.Request" representing the
// client's request for the ListAccounts operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListAccounts for more information on using the ListAccounts
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the ListAccountsRequest method.
// req, resp := client.ListAccountsRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccounts
func (c *Organizations) ListAccountsRequest(input *ListAccountsInput) (req *request.Request, output *ListAccountsOutput) {
op := &request.Operation{
Name: opListAccounts,
HTTPMethod: "POST",
HTTPPath: "/",
Paginator: &request.Paginator{
InputTokens: []string{"NextToken"},
OutputTokens: []string{"NextToken"},
LimitToken: "MaxResults",
TruncationToken: "",
},
}
if input == nil {
input = &ListAccountsInput{}
}
output = &ListAccountsOutput{}
req = c.newRequest(op, input, output)
return
}
// ListAccounts API operation for AWS Organizations.
//
// Lists all the accounts in the organization. To request only the accounts
// in a specified root or organizational unit (OU), use the ListAccountsForParent
// operation instead.
//
// Always check the NextToken response parameter for a null value when calling
// a List* operation. These operations can occasionally return an empty set
// of results even when there are more results available. The NextToken response
// parameter value is null only when there are no more results to display.
//
// This operation can be called only from the organization's management account
// or by a member account that is a delegated administrator for an Amazon Web
// Services service.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation ListAccounts for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccounts
func (c *Organizations) ListAccounts(input *ListAccountsInput) (*ListAccountsOutput, error) {
req, out := c.ListAccountsRequest(input)
return out, req.Send()
}
// ListAccountsWithContext is the same as ListAccounts with the addition of
// the ability to pass a context and additional request options.
//
// See ListAccounts for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) ListAccountsWithContext(ctx aws.Context, input *ListAccountsInput, opts ...request.Option) (*ListAccountsOutput, error) {
req, out := c.ListAccountsRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
// ListAccountsPages iterates over the pages of a ListAccounts operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListAccounts method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
// // Example iterating over at most 3 pages of a ListAccounts operation.
// pageNum := 0
// err := client.ListAccountsPages(params,
// func(page *organizations.ListAccountsOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
func (c *Organizations) ListAccountsPages(input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool) error {
return c.ListAccountsPagesWithContext(aws.BackgroundContext(), input, fn)
}
// ListAccountsPagesWithContext same as ListAccountsPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) ListAccountsPagesWithContext(ctx aws.Context, input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
var inCpy *ListAccountsInput
if input != nil {
tmp := *input
inCpy = &tmp
}
req, _ := c.ListAccountsRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
},
}
for p.Next() {
if !fn(p.Page().(*ListAccountsOutput), !p.HasNextPage()) {
break
}
}
return p.Err()
}
const opListAccountsForParent = "ListAccountsForParent"
// ListAccountsForParentRequest generates a "aws/request.Request" representing the
// client's request for the ListAccountsForParent operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListAccountsForParent for more information on using the ListAccountsForParent
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the ListAccountsForParentRequest method.
// req, resp := client.ListAccountsForParentRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccountsForParent
func (c *Organizations) ListAccountsForParentRequest(input *ListAccountsForParentInput) (req *request.Request, output *ListAccountsForParentOutput) {
op := &request.Operation{
Name: opListAccountsForParent,
HTTPMethod: "POST",
HTTPPath: "/",
Paginator: &request.Paginator{
InputTokens: []string{"NextToken"},
OutputTokens: []string{"NextToken"},
LimitToken: "MaxResults",
TruncationToken: "",
},
}
if input == nil {
input = &ListAccountsForParentInput{}
}
output = &ListAccountsForParentOutput{}
req = c.newRequest(op, input, output)
return
}
// ListAccountsForParent API operation for AWS Organizations.
//
// Lists the accounts in an organization that are contained by the specified
// target root or organizational unit (OU). If you specify the root, you get
// a list of all the accounts that aren't in any OU. If you specify an OU, you
// get a list of all the accounts in only that OU and not in any child OUs.
// To get a list of all accounts in the organization, use the ListAccounts operation.
//
// Always check the NextToken response parameter for a null value when calling
// a List* operation. These operations can occasionally return an empty set
// of results even when there are more results available. The NextToken response
// parameter value is null only when there are no more results to display.
//
// This operation can be called only from the organization's management account
// or by a member account that is a delegated administrator for an Amazon Web
// Services service.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation ListAccountsForParent for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - ParentNotFoundException
// We can't find a root or OU with the ParentId that you specified.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccountsForParent
func (c *Organizations) ListAccountsForParent(input *ListAccountsForParentInput) (*ListAccountsForParentOutput, error) {
req, out := c.ListAccountsForParentRequest(input)
return out, req.Send()
}
// ListAccountsForParentWithContext is the same as ListAccountsForParent with the addition of
// the ability to pass a context and additional request options.
//
// See ListAccountsForParent for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) ListAccountsForParentWithContext(ctx aws.Context, input *ListAccountsForParentInput, opts ...request.Option) (*ListAccountsForParentOutput, error) {
req, out := c.ListAccountsForParentRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
// ListAccountsForParentPages iterates over the pages of a ListAccountsForParent operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListAccountsForParent method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
// // Example iterating over at most 3 pages of a ListAccountsForParent operation.
// pageNum := 0
// err := client.ListAccountsForParentPages(params,
// func(page *organizations.ListAccountsForParentOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
func (c *Organizations) ListAccountsForParentPages(input *ListAccountsForParentInput, fn func(*ListAccountsForParentOutput, bool) bool) error {
return c.ListAccountsForParentPagesWithContext(aws.BackgroundContext(), input, fn)
}
// ListAccountsForParentPagesWithContext same as ListAccountsForParentPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) ListAccountsForParentPagesWithContext(ctx aws.Context, input *ListAccountsForParentInput, fn func(*ListAccountsForParentOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
var inCpy *ListAccountsForParentInput
if input != nil {
tmp := *input
inCpy = &tmp
}
req, _ := c.ListAccountsForParentRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
},
}
for p.Next() {
if !fn(p.Page().(*ListAccountsForParentOutput), !p.HasNextPage()) {
break
}
}
return p.Err()
}
const opListChildren = "ListChildren"
// ListChildrenRequest generates a "aws/request.Request" representing the
// client's request for the ListChildren operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListChildren for more information on using the ListChildren
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the ListChildrenRequest method.
// req, resp := client.ListChildrenRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListChildren
func (c *Organizations) ListChildrenRequest(input *ListChildrenInput) (req *request.Request, output *ListChildrenOutput) {
op := &request.Operation{
Name: opListChildren,
HTTPMethod: "POST",
HTTPPath: "/",
Paginator: &request.Paginator{
InputTokens: []string{"NextToken"},
OutputTokens: []string{"NextToken"},
LimitToken: "MaxResults",
TruncationToken: "",
},
}
if input == nil {
input = &ListChildrenInput{}
}
output = &ListChildrenOutput{}
req = c.newRequest(op, input, output)
return
}
// ListChildren API operation for AWS Organizations.
//
// Lists all of the organizational units (OUs) or accounts that are contained
// in the specified parent OU or root. This operation, along with ListParents
// enables you to traverse the tree structure that makes up this root.
//
// Always check the NextToken response parameter for a null value when calling
// a List* operation. These operations can occasionally return an empty set
// of results even when there are more results available. The NextToken response
// parameter value is null only when there are no more results to display.
//
// This operation can be called only from the organization's management account
// or by a member account that is a delegated administrator for an Amazon Web
// Services service.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation ListChildren for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - ParentNotFoundException
// We can't find a root or OU with the ParentId that you specified.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListChildren
func (c *Organizations) ListChildren(input *ListChildrenInput) (*ListChildrenOutput, error) {
req, out := c.ListChildrenRequest(input)
return out, req.Send()
}
// ListChildrenWithContext is the same as ListChildren with the addition of
// the ability to pass a context and additional request options.
//
// See ListChildren for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) ListChildrenWithContext(ctx aws.Context, input *ListChildrenInput, opts ...request.Option) (*ListChildrenOutput, error) {
req, out := c.ListChildrenRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
// ListChildrenPages iterates over the pages of a ListChildren operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListChildren method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
// // Example iterating over at most 3 pages of a ListChildren operation.
// pageNum := 0
// err := client.ListChildrenPages(params,
// func(page *organizations.ListChildrenOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
func (c *Organizations) ListChildrenPages(input *ListChildrenInput, fn func(*ListChildrenOutput, bool) bool) error {
return c.ListChildrenPagesWithContext(aws.BackgroundContext(), input, fn)
}
// ListChildrenPagesWithContext same as ListChildrenPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) ListChildrenPagesWithContext(ctx aws.Context, input *ListChildrenInput, fn func(*ListChildrenOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
var inCpy *ListChildrenInput
if input != nil {
tmp := *input
inCpy = &tmp
}
req, _ := c.ListChildrenRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
},
}
for p.Next() {
if !fn(p.Page().(*ListChildrenOutput), !p.HasNextPage()) {
break
}
}
return p.Err()
}
const opListCreateAccountStatus = "ListCreateAccountStatus"
// ListCreateAccountStatusRequest generates a "aws/request.Request" representing the
// client's request for the ListCreateAccountStatus operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListCreateAccountStatus for more information on using the ListCreateAccountStatus
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the ListCreateAccountStatusRequest method.
// req, resp := client.ListCreateAccountStatusRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus
func (c *Organizations) ListCreateAccountStatusRequest(input *ListCreateAccountStatusInput) (req *request.Request, output *ListCreateAccountStatusOutput) {
op := &request.Operation{
Name: opListCreateAccountStatus,
HTTPMethod: "POST",
HTTPPath: "/",
Paginator: &request.Paginator{
InputTokens: []string{"NextToken"},
OutputTokens: []string{"NextToken"},
LimitToken: "MaxResults",
TruncationToken: "",
},
}
if input == nil {
input = &ListCreateAccountStatusInput{}
}
output = &ListCreateAccountStatusOutput{}
req = c.newRequest(op, input, output)
return
}
// ListCreateAccountStatus API operation for AWS Organizations.
//
// Lists the account creation requests that match the specified status that
// is currently being tracked for the organization.
//
// Always check the NextToken response parameter for a null value when calling
// a List* operation. These operations can occasionally return an empty set
// of results even when there are more results available. The NextToken response
// parameter value is null only when there are no more results to display.
//
// This operation can be called only from the organization's management account
// or by a member account that is a delegated administrator for an Amazon Web
// Services service.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation ListCreateAccountStatus for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// - UnsupportedAPIEndpointException
// This action isn't available in the current Amazon Web Services Region.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus
func (c *Organizations) ListCreateAccountStatus(input *ListCreateAccountStatusInput) (*ListCreateAccountStatusOutput, error) {
req, out := c.ListCreateAccountStatusRequest(input)
return out, req.Send()
}
// ListCreateAccountStatusWithContext is the same as ListCreateAccountStatus with the addition of
// the ability to pass a context and additional request options.
//
// See ListCreateAccountStatus for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) ListCreateAccountStatusWithContext(ctx aws.Context, input *ListCreateAccountStatusInput, opts ...request.Option) (*ListCreateAccountStatusOutput, error) {
req, out := c.ListCreateAccountStatusRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
// ListCreateAccountStatusPages iterates over the pages of a ListCreateAccountStatus operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListCreateAccountStatus method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
// // Example iterating over at most 3 pages of a ListCreateAccountStatus operation.
// pageNum := 0
// err := client.ListCreateAccountStatusPages(params,
// func(page *organizations.ListCreateAccountStatusOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
func (c *Organizations) ListCreateAccountStatusPages(input *ListCreateAccountStatusInput, fn func(*ListCreateAccountStatusOutput, bool) bool) error {
return c.ListCreateAccountStatusPagesWithContext(aws.BackgroundContext(), input, fn)
}
// ListCreateAccountStatusPagesWithContext same as ListCreateAccountStatusPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) ListCreateAccountStatusPagesWithContext(ctx aws.Context, input *ListCreateAccountStatusInput, fn func(*ListCreateAccountStatusOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
var inCpy *ListCreateAccountStatusInput
if input != nil {
tmp := *input
inCpy = &tmp
}
req, _ := c.ListCreateAccountStatusRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
},
}
for p.Next() {
if !fn(p.Page().(*ListCreateAccountStatusOutput), !p.HasNextPage()) {
break
}
}
return p.Err()
}
const opListDelegatedAdministrators = "ListDelegatedAdministrators"
// ListDelegatedAdministratorsRequest generates a "aws/request.Request" representing the
// client's request for the ListDelegatedAdministrators operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListDelegatedAdministrators for more information on using the ListDelegatedAdministrators
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the ListDelegatedAdministratorsRequest method.
// req, resp := client.ListDelegatedAdministratorsRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListDelegatedAdministrators
func (c *Organizations) ListDelegatedAdministratorsRequest(input *ListDelegatedAdministratorsInput) (req *request.Request, output *ListDelegatedAdministratorsOutput) {
op := &request.Operation{
Name: opListDelegatedAdministrators,
HTTPMethod: "POST",
HTTPPath: "/",
Paginator: &request.Paginator{
InputTokens: []string{"NextToken"},
OutputTokens: []string{"NextToken"},
LimitToken: "MaxResults",
TruncationToken: "",
},
}
if input == nil {
input = &ListDelegatedAdministratorsInput{}
}
output = &ListDelegatedAdministratorsOutput{}
req = c.newRequest(op, input, output)
return
}
// ListDelegatedAdministrators API operation for AWS Organizations.
//
// Lists the Amazon Web Services accounts that are designated as delegated administrators
// in this organization.
//
// This operation can be called only from the organization's management account
// or by a member account that is a delegated administrator for an Amazon Web
// Services service.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation ListDelegatedAdministrators for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - ConstraintViolationException
// Performing this operation violates a minimum or maximum value limit. For
// example, attempting to remove the last service control policy (SCP) from
// an OU or root, inviting or creating too many accounts to the organization,
// or attaching too many policies to an account, OU, or root. This exception
// includes a reason that contains additional information about the violated
// limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
// account from the organization. You can't remove the management account.
// Instead, after you remove all member accounts, delete the organization
// itself.
//
// - ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
// an account from the organization that doesn't yet have enough information
// to exist as a standalone account. This account requires you to first complete
// phone verification. Follow the steps at Removing a member account from
// your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
// in the Organizations User Guide.
//
// - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can create in one day.
//
// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or
// your account isn't fully active. You must complete the account setup before
// you create an organization.
//
// - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. If you need more accounts,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/)
// to request an increase in your limit. Or the number of invitations that
// you tried to send would cause you to exceed the limit of accounts in your
// organization. Send fewer invitations or contact Amazon Web Services Support
// to request an increase in the number of accounts. Deleted and closed accounts
// still count toward your limit. If you get this exception when running
// a command immediately after creating the organization, wait one hour and
// try again. After an hour, if the command continues to fail with this error,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/).
//
// - CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot
// register a suspended account as a delegated administrator.
//
// - CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
// register the management account of the organization as a delegated administrator
// for an Amazon Web Services service integrated with Organizations. You
// can designate only a member account as a delegated administrator.
//
// - CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management
// account. To close the management account for the organization, you must
// first either remove or close all member accounts in the organization.
// Follow standard account closure process using root credentials.
//
// - CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
// an account that is registered as a delegated administrator for a service
// integrated with your organization. To complete this operation, you must
// first deregister this account as a delegated administrator.
//
// - CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota
// for the past 30 days.
//
// - CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can close at a time.
//
// - CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
// organization in the specified region, you must enable all features mode.
//
// - DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
// an Amazon Web Services account as a delegated administrator for an Amazon
// Web Services service that already has a delegated administrator. To complete
// this operation, you must first deregister any existing delegated administrators
// for this service.
//
// - EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
// valid for a limited period of time. You must resubmit the request and
// generate a new verfication code.
//
// - HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// - INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no
// supported payment method is associated with the account. Amazon Web Services
// does not support cards issued by financial institutions in Russia or Belarus.
// For more information, see Managing your Amazon Web Services payments (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-general.html).
//
// - MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
// in this organization, you first must migrate the organization's management
// account to the marketplace that corresponds to the management account's
// address. All accounts in an organization must be associated with the same
// marketplace.
//
// - MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon
// Web Services Regions in China. To create an organization, the master must
// have a valid business license. For more information, contact customer
// support.
//
// - MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
// must first provide a valid contact address and phone number for the management
// account. Then try the operation again.
//
// - MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
// management account must have an associated account in the Amazon Web Services
// GovCloud (US-West) Region. For more information, see Organizations (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
// in the Amazon Web Services GovCloud User Guide.
//
// - MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
// with this management account, you first must associate a valid payment
// instrument, such as a credit card, with the account. For more information,
// see Considerations before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
// to register more delegated administrators than allowed for the service
// principal.
//
// - MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
// number of policies of a certain type that can be attached to an entity
// at one time.
//
// - MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
// on this resource.
//
// - MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
// with this member account, you first must associate a valid payment instrument,
// such as a credit card, with the account. For more information, see Considerations
// before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
// policy from an entity that would cause the entity to have fewer than the
// minimum number of policies of a certain type required.
//
// - ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
// that requires the organization to be configured to support all features.
// An organization that supports only consolidated billing features can't
// perform this operation.
//
// - OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
// too many levels deep.
//
// - OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
// that you can have in an organization.
//
// - POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
// is larger than the maximum size.
//
// - POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
// policies that you can have in an organization.
//
// - SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator
// before you enabled service access. Call the EnableAWSServiceAccess API
// first.
//
// - TAG_POLICY_VIOLATION: You attempted to create or update a resource with
// tags that are not compliant with the tag policy requirements for this
// account.
//
// - WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account,
// there is a waiting period before you can remove it from the organization.
// If you get an error that indicates that a wait period is required, try
// again in a few days.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - UnsupportedAPIEndpointException
// This action isn't available in the current Amazon Web Services Region.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListDelegatedAdministrators
func (c *Organizations) ListDelegatedAdministrators(input *ListDelegatedAdministratorsInput) (*ListDelegatedAdministratorsOutput, error) {
req, out := c.ListDelegatedAdministratorsRequest(input)
return out, req.Send()
}
// ListDelegatedAdministratorsWithContext is the same as ListDelegatedAdministrators with the addition of
// the ability to pass a context and additional request options.
//
// See ListDelegatedAdministrators for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) ListDelegatedAdministratorsWithContext(ctx aws.Context, input *ListDelegatedAdministratorsInput, opts ...request.Option) (*ListDelegatedAdministratorsOutput, error) {
req, out := c.ListDelegatedAdministratorsRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
// ListDelegatedAdministratorsPages iterates over the pages of a ListDelegatedAdministrators operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListDelegatedAdministrators method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
// // Example iterating over at most 3 pages of a ListDelegatedAdministrators operation.
// pageNum := 0
// err := client.ListDelegatedAdministratorsPages(params,
// func(page *organizations.ListDelegatedAdministratorsOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
func (c *Organizations) ListDelegatedAdministratorsPages(input *ListDelegatedAdministratorsInput, fn func(*ListDelegatedAdministratorsOutput, bool) bool) error {
return c.ListDelegatedAdministratorsPagesWithContext(aws.BackgroundContext(), input, fn)
}
// ListDelegatedAdministratorsPagesWithContext same as ListDelegatedAdministratorsPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) ListDelegatedAdministratorsPagesWithContext(ctx aws.Context, input *ListDelegatedAdministratorsInput, fn func(*ListDelegatedAdministratorsOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
var inCpy *ListDelegatedAdministratorsInput
if input != nil {
tmp := *input
inCpy = &tmp
}
req, _ := c.ListDelegatedAdministratorsRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
},
}
for p.Next() {
if !fn(p.Page().(*ListDelegatedAdministratorsOutput), !p.HasNextPage()) {
break
}
}
return p.Err()
}
const opListDelegatedServicesForAccount = "ListDelegatedServicesForAccount"
// ListDelegatedServicesForAccountRequest generates a "aws/request.Request" representing the
// client's request for the ListDelegatedServicesForAccount operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListDelegatedServicesForAccount for more information on using the ListDelegatedServicesForAccount
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the ListDelegatedServicesForAccountRequest method.
// req, resp := client.ListDelegatedServicesForAccountRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListDelegatedServicesForAccount
func (c *Organizations) ListDelegatedServicesForAccountRequest(input *ListDelegatedServicesForAccountInput) (req *request.Request, output *ListDelegatedServicesForAccountOutput) {
op := &request.Operation{
Name: opListDelegatedServicesForAccount,
HTTPMethod: "POST",
HTTPPath: "/",
Paginator: &request.Paginator{
InputTokens: []string{"NextToken"},
OutputTokens: []string{"NextToken"},
LimitToken: "MaxResults",
TruncationToken: "",
},
}
if input == nil {
input = &ListDelegatedServicesForAccountInput{}
}
output = &ListDelegatedServicesForAccountOutput{}
req = c.newRequest(op, input, output)
return
}
// ListDelegatedServicesForAccount API operation for AWS Organizations.
//
// List the Amazon Web Services services for which the specified account is
// a delegated administrator.
//
// This operation can be called only from the organization's management account
// or by a member account that is a delegated administrator for an Amazon Web
// Services service.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation ListDelegatedServicesForAccount for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AccountNotFoundException
// We can't find an Amazon Web Services account with the AccountId that you
// specified, or the account whose credentials you used to make this request
// isn't a member of an organization.
//
// - AccountNotRegisteredException
// The specified account is not a delegated administrator for this Amazon Web
// Services service.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - ConstraintViolationException
// Performing this operation violates a minimum or maximum value limit. For
// example, attempting to remove the last service control policy (SCP) from
// an OU or root, inviting or creating too many accounts to the organization,
// or attaching too many policies to an account, OU, or root. This exception
// includes a reason that contains additional information about the violated
// limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
// account from the organization. You can't remove the management account.
// Instead, after you remove all member accounts, delete the organization
// itself.
//
// - ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
// an account from the organization that doesn't yet have enough information
// to exist as a standalone account. This account requires you to first complete
// phone verification. Follow the steps at Removing a member account from
// your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
// in the Organizations User Guide.
//
// - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can create in one day.
//
// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or
// your account isn't fully active. You must complete the account setup before
// you create an organization.
//
// - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. If you need more accounts,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/)
// to request an increase in your limit. Or the number of invitations that
// you tried to send would cause you to exceed the limit of accounts in your
// organization. Send fewer invitations or contact Amazon Web Services Support
// to request an increase in the number of accounts. Deleted and closed accounts
// still count toward your limit. If you get this exception when running
// a command immediately after creating the organization, wait one hour and
// try again. After an hour, if the command continues to fail with this error,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/).
//
// - CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot
// register a suspended account as a delegated administrator.
//
// - CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
// register the management account of the organization as a delegated administrator
// for an Amazon Web Services service integrated with Organizations. You
// can designate only a member account as a delegated administrator.
//
// - CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management
// account. To close the management account for the organization, you must
// first either remove or close all member accounts in the organization.
// Follow standard account closure process using root credentials.
//
// - CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
// an account that is registered as a delegated administrator for a service
// integrated with your organization. To complete this operation, you must
// first deregister this account as a delegated administrator.
//
// - CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota
// for the past 30 days.
//
// - CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can close at a time.
//
// - CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
// organization in the specified region, you must enable all features mode.
//
// - DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
// an Amazon Web Services account as a delegated administrator for an Amazon
// Web Services service that already has a delegated administrator. To complete
// this operation, you must first deregister any existing delegated administrators
// for this service.
//
// - EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
// valid for a limited period of time. You must resubmit the request and
// generate a new verfication code.
//
// - HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// - INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no
// supported payment method is associated with the account. Amazon Web Services
// does not support cards issued by financial institutions in Russia or Belarus.
// For more information, see Managing your Amazon Web Services payments (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-general.html).
//
// - MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
// in this organization, you first must migrate the organization's management
// account to the marketplace that corresponds to the management account's
// address. All accounts in an organization must be associated with the same
// marketplace.
//
// - MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon
// Web Services Regions in China. To create an organization, the master must
// have a valid business license. For more information, contact customer
// support.
//
// - MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
// must first provide a valid contact address and phone number for the management
// account. Then try the operation again.
//
// - MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
// management account must have an associated account in the Amazon Web Services
// GovCloud (US-West) Region. For more information, see Organizations (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
// in the Amazon Web Services GovCloud User Guide.
//
// - MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
// with this management account, you first must associate a valid payment
// instrument, such as a credit card, with the account. For more information,
// see Considerations before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
// to register more delegated administrators than allowed for the service
// principal.
//
// - MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
// number of policies of a certain type that can be attached to an entity
// at one time.
//
// - MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
// on this resource.
//
// - MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
// with this member account, you first must associate a valid payment instrument,
// such as a credit card, with the account. For more information, see Considerations
// before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
// policy from an entity that would cause the entity to have fewer than the
// minimum number of policies of a certain type required.
//
// - ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
// that requires the organization to be configured to support all features.
// An organization that supports only consolidated billing features can't
// perform this operation.
//
// - OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
// too many levels deep.
//
// - OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
// that you can have in an organization.
//
// - POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
// is larger than the maximum size.
//
// - POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
// policies that you can have in an organization.
//
// - SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator
// before you enabled service access. Call the EnableAWSServiceAccess API
// first.
//
// - TAG_POLICY_VIOLATION: You attempted to create or update a resource with
// tags that are not compliant with the tag policy requirements for this
// account.
//
// - WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account,
// there is a waiting period before you can remove it from the organization.
// If you get an error that indicates that a wait period is required, try
// again in a few days.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - UnsupportedAPIEndpointException
// This action isn't available in the current Amazon Web Services Region.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListDelegatedServicesForAccount
func (c *Organizations) ListDelegatedServicesForAccount(input *ListDelegatedServicesForAccountInput) (*ListDelegatedServicesForAccountOutput, error) {
req, out := c.ListDelegatedServicesForAccountRequest(input)
return out, req.Send()
}
// ListDelegatedServicesForAccountWithContext is the same as ListDelegatedServicesForAccount with the addition of
// the ability to pass a context and additional request options.
//
// See ListDelegatedServicesForAccount for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) ListDelegatedServicesForAccountWithContext(ctx aws.Context, input *ListDelegatedServicesForAccountInput, opts ...request.Option) (*ListDelegatedServicesForAccountOutput, error) {
req, out := c.ListDelegatedServicesForAccountRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
// ListDelegatedServicesForAccountPages iterates over the pages of a ListDelegatedServicesForAccount operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListDelegatedServicesForAccount method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
// // Example iterating over at most 3 pages of a ListDelegatedServicesForAccount operation.
// pageNum := 0
// err := client.ListDelegatedServicesForAccountPages(params,
// func(page *organizations.ListDelegatedServicesForAccountOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
func (c *Organizations) ListDelegatedServicesForAccountPages(input *ListDelegatedServicesForAccountInput, fn func(*ListDelegatedServicesForAccountOutput, bool) bool) error {
return c.ListDelegatedServicesForAccountPagesWithContext(aws.BackgroundContext(), input, fn)
}
// ListDelegatedServicesForAccountPagesWithContext same as ListDelegatedServicesForAccountPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) ListDelegatedServicesForAccountPagesWithContext(ctx aws.Context, input *ListDelegatedServicesForAccountInput, fn func(*ListDelegatedServicesForAccountOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
var inCpy *ListDelegatedServicesForAccountInput
if input != nil {
tmp := *input
inCpy = &tmp
}
req, _ := c.ListDelegatedServicesForAccountRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
},
}
for p.Next() {
if !fn(p.Page().(*ListDelegatedServicesForAccountOutput), !p.HasNextPage()) {
break
}
}
return p.Err()
}
const opListHandshakesForAccount = "ListHandshakesForAccount"
// ListHandshakesForAccountRequest generates a "aws/request.Request" representing the
// client's request for the ListHandshakesForAccount operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListHandshakesForAccount for more information on using the ListHandshakesForAccount
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the ListHandshakesForAccountRequest method.
// req, resp := client.ListHandshakesForAccountRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForAccount
func (c *Organizations) ListHandshakesForAccountRequest(input *ListHandshakesForAccountInput) (req *request.Request, output *ListHandshakesForAccountOutput) {
op := &request.Operation{
Name: opListHandshakesForAccount,
HTTPMethod: "POST",
HTTPPath: "/",
Paginator: &request.Paginator{
InputTokens: []string{"NextToken"},
OutputTokens: []string{"NextToken"},
LimitToken: "MaxResults",
TruncationToken: "",
},
}
if input == nil {
input = &ListHandshakesForAccountInput{}
}
output = &ListHandshakesForAccountOutput{}
req = c.newRequest(op, input, output)
return
}
// ListHandshakesForAccount API operation for AWS Organizations.
//
// Lists the current handshakes that are associated with the account of the
// requesting user.
//
// Handshakes that are ACCEPTED, DECLINED, CANCELED, or EXPIRED appear in the
// results of this API for only 30 days after changing to that state. After
// that, they're deleted and no longer accessible.
//
// Always check the NextToken response parameter for a null value when calling
// a List* operation. These operations can occasionally return an empty set
// of results even when there are more results available. The NextToken response
// parameter value is null only when there are no more results to display.
//
// This operation can be called from any account in the organization.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation ListHandshakesForAccount for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForAccount
func (c *Organizations) ListHandshakesForAccount(input *ListHandshakesForAccountInput) (*ListHandshakesForAccountOutput, error) {
req, out := c.ListHandshakesForAccountRequest(input)
return out, req.Send()
}
// ListHandshakesForAccountWithContext is the same as ListHandshakesForAccount with the addition of
// the ability to pass a context and additional request options.
//
// See ListHandshakesForAccount for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) ListHandshakesForAccountWithContext(ctx aws.Context, input *ListHandshakesForAccountInput, opts ...request.Option) (*ListHandshakesForAccountOutput, error) {
req, out := c.ListHandshakesForAccountRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
// ListHandshakesForAccountPages iterates over the pages of a ListHandshakesForAccount operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListHandshakesForAccount method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
// // Example iterating over at most 3 pages of a ListHandshakesForAccount operation.
// pageNum := 0
// err := client.ListHandshakesForAccountPages(params,
// func(page *organizations.ListHandshakesForAccountOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
func (c *Organizations) ListHandshakesForAccountPages(input *ListHandshakesForAccountInput, fn func(*ListHandshakesForAccountOutput, bool) bool) error {
return c.ListHandshakesForAccountPagesWithContext(aws.BackgroundContext(), input, fn)
}
// ListHandshakesForAccountPagesWithContext same as ListHandshakesForAccountPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) ListHandshakesForAccountPagesWithContext(ctx aws.Context, input *ListHandshakesForAccountInput, fn func(*ListHandshakesForAccountOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
var inCpy *ListHandshakesForAccountInput
if input != nil {
tmp := *input
inCpy = &tmp
}
req, _ := c.ListHandshakesForAccountRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
},
}
for p.Next() {
if !fn(p.Page().(*ListHandshakesForAccountOutput), !p.HasNextPage()) {
break
}
}
return p.Err()
}
const opListHandshakesForOrganization = "ListHandshakesForOrganization"
// ListHandshakesForOrganizationRequest generates a "aws/request.Request" representing the
// client's request for the ListHandshakesForOrganization operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListHandshakesForOrganization for more information on using the ListHandshakesForOrganization
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the ListHandshakesForOrganizationRequest method.
// req, resp := client.ListHandshakesForOrganizationRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForOrganization
func (c *Organizations) ListHandshakesForOrganizationRequest(input *ListHandshakesForOrganizationInput) (req *request.Request, output *ListHandshakesForOrganizationOutput) {
op := &request.Operation{
Name: opListHandshakesForOrganization,
HTTPMethod: "POST",
HTTPPath: "/",
Paginator: &request.Paginator{
InputTokens: []string{"NextToken"},
OutputTokens: []string{"NextToken"},
LimitToken: "MaxResults",
TruncationToken: "",
},
}
if input == nil {
input = &ListHandshakesForOrganizationInput{}
}
output = &ListHandshakesForOrganizationOutput{}
req = c.newRequest(op, input, output)
return
}
// ListHandshakesForOrganization API operation for AWS Organizations.
//
// Lists the handshakes that are associated with the organization that the requesting
// user is part of. The ListHandshakesForOrganization operation returns a list
// of handshake structures. Each structure contains details and status about
// a handshake.
//
// Handshakes that are ACCEPTED, DECLINED, CANCELED, or EXPIRED appear in the
// results of this API for only 30 days after changing to that state. After
// that, they're deleted and no longer accessible.
//
// Always check the NextToken response parameter for a null value when calling
// a List* operation. These operations can occasionally return an empty set
// of results even when there are more results available. The NextToken response
// parameter value is null only when there are no more results to display.
//
// This operation can be called only from the organization's management account
// or by a member account that is a delegated administrator for an Amazon Web
// Services service.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation ListHandshakesForOrganization for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForOrganization
func (c *Organizations) ListHandshakesForOrganization(input *ListHandshakesForOrganizationInput) (*ListHandshakesForOrganizationOutput, error) {
req, out := c.ListHandshakesForOrganizationRequest(input)
return out, req.Send()
}
// ListHandshakesForOrganizationWithContext is the same as ListHandshakesForOrganization with the addition of
// the ability to pass a context and additional request options.
//
// See ListHandshakesForOrganization for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) ListHandshakesForOrganizationWithContext(ctx aws.Context, input *ListHandshakesForOrganizationInput, opts ...request.Option) (*ListHandshakesForOrganizationOutput, error) {
req, out := c.ListHandshakesForOrganizationRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
// ListHandshakesForOrganizationPages iterates over the pages of a ListHandshakesForOrganization operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListHandshakesForOrganization method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
// // Example iterating over at most 3 pages of a ListHandshakesForOrganization operation.
// pageNum := 0
// err := client.ListHandshakesForOrganizationPages(params,
// func(page *organizations.ListHandshakesForOrganizationOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
func (c *Organizations) ListHandshakesForOrganizationPages(input *ListHandshakesForOrganizationInput, fn func(*ListHandshakesForOrganizationOutput, bool) bool) error {
return c.ListHandshakesForOrganizationPagesWithContext(aws.BackgroundContext(), input, fn)
}
// ListHandshakesForOrganizationPagesWithContext same as ListHandshakesForOrganizationPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) ListHandshakesForOrganizationPagesWithContext(ctx aws.Context, input *ListHandshakesForOrganizationInput, fn func(*ListHandshakesForOrganizationOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
var inCpy *ListHandshakesForOrganizationInput
if input != nil {
tmp := *input
inCpy = &tmp
}
req, _ := c.ListHandshakesForOrganizationRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
},
}
for p.Next() {
if !fn(p.Page().(*ListHandshakesForOrganizationOutput), !p.HasNextPage()) {
break
}
}
return p.Err()
}
const opListOrganizationalUnitsForParent = "ListOrganizationalUnitsForParent"
// ListOrganizationalUnitsForParentRequest generates a "aws/request.Request" representing the
// client's request for the ListOrganizationalUnitsForParent operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListOrganizationalUnitsForParent for more information on using the ListOrganizationalUnitsForParent
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the ListOrganizationalUnitsForParentRequest method.
// req, resp := client.ListOrganizationalUnitsForParentRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListOrganizationalUnitsForParent
func (c *Organizations) ListOrganizationalUnitsForParentRequest(input *ListOrganizationalUnitsForParentInput) (req *request.Request, output *ListOrganizationalUnitsForParentOutput) {
op := &request.Operation{
Name: opListOrganizationalUnitsForParent,
HTTPMethod: "POST",
HTTPPath: "/",
Paginator: &request.Paginator{
InputTokens: []string{"NextToken"},
OutputTokens: []string{"NextToken"},
LimitToken: "MaxResults",
TruncationToken: "",
},
}
if input == nil {
input = &ListOrganizationalUnitsForParentInput{}
}
output = &ListOrganizationalUnitsForParentOutput{}
req = c.newRequest(op, input, output)
return
}
// ListOrganizationalUnitsForParent API operation for AWS Organizations.
//
// Lists the organizational units (OUs) in a parent organizational unit or root.
//
// Always check the NextToken response parameter for a null value when calling
// a List* operation. These operations can occasionally return an empty set
// of results even when there are more results available. The NextToken response
// parameter value is null only when there are no more results to display.
//
// This operation can be called only from the organization's management account
// or by a member account that is a delegated administrator for an Amazon Web
// Services service.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation ListOrganizationalUnitsForParent for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - ParentNotFoundException
// We can't find a root or OU with the ParentId that you specified.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListOrganizationalUnitsForParent
func (c *Organizations) ListOrganizationalUnitsForParent(input *ListOrganizationalUnitsForParentInput) (*ListOrganizationalUnitsForParentOutput, error) {
req, out := c.ListOrganizationalUnitsForParentRequest(input)
return out, req.Send()
}
// ListOrganizationalUnitsForParentWithContext is the same as ListOrganizationalUnitsForParent with the addition of
// the ability to pass a context and additional request options.
//
// See ListOrganizationalUnitsForParent for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) ListOrganizationalUnitsForParentWithContext(ctx aws.Context, input *ListOrganizationalUnitsForParentInput, opts ...request.Option) (*ListOrganizationalUnitsForParentOutput, error) {
req, out := c.ListOrganizationalUnitsForParentRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
// ListOrganizationalUnitsForParentPages iterates over the pages of a ListOrganizationalUnitsForParent operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListOrganizationalUnitsForParent method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
// // Example iterating over at most 3 pages of a ListOrganizationalUnitsForParent operation.
// pageNum := 0
// err := client.ListOrganizationalUnitsForParentPages(params,
// func(page *organizations.ListOrganizationalUnitsForParentOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
func (c *Organizations) ListOrganizationalUnitsForParentPages(input *ListOrganizationalUnitsForParentInput, fn func(*ListOrganizationalUnitsForParentOutput, bool) bool) error {
return c.ListOrganizationalUnitsForParentPagesWithContext(aws.BackgroundContext(), input, fn)
}
// ListOrganizationalUnitsForParentPagesWithContext same as ListOrganizationalUnitsForParentPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) ListOrganizationalUnitsForParentPagesWithContext(ctx aws.Context, input *ListOrganizationalUnitsForParentInput, fn func(*ListOrganizationalUnitsForParentOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
var inCpy *ListOrganizationalUnitsForParentInput
if input != nil {
tmp := *input
inCpy = &tmp
}
req, _ := c.ListOrganizationalUnitsForParentRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
},
}
for p.Next() {
if !fn(p.Page().(*ListOrganizationalUnitsForParentOutput), !p.HasNextPage()) {
break
}
}
return p.Err()
}
const opListParents = "ListParents"
// ListParentsRequest generates a "aws/request.Request" representing the
// client's request for the ListParents operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListParents for more information on using the ListParents
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the ListParentsRequest method.
// req, resp := client.ListParentsRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListParents
func (c *Organizations) ListParentsRequest(input *ListParentsInput) (req *request.Request, output *ListParentsOutput) {
op := &request.Operation{
Name: opListParents,
HTTPMethod: "POST",
HTTPPath: "/",
Paginator: &request.Paginator{
InputTokens: []string{"NextToken"},
OutputTokens: []string{"NextToken"},
LimitToken: "MaxResults",
TruncationToken: "",
},
}
if input == nil {
input = &ListParentsInput{}
}
output = &ListParentsOutput{}
req = c.newRequest(op, input, output)
return
}
// ListParents API operation for AWS Organizations.
//
// Lists the root or organizational units (OUs) that serve as the immediate
// parent of the specified child OU or account. This operation, along with ListChildren
// enables you to traverse the tree structure that makes up this root.
//
// Always check the NextToken response parameter for a null value when calling
// a List* operation. These operations can occasionally return an empty set
// of results even when there are more results available. The NextToken response
// parameter value is null only when there are no more results to display.
//
// This operation can be called only from the organization's management account
// or by a member account that is a delegated administrator for an Amazon Web
// Services service.
//
// In the current release, a child can have only a single parent.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation ListParents for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - ChildNotFoundException
// We can't find an organizational unit (OU) or Amazon Web Services account
// with the ChildId that you specified.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListParents
func (c *Organizations) ListParents(input *ListParentsInput) (*ListParentsOutput, error) {
req, out := c.ListParentsRequest(input)
return out, req.Send()
}
// ListParentsWithContext is the same as ListParents with the addition of
// the ability to pass a context and additional request options.
//
// See ListParents for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) ListParentsWithContext(ctx aws.Context, input *ListParentsInput, opts ...request.Option) (*ListParentsOutput, error) {
req, out := c.ListParentsRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
// ListParentsPages iterates over the pages of a ListParents operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListParents method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
// // Example iterating over at most 3 pages of a ListParents operation.
// pageNum := 0
// err := client.ListParentsPages(params,
// func(page *organizations.ListParentsOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
func (c *Organizations) ListParentsPages(input *ListParentsInput, fn func(*ListParentsOutput, bool) bool) error {
return c.ListParentsPagesWithContext(aws.BackgroundContext(), input, fn)
}
// ListParentsPagesWithContext same as ListParentsPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) ListParentsPagesWithContext(ctx aws.Context, input *ListParentsInput, fn func(*ListParentsOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
var inCpy *ListParentsInput
if input != nil {
tmp := *input
inCpy = &tmp
}
req, _ := c.ListParentsRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
},
}
for p.Next() {
if !fn(p.Page().(*ListParentsOutput), !p.HasNextPage()) {
break
}
}
return p.Err()
}
const opListPolicies = "ListPolicies"
// ListPoliciesRequest generates a "aws/request.Request" representing the
// client's request for the ListPolicies operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListPolicies for more information on using the ListPolicies
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the ListPoliciesRequest method.
// req, resp := client.ListPoliciesRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPolicies
func (c *Organizations) ListPoliciesRequest(input *ListPoliciesInput) (req *request.Request, output *ListPoliciesOutput) {
op := &request.Operation{
Name: opListPolicies,
HTTPMethod: "POST",
HTTPPath: "/",
Paginator: &request.Paginator{
InputTokens: []string{"NextToken"},
OutputTokens: []string{"NextToken"},
LimitToken: "MaxResults",
TruncationToken: "",
},
}
if input == nil {
input = &ListPoliciesInput{}
}
output = &ListPoliciesOutput{}
req = c.newRequest(op, input, output)
return
}
// ListPolicies API operation for AWS Organizations.
//
// Retrieves the list of all policies in an organization of a specified type.
//
// Always check the NextToken response parameter for a null value when calling
// a List* operation. These operations can occasionally return an empty set
// of results even when there are more results available. The NextToken response
// parameter value is null only when there are no more results to display.
//
// This operation can be called only from the organization's management account
// or by a member account that is a delegated administrator for an Amazon Web
// Services service.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation ListPolicies for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// - UnsupportedAPIEndpointException
// This action isn't available in the current Amazon Web Services Region.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPolicies
func (c *Organizations) ListPolicies(input *ListPoliciesInput) (*ListPoliciesOutput, error) {
req, out := c.ListPoliciesRequest(input)
return out, req.Send()
}
// ListPoliciesWithContext is the same as ListPolicies with the addition of
// the ability to pass a context and additional request options.
//
// See ListPolicies for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) ListPoliciesWithContext(ctx aws.Context, input *ListPoliciesInput, opts ...request.Option) (*ListPoliciesOutput, error) {
req, out := c.ListPoliciesRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
// ListPoliciesPages iterates over the pages of a ListPolicies operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListPolicies method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
// // Example iterating over at most 3 pages of a ListPolicies operation.
// pageNum := 0
// err := client.ListPoliciesPages(params,
// func(page *organizations.ListPoliciesOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
func (c *Organizations) ListPoliciesPages(input *ListPoliciesInput, fn func(*ListPoliciesOutput, bool) bool) error {
return c.ListPoliciesPagesWithContext(aws.BackgroundContext(), input, fn)
}
// ListPoliciesPagesWithContext same as ListPoliciesPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) ListPoliciesPagesWithContext(ctx aws.Context, input *ListPoliciesInput, fn func(*ListPoliciesOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
var inCpy *ListPoliciesInput
if input != nil {
tmp := *input
inCpy = &tmp
}
req, _ := c.ListPoliciesRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
},
}
for p.Next() {
if !fn(p.Page().(*ListPoliciesOutput), !p.HasNextPage()) {
break
}
}
return p.Err()
}
const opListPoliciesForTarget = "ListPoliciesForTarget"
// ListPoliciesForTargetRequest generates a "aws/request.Request" representing the
// client's request for the ListPoliciesForTarget operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListPoliciesForTarget for more information on using the ListPoliciesForTarget
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the ListPoliciesForTargetRequest method.
// req, resp := client.ListPoliciesForTargetRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPoliciesForTarget
func (c *Organizations) ListPoliciesForTargetRequest(input *ListPoliciesForTargetInput) (req *request.Request, output *ListPoliciesForTargetOutput) {
op := &request.Operation{
Name: opListPoliciesForTarget,
HTTPMethod: "POST",
HTTPPath: "/",
Paginator: &request.Paginator{
InputTokens: []string{"NextToken"},
OutputTokens: []string{"NextToken"},
LimitToken: "MaxResults",
TruncationToken: "",
},
}
if input == nil {
input = &ListPoliciesForTargetInput{}
}
output = &ListPoliciesForTargetOutput{}
req = c.newRequest(op, input, output)
return
}
// ListPoliciesForTarget API operation for AWS Organizations.
//
// Lists the policies that are directly attached to the specified target root,
// organizational unit (OU), or account. You must specify the policy type that
// you want included in the returned list.
//
// Always check the NextToken response parameter for a null value when calling
// a List* operation. These operations can occasionally return an empty set
// of results even when there are more results available. The NextToken response
// parameter value is null only when there are no more results to display.
//
// This operation can be called only from the organization's management account
// or by a member account that is a delegated administrator for an Amazon Web
// Services service.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation ListPoliciesForTarget for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TargetNotFoundException
// We can't find a root, OU, account, or policy with the TargetId that you specified.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// - UnsupportedAPIEndpointException
// This action isn't available in the current Amazon Web Services Region.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPoliciesForTarget
func (c *Organizations) ListPoliciesForTarget(input *ListPoliciesForTargetInput) (*ListPoliciesForTargetOutput, error) {
req, out := c.ListPoliciesForTargetRequest(input)
return out, req.Send()
}
// ListPoliciesForTargetWithContext is the same as ListPoliciesForTarget with the addition of
// the ability to pass a context and additional request options.
//
// See ListPoliciesForTarget for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) ListPoliciesForTargetWithContext(ctx aws.Context, input *ListPoliciesForTargetInput, opts ...request.Option) (*ListPoliciesForTargetOutput, error) {
req, out := c.ListPoliciesForTargetRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
// ListPoliciesForTargetPages iterates over the pages of a ListPoliciesForTarget operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListPoliciesForTarget method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
// // Example iterating over at most 3 pages of a ListPoliciesForTarget operation.
// pageNum := 0
// err := client.ListPoliciesForTargetPages(params,
// func(page *organizations.ListPoliciesForTargetOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
func (c *Organizations) ListPoliciesForTargetPages(input *ListPoliciesForTargetInput, fn func(*ListPoliciesForTargetOutput, bool) bool) error {
return c.ListPoliciesForTargetPagesWithContext(aws.BackgroundContext(), input, fn)
}
// ListPoliciesForTargetPagesWithContext same as ListPoliciesForTargetPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) ListPoliciesForTargetPagesWithContext(ctx aws.Context, input *ListPoliciesForTargetInput, fn func(*ListPoliciesForTargetOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
var inCpy *ListPoliciesForTargetInput
if input != nil {
tmp := *input
inCpy = &tmp
}
req, _ := c.ListPoliciesForTargetRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
},
}
for p.Next() {
if !fn(p.Page().(*ListPoliciesForTargetOutput), !p.HasNextPage()) {
break
}
}
return p.Err()
}
const opListRoots = "ListRoots"
// ListRootsRequest generates a "aws/request.Request" representing the
// client's request for the ListRoots operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListRoots for more information on using the ListRoots
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the ListRootsRequest method.
// req, resp := client.ListRootsRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListRoots
func (c *Organizations) ListRootsRequest(input *ListRootsInput) (req *request.Request, output *ListRootsOutput) {
op := &request.Operation{
Name: opListRoots,
HTTPMethod: "POST",
HTTPPath: "/",
Paginator: &request.Paginator{
InputTokens: []string{"NextToken"},
OutputTokens: []string{"NextToken"},
LimitToken: "MaxResults",
TruncationToken: "",
},
}
if input == nil {
input = &ListRootsInput{}
}
output = &ListRootsOutput{}
req = c.newRequest(op, input, output)
return
}
// ListRoots API operation for AWS Organizations.
//
// Lists the roots that are defined in the current organization.
//
// Always check the NextToken response parameter for a null value when calling
// a List* operation. These operations can occasionally return an empty set
// of results even when there are more results available. The NextToken response
// parameter value is null only when there are no more results to display.
//
// This operation can be called only from the organization's management account
// or by a member account that is a delegated administrator for an Amazon Web
// Services service.
//
// Policy types can be enabled and disabled in roots. This is distinct from
// whether they're available in the organization. When you enable all features,
// you make policy types available for use in that organization. Individual
// policy types can then be enabled and disabled in a root. To see the availability
// of a policy type in an organization, use DescribeOrganization.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation ListRoots for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListRoots
func (c *Organizations) ListRoots(input *ListRootsInput) (*ListRootsOutput, error) {
req, out := c.ListRootsRequest(input)
return out, req.Send()
}
// ListRootsWithContext is the same as ListRoots with the addition of
// the ability to pass a context and additional request options.
//
// See ListRoots for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) ListRootsWithContext(ctx aws.Context, input *ListRootsInput, opts ...request.Option) (*ListRootsOutput, error) {
req, out := c.ListRootsRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
// ListRootsPages iterates over the pages of a ListRoots operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListRoots method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
// // Example iterating over at most 3 pages of a ListRoots operation.
// pageNum := 0
// err := client.ListRootsPages(params,
// func(page *organizations.ListRootsOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
func (c *Organizations) ListRootsPages(input *ListRootsInput, fn func(*ListRootsOutput, bool) bool) error {
return c.ListRootsPagesWithContext(aws.BackgroundContext(), input, fn)
}
// ListRootsPagesWithContext same as ListRootsPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) ListRootsPagesWithContext(ctx aws.Context, input *ListRootsInput, fn func(*ListRootsOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
var inCpy *ListRootsInput
if input != nil {
tmp := *input
inCpy = &tmp
}
req, _ := c.ListRootsRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
},
}
for p.Next() {
if !fn(p.Page().(*ListRootsOutput), !p.HasNextPage()) {
break
}
}
return p.Err()
}
const opListTagsForResource = "ListTagsForResource"
// ListTagsForResourceRequest generates a "aws/request.Request" representing the
// client's request for the ListTagsForResource operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListTagsForResource for more information on using the ListTagsForResource
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the ListTagsForResourceRequest method.
// req, resp := client.ListTagsForResourceRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTagsForResource
func (c *Organizations) ListTagsForResourceRequest(input *ListTagsForResourceInput) (req *request.Request, output *ListTagsForResourceOutput) {
op := &request.Operation{
Name: opListTagsForResource,
HTTPMethod: "POST",
HTTPPath: "/",
Paginator: &request.Paginator{
InputTokens: []string{"NextToken"},
OutputTokens: []string{"NextToken"},
LimitToken: "",
TruncationToken: "",
},
}
if input == nil {
input = &ListTagsForResourceInput{}
}
output = &ListTagsForResourceOutput{}
req = c.newRequest(op, input, output)
return
}
// ListTagsForResource API operation for AWS Organizations.
//
// Lists tags that are attached to the specified resource.
//
// You can attach tags to the following resources in Organizations.
//
// - Amazon Web Services account
//
// - Organization root
//
// - Organizational unit (OU)
//
// - Policy (any type)
//
// This operation can be called only from the organization's management account
// or by a member account that is a delegated administrator for an Amazon Web
// Services service.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation ListTagsForResource for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - TargetNotFoundException
// We can't find a root, OU, account, or policy with the TargetId that you specified.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTagsForResource
func (c *Organizations) ListTagsForResource(input *ListTagsForResourceInput) (*ListTagsForResourceOutput, error) {
req, out := c.ListTagsForResourceRequest(input)
return out, req.Send()
}
// ListTagsForResourceWithContext is the same as ListTagsForResource with the addition of
// the ability to pass a context and additional request options.
//
// See ListTagsForResource for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) ListTagsForResourceWithContext(ctx aws.Context, input *ListTagsForResourceInput, opts ...request.Option) (*ListTagsForResourceOutput, error) {
req, out := c.ListTagsForResourceRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
// ListTagsForResourcePages iterates over the pages of a ListTagsForResource operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListTagsForResource method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
// // Example iterating over at most 3 pages of a ListTagsForResource operation.
// pageNum := 0
// err := client.ListTagsForResourcePages(params,
// func(page *organizations.ListTagsForResourceOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
func (c *Organizations) ListTagsForResourcePages(input *ListTagsForResourceInput, fn func(*ListTagsForResourceOutput, bool) bool) error {
return c.ListTagsForResourcePagesWithContext(aws.BackgroundContext(), input, fn)
}
// ListTagsForResourcePagesWithContext same as ListTagsForResourcePages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) ListTagsForResourcePagesWithContext(ctx aws.Context, input *ListTagsForResourceInput, fn func(*ListTagsForResourceOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
var inCpy *ListTagsForResourceInput
if input != nil {
tmp := *input
inCpy = &tmp
}
req, _ := c.ListTagsForResourceRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
},
}
for p.Next() {
if !fn(p.Page().(*ListTagsForResourceOutput), !p.HasNextPage()) {
break
}
}
return p.Err()
}
const opListTargetsForPolicy = "ListTargetsForPolicy"
// ListTargetsForPolicyRequest generates a "aws/request.Request" representing the
// client's request for the ListTargetsForPolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListTargetsForPolicy for more information on using the ListTargetsForPolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the ListTargetsForPolicyRequest method.
// req, resp := client.ListTargetsForPolicyRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTargetsForPolicy
func (c *Organizations) ListTargetsForPolicyRequest(input *ListTargetsForPolicyInput) (req *request.Request, output *ListTargetsForPolicyOutput) {
op := &request.Operation{
Name: opListTargetsForPolicy,
HTTPMethod: "POST",
HTTPPath: "/",
Paginator: &request.Paginator{
InputTokens: []string{"NextToken"},
OutputTokens: []string{"NextToken"},
LimitToken: "MaxResults",
TruncationToken: "",
},
}
if input == nil {
input = &ListTargetsForPolicyInput{}
}
output = &ListTargetsForPolicyOutput{}
req = c.newRequest(op, input, output)
return
}
// ListTargetsForPolicy API operation for AWS Organizations.
//
// Lists all the roots, organizational units (OUs), and accounts that the specified
// policy is attached to.
//
// Always check the NextToken response parameter for a null value when calling
// a List* operation. These operations can occasionally return an empty set
// of results even when there are more results available. The NextToken response
// parameter value is null only when there are no more results to display.
//
// This operation can be called only from the organization's management account
// or by a member account that is a delegated administrator for an Amazon Web
// Services service.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation ListTargetsForPolicy for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - PolicyNotFoundException
// We can't find a policy with the PolicyId that you specified.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// - UnsupportedAPIEndpointException
// This action isn't available in the current Amazon Web Services Region.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTargetsForPolicy
func (c *Organizations) ListTargetsForPolicy(input *ListTargetsForPolicyInput) (*ListTargetsForPolicyOutput, error) {
req, out := c.ListTargetsForPolicyRequest(input)
return out, req.Send()
}
// ListTargetsForPolicyWithContext is the same as ListTargetsForPolicy with the addition of
// the ability to pass a context and additional request options.
//
// See ListTargetsForPolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) ListTargetsForPolicyWithContext(ctx aws.Context, input *ListTargetsForPolicyInput, opts ...request.Option) (*ListTargetsForPolicyOutput, error) {
req, out := c.ListTargetsForPolicyRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
// ListTargetsForPolicyPages iterates over the pages of a ListTargetsForPolicy operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListTargetsForPolicy method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
// // Example iterating over at most 3 pages of a ListTargetsForPolicy operation.
// pageNum := 0
// err := client.ListTargetsForPolicyPages(params,
// func(page *organizations.ListTargetsForPolicyOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
func (c *Organizations) ListTargetsForPolicyPages(input *ListTargetsForPolicyInput, fn func(*ListTargetsForPolicyOutput, bool) bool) error {
return c.ListTargetsForPolicyPagesWithContext(aws.BackgroundContext(), input, fn)
}
// ListTargetsForPolicyPagesWithContext same as ListTargetsForPolicyPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) ListTargetsForPolicyPagesWithContext(ctx aws.Context, input *ListTargetsForPolicyInput, fn func(*ListTargetsForPolicyOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
var inCpy *ListTargetsForPolicyInput
if input != nil {
tmp := *input
inCpy = &tmp
}
req, _ := c.ListTargetsForPolicyRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
},
}
for p.Next() {
if !fn(p.Page().(*ListTargetsForPolicyOutput), !p.HasNextPage()) {
break
}
}
return p.Err()
}
const opMoveAccount = "MoveAccount"
// MoveAccountRequest generates a "aws/request.Request" representing the
// client's request for the MoveAccount operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See MoveAccount for more information on using the MoveAccount
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the MoveAccountRequest method.
// req, resp := client.MoveAccountRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/MoveAccount
func (c *Organizations) MoveAccountRequest(input *MoveAccountInput) (req *request.Request, output *MoveAccountOutput) {
op := &request.Operation{
Name: opMoveAccount,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &MoveAccountInput{}
}
output = &MoveAccountOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
return
}
// MoveAccount API operation for AWS Organizations.
//
// Moves an account from its current source parent root or organizational unit
// (OU) to the specified destination parent root or OU.
//
// This operation can be called only from the organization's management account.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation MoveAccount for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - SourceParentNotFoundException
// We can't find a source root or OU with the ParentId that you specified.
//
// - DestinationParentNotFoundException
// We can't find the destination container (a root or OU) with the ParentId
// that you specified.
//
// - DuplicateAccountException
// That account is already present in the specified destination.
//
// - AccountNotFoundException
// We can't find an Amazon Web Services account with the AccountId that you
// specified, or the account whose credentials you used to make this request
// isn't a member of an organization.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/MoveAccount
func (c *Organizations) MoveAccount(input *MoveAccountInput) (*MoveAccountOutput, error) {
req, out := c.MoveAccountRequest(input)
return out, req.Send()
}
// MoveAccountWithContext is the same as MoveAccount with the addition of
// the ability to pass a context and additional request options.
//
// See MoveAccount for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) MoveAccountWithContext(ctx aws.Context, input *MoveAccountInput, opts ...request.Option) (*MoveAccountOutput, error) {
req, out := c.MoveAccountRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opPutResourcePolicy = "PutResourcePolicy"
// PutResourcePolicyRequest generates a "aws/request.Request" representing the
// client's request for the PutResourcePolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See PutResourcePolicy for more information on using the PutResourcePolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the PutResourcePolicyRequest method.
// req, resp := client.PutResourcePolicyRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/PutResourcePolicy
func (c *Organizations) PutResourcePolicyRequest(input *PutResourcePolicyInput) (req *request.Request, output *PutResourcePolicyOutput) {
op := &request.Operation{
Name: opPutResourcePolicy,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &PutResourcePolicyInput{}
}
output = &PutResourcePolicyOutput{}
req = c.newRequest(op, input, output)
return
}
// PutResourcePolicy API operation for AWS Organizations.
//
// Creates or updates a resource policy.
//
// You can only call this operation from the organization's management account.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation PutResourcePolicy for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - UnsupportedAPIEndpointException
// This action isn't available in the current Amazon Web Services Region.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - ConstraintViolationException
// Performing this operation violates a minimum or maximum value limit. For
// example, attempting to remove the last service control policy (SCP) from
// an OU or root, inviting or creating too many accounts to the organization,
// or attaching too many policies to an account, OU, or root. This exception
// includes a reason that contains additional information about the violated
// limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
// account from the organization. You can't remove the management account.
// Instead, after you remove all member accounts, delete the organization
// itself.
//
// - ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
// an account from the organization that doesn't yet have enough information
// to exist as a standalone account. This account requires you to first complete
// phone verification. Follow the steps at Removing a member account from
// your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
// in the Organizations User Guide.
//
// - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can create in one day.
//
// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or
// your account isn't fully active. You must complete the account setup before
// you create an organization.
//
// - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. If you need more accounts,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/)
// to request an increase in your limit. Or the number of invitations that
// you tried to send would cause you to exceed the limit of accounts in your
// organization. Send fewer invitations or contact Amazon Web Services Support
// to request an increase in the number of accounts. Deleted and closed accounts
// still count toward your limit. If you get this exception when running
// a command immediately after creating the organization, wait one hour and
// try again. After an hour, if the command continues to fail with this error,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/).
//
// - CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot
// register a suspended account as a delegated administrator.
//
// - CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
// register the management account of the organization as a delegated administrator
// for an Amazon Web Services service integrated with Organizations. You
// can designate only a member account as a delegated administrator.
//
// - CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management
// account. To close the management account for the organization, you must
// first either remove or close all member accounts in the organization.
// Follow standard account closure process using root credentials.
//
// - CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
// an account that is registered as a delegated administrator for a service
// integrated with your organization. To complete this operation, you must
// first deregister this account as a delegated administrator.
//
// - CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota
// for the past 30 days.
//
// - CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can close at a time.
//
// - CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
// organization in the specified region, you must enable all features mode.
//
// - DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
// an Amazon Web Services account as a delegated administrator for an Amazon
// Web Services service that already has a delegated administrator. To complete
// this operation, you must first deregister any existing delegated administrators
// for this service.
//
// - EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
// valid for a limited period of time. You must resubmit the request and
// generate a new verfication code.
//
// - HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// - INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no
// supported payment method is associated with the account. Amazon Web Services
// does not support cards issued by financial institutions in Russia or Belarus.
// For more information, see Managing your Amazon Web Services payments (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-general.html).
//
// - MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
// in this organization, you first must migrate the organization's management
// account to the marketplace that corresponds to the management account's
// address. All accounts in an organization must be associated with the same
// marketplace.
//
// - MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon
// Web Services Regions in China. To create an organization, the master must
// have a valid business license. For more information, contact customer
// support.
//
// - MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
// must first provide a valid contact address and phone number for the management
// account. Then try the operation again.
//
// - MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
// management account must have an associated account in the Amazon Web Services
// GovCloud (US-West) Region. For more information, see Organizations (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
// in the Amazon Web Services GovCloud User Guide.
//
// - MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
// with this management account, you first must associate a valid payment
// instrument, such as a credit card, with the account. For more information,
// see Considerations before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
// to register more delegated administrators than allowed for the service
// principal.
//
// - MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
// number of policies of a certain type that can be attached to an entity
// at one time.
//
// - MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
// on this resource.
//
// - MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
// with this member account, you first must associate a valid payment instrument,
// such as a credit card, with the account. For more information, see Considerations
// before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
// policy from an entity that would cause the entity to have fewer than the
// minimum number of policies of a certain type required.
//
// - ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
// that requires the organization to be configured to support all features.
// An organization that supports only consolidated billing features can't
// perform this operation.
//
// - OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
// too many levels deep.
//
// - OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
// that you can have in an organization.
//
// - POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
// is larger than the maximum size.
//
// - POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
// policies that you can have in an organization.
//
// - SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator
// before you enabled service access. Call the EnableAWSServiceAccess API
// first.
//
// - TAG_POLICY_VIOLATION: You attempted to create or update a resource with
// tags that are not compliant with the tag policy requirements for this
// account.
//
// - WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account,
// there is a waiting period before you can remove it from the organization.
// If you get an error that indicates that a wait period is required, try
// again in a few days.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/PutResourcePolicy
func (c *Organizations) PutResourcePolicy(input *PutResourcePolicyInput) (*PutResourcePolicyOutput, error) {
req, out := c.PutResourcePolicyRequest(input)
return out, req.Send()
}
// PutResourcePolicyWithContext is the same as PutResourcePolicy with the addition of
// the ability to pass a context and additional request options.
//
// See PutResourcePolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) PutResourcePolicyWithContext(ctx aws.Context, input *PutResourcePolicyInput, opts ...request.Option) (*PutResourcePolicyOutput, error) {
req, out := c.PutResourcePolicyRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opRegisterDelegatedAdministrator = "RegisterDelegatedAdministrator"
// RegisterDelegatedAdministratorRequest generates a "aws/request.Request" representing the
// client's request for the RegisterDelegatedAdministrator operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See RegisterDelegatedAdministrator for more information on using the RegisterDelegatedAdministrator
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the RegisterDelegatedAdministratorRequest method.
// req, resp := client.RegisterDelegatedAdministratorRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RegisterDelegatedAdministrator
func (c *Organizations) RegisterDelegatedAdministratorRequest(input *RegisterDelegatedAdministratorInput) (req *request.Request, output *RegisterDelegatedAdministratorOutput) {
op := &request.Operation{
Name: opRegisterDelegatedAdministrator,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &RegisterDelegatedAdministratorInput{}
}
output = &RegisterDelegatedAdministratorOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
return
}
// RegisterDelegatedAdministrator API operation for AWS Organizations.
//
// Enables the specified member account to administer the Organizations features
// of the specified Amazon Web Services service. It grants read-only access
// to Organizations service data. The account still requires IAM permissions
// to access and administer the Amazon Web Services service.
//
// You can run this action only for Amazon Web Services services that support
// this feature. For a current list of services that support it, see the column
// Supports Delegated Administrator in the table at Amazon Web Services Services
// that you can use with Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html)
// in the Organizations User Guide.
//
// This operation can be called only from the organization's management account.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation RegisterDelegatedAdministrator for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AccountAlreadyRegisteredException
// The specified account is already a delegated administrator for this Amazon
// Web Services service.
//
// - AccountNotFoundException
// We can't find an Amazon Web Services account with the AccountId that you
// specified, or the account whose credentials you used to make this request
// isn't a member of an organization.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - ConstraintViolationException
// Performing this operation violates a minimum or maximum value limit. For
// example, attempting to remove the last service control policy (SCP) from
// an OU or root, inviting or creating too many accounts to the organization,
// or attaching too many policies to an account, OU, or root. This exception
// includes a reason that contains additional information about the violated
// limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
// account from the organization. You can't remove the management account.
// Instead, after you remove all member accounts, delete the organization
// itself.
//
// - ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
// an account from the organization that doesn't yet have enough information
// to exist as a standalone account. This account requires you to first complete
// phone verification. Follow the steps at Removing a member account from
// your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
// in the Organizations User Guide.
//
// - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can create in one day.
//
// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or
// your account isn't fully active. You must complete the account setup before
// you create an organization.
//
// - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. If you need more accounts,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/)
// to request an increase in your limit. Or the number of invitations that
// you tried to send would cause you to exceed the limit of accounts in your
// organization. Send fewer invitations or contact Amazon Web Services Support
// to request an increase in the number of accounts. Deleted and closed accounts
// still count toward your limit. If you get this exception when running
// a command immediately after creating the organization, wait one hour and
// try again. After an hour, if the command continues to fail with this error,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/).
//
// - CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot
// register a suspended account as a delegated administrator.
//
// - CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
// register the management account of the organization as a delegated administrator
// for an Amazon Web Services service integrated with Organizations. You
// can designate only a member account as a delegated administrator.
//
// - CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management
// account. To close the management account for the organization, you must
// first either remove or close all member accounts in the organization.
// Follow standard account closure process using root credentials.
//
// - CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
// an account that is registered as a delegated administrator for a service
// integrated with your organization. To complete this operation, you must
// first deregister this account as a delegated administrator.
//
// - CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota
// for the past 30 days.
//
// - CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can close at a time.
//
// - CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
// organization in the specified region, you must enable all features mode.
//
// - DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
// an Amazon Web Services account as a delegated administrator for an Amazon
// Web Services service that already has a delegated administrator. To complete
// this operation, you must first deregister any existing delegated administrators
// for this service.
//
// - EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
// valid for a limited period of time. You must resubmit the request and
// generate a new verfication code.
//
// - HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// - INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no
// supported payment method is associated with the account. Amazon Web Services
// does not support cards issued by financial institutions in Russia or Belarus.
// For more information, see Managing your Amazon Web Services payments (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-general.html).
//
// - MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
// in this organization, you first must migrate the organization's management
// account to the marketplace that corresponds to the management account's
// address. All accounts in an organization must be associated with the same
// marketplace.
//
// - MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon
// Web Services Regions in China. To create an organization, the master must
// have a valid business license. For more information, contact customer
// support.
//
// - MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
// must first provide a valid contact address and phone number for the management
// account. Then try the operation again.
//
// - MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
// management account must have an associated account in the Amazon Web Services
// GovCloud (US-West) Region. For more information, see Organizations (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
// in the Amazon Web Services GovCloud User Guide.
//
// - MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
// with this management account, you first must associate a valid payment
// instrument, such as a credit card, with the account. For more information,
// see Considerations before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
// to register more delegated administrators than allowed for the service
// principal.
//
// - MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
// number of policies of a certain type that can be attached to an entity
// at one time.
//
// - MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
// on this resource.
//
// - MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
// with this member account, you first must associate a valid payment instrument,
// such as a credit card, with the account. For more information, see Considerations
// before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
// policy from an entity that would cause the entity to have fewer than the
// minimum number of policies of a certain type required.
//
// - ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
// that requires the organization to be configured to support all features.
// An organization that supports only consolidated billing features can't
// perform this operation.
//
// - OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
// too many levels deep.
//
// - OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
// that you can have in an organization.
//
// - POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
// is larger than the maximum size.
//
// - POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
// policies that you can have in an organization.
//
// - SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator
// before you enabled service access. Call the EnableAWSServiceAccess API
// first.
//
// - TAG_POLICY_VIOLATION: You attempted to create or update a resource with
// tags that are not compliant with the tag policy requirements for this
// account.
//
// - WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account,
// there is a waiting period before you can remove it from the organization.
// If you get an error that indicates that a wait period is required, try
// again in a few days.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - UnsupportedAPIEndpointException
// This action isn't available in the current Amazon Web Services Region.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RegisterDelegatedAdministrator
func (c *Organizations) RegisterDelegatedAdministrator(input *RegisterDelegatedAdministratorInput) (*RegisterDelegatedAdministratorOutput, error) {
req, out := c.RegisterDelegatedAdministratorRequest(input)
return out, req.Send()
}
// RegisterDelegatedAdministratorWithContext is the same as RegisterDelegatedAdministrator with the addition of
// the ability to pass a context and additional request options.
//
// See RegisterDelegatedAdministrator for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) RegisterDelegatedAdministratorWithContext(ctx aws.Context, input *RegisterDelegatedAdministratorInput, opts ...request.Option) (*RegisterDelegatedAdministratorOutput, error) {
req, out := c.RegisterDelegatedAdministratorRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opRemoveAccountFromOrganization = "RemoveAccountFromOrganization"
// RemoveAccountFromOrganizationRequest generates a "aws/request.Request" representing the
// client's request for the RemoveAccountFromOrganization operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See RemoveAccountFromOrganization for more information on using the RemoveAccountFromOrganization
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the RemoveAccountFromOrganizationRequest method.
// req, resp := client.RemoveAccountFromOrganizationRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RemoveAccountFromOrganization
func (c *Organizations) RemoveAccountFromOrganizationRequest(input *RemoveAccountFromOrganizationInput) (req *request.Request, output *RemoveAccountFromOrganizationOutput) {
op := &request.Operation{
Name: opRemoveAccountFromOrganization,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &RemoveAccountFromOrganizationInput{}
}
output = &RemoveAccountFromOrganizationOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
return
}
// RemoveAccountFromOrganization API operation for AWS Organizations.
//
// Removes the specified account from the organization.
//
// The removed account becomes a standalone account that isn't a member of any
// organization. It's no longer subject to any policies and is responsible for
// its own bill payments. The organization's management account is no longer
// charged for any expenses accrued by the member account after it's removed
// from the organization.
//
// This operation can be called only from the organization's management account.
// Member accounts can remove themselves with LeaveOrganization instead.
//
// - You can remove an account from your organization only if the account
// is configured with the information required to operate as a standalone
// account. When you create an account in an organization using the Organizations
// console, API, or CLI commands, the information required of standalone
// accounts is not automatically collected. For more information, see Considerations
// before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - The account that you want to leave must not be a delegated administrator
// account for any Amazon Web Services service enabled for your organization.
// If the account is a delegated administrator, you must first change the
// delegated administrator account to another account that is remaining in
// the organization.
//
// - After the account leaves the organization, all tags that were attached
// to the account object in the organization are deleted. Amazon Web Services
// accounts outside of an organization do not support tags.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation RemoveAccountFromOrganization for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AccountNotFoundException
// We can't find an Amazon Web Services account with the AccountId that you
// specified, or the account whose credentials you used to make this request
// isn't a member of an organization.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - ConstraintViolationException
// Performing this operation violates a minimum or maximum value limit. For
// example, attempting to remove the last service control policy (SCP) from
// an OU or root, inviting or creating too many accounts to the organization,
// or attaching too many policies to an account, OU, or root. This exception
// includes a reason that contains additional information about the violated
// limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
// account from the organization. You can't remove the management account.
// Instead, after you remove all member accounts, delete the organization
// itself.
//
// - ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
// an account from the organization that doesn't yet have enough information
// to exist as a standalone account. This account requires you to first complete
// phone verification. Follow the steps at Removing a member account from
// your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
// in the Organizations User Guide.
//
// - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can create in one day.
//
// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or
// your account isn't fully active. You must complete the account setup before
// you create an organization.
//
// - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. If you need more accounts,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/)
// to request an increase in your limit. Or the number of invitations that
// you tried to send would cause you to exceed the limit of accounts in your
// organization. Send fewer invitations or contact Amazon Web Services Support
// to request an increase in the number of accounts. Deleted and closed accounts
// still count toward your limit. If you get this exception when running
// a command immediately after creating the organization, wait one hour and
// try again. After an hour, if the command continues to fail with this error,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/).
//
// - CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot
// register a suspended account as a delegated administrator.
//
// - CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
// register the management account of the organization as a delegated administrator
// for an Amazon Web Services service integrated with Organizations. You
// can designate only a member account as a delegated administrator.
//
// - CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management
// account. To close the management account for the organization, you must
// first either remove or close all member accounts in the organization.
// Follow standard account closure process using root credentials.
//
// - CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
// an account that is registered as a delegated administrator for a service
// integrated with your organization. To complete this operation, you must
// first deregister this account as a delegated administrator.
//
// - CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota
// for the past 30 days.
//
// - CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can close at a time.
//
// - CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
// organization in the specified region, you must enable all features mode.
//
// - DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
// an Amazon Web Services account as a delegated administrator for an Amazon
// Web Services service that already has a delegated administrator. To complete
// this operation, you must first deregister any existing delegated administrators
// for this service.
//
// - EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
// valid for a limited period of time. You must resubmit the request and
// generate a new verfication code.
//
// - HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// - INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no
// supported payment method is associated with the account. Amazon Web Services
// does not support cards issued by financial institutions in Russia or Belarus.
// For more information, see Managing your Amazon Web Services payments (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-general.html).
//
// - MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
// in this organization, you first must migrate the organization's management
// account to the marketplace that corresponds to the management account's
// address. All accounts in an organization must be associated with the same
// marketplace.
//
// - MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon
// Web Services Regions in China. To create an organization, the master must
// have a valid business license. For more information, contact customer
// support.
//
// - MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
// must first provide a valid contact address and phone number for the management
// account. Then try the operation again.
//
// - MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
// management account must have an associated account in the Amazon Web Services
// GovCloud (US-West) Region. For more information, see Organizations (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
// in the Amazon Web Services GovCloud User Guide.
//
// - MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
// with this management account, you first must associate a valid payment
// instrument, such as a credit card, with the account. For more information,
// see Considerations before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
// to register more delegated administrators than allowed for the service
// principal.
//
// - MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
// number of policies of a certain type that can be attached to an entity
// at one time.
//
// - MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
// on this resource.
//
// - MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
// with this member account, you first must associate a valid payment instrument,
// such as a credit card, with the account. For more information, see Considerations
// before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
// policy from an entity that would cause the entity to have fewer than the
// minimum number of policies of a certain type required.
//
// - ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
// that requires the organization to be configured to support all features.
// An organization that supports only consolidated billing features can't
// perform this operation.
//
// - OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
// too many levels deep.
//
// - OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
// that you can have in an organization.
//
// - POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
// is larger than the maximum size.
//
// - POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
// policies that you can have in an organization.
//
// - SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator
// before you enabled service access. Call the EnableAWSServiceAccess API
// first.
//
// - TAG_POLICY_VIOLATION: You attempted to create or update a resource with
// tags that are not compliant with the tag policy requirements for this
// account.
//
// - WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account,
// there is a waiting period before you can remove it from the organization.
// If you get an error that indicates that a wait period is required, try
// again in a few days.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - MasterCannotLeaveOrganizationException
// You can't remove a management account from an organization. If you want the
// management account to become a member account in another organization, you
// must first delete the current organization of the management account.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RemoveAccountFromOrganization
func (c *Organizations) RemoveAccountFromOrganization(input *RemoveAccountFromOrganizationInput) (*RemoveAccountFromOrganizationOutput, error) {
req, out := c.RemoveAccountFromOrganizationRequest(input)
return out, req.Send()
}
// RemoveAccountFromOrganizationWithContext is the same as RemoveAccountFromOrganization with the addition of
// the ability to pass a context and additional request options.
//
// See RemoveAccountFromOrganization for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) RemoveAccountFromOrganizationWithContext(ctx aws.Context, input *RemoveAccountFromOrganizationInput, opts ...request.Option) (*RemoveAccountFromOrganizationOutput, error) {
req, out := c.RemoveAccountFromOrganizationRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opTagResource = "TagResource"
// TagResourceRequest generates a "aws/request.Request" representing the
// client's request for the TagResource operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See TagResource for more information on using the TagResource
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the TagResourceRequest method.
// req, resp := client.TagResourceRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/TagResource
func (c *Organizations) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) {
op := &request.Operation{
Name: opTagResource,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &TagResourceInput{}
}
output = &TagResourceOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
return
}
// TagResource API operation for AWS Organizations.
//
// Adds one or more tags to the specified resource.
//
// Currently, you can attach tags to the following resources in Organizations.
//
// - Amazon Web Services account
//
// - Organization root
//
// - Organizational unit (OU)
//
// - Policy (any type)
//
// This operation can be called only from the organization's management account
// or by a member account that is a delegated administrator for an Amazon Web
// Services service.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation TagResource for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - TargetNotFoundException
// We can't find a root, OU, account, or policy with the TargetId that you specified.
//
// - ConstraintViolationException
// Performing this operation violates a minimum or maximum value limit. For
// example, attempting to remove the last service control policy (SCP) from
// an OU or root, inviting or creating too many accounts to the organization,
// or attaching too many policies to an account, OU, or root. This exception
// includes a reason that contains additional information about the violated
// limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
// account from the organization. You can't remove the management account.
// Instead, after you remove all member accounts, delete the organization
// itself.
//
// - ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
// an account from the organization that doesn't yet have enough information
// to exist as a standalone account. This account requires you to first complete
// phone verification. Follow the steps at Removing a member account from
// your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
// in the Organizations User Guide.
//
// - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can create in one day.
//
// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or
// your account isn't fully active. You must complete the account setup before
// you create an organization.
//
// - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. If you need more accounts,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/)
// to request an increase in your limit. Or the number of invitations that
// you tried to send would cause you to exceed the limit of accounts in your
// organization. Send fewer invitations or contact Amazon Web Services Support
// to request an increase in the number of accounts. Deleted and closed accounts
// still count toward your limit. If you get this exception when running
// a command immediately after creating the organization, wait one hour and
// try again. After an hour, if the command continues to fail with this error,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/).
//
// - CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot
// register a suspended account as a delegated administrator.
//
// - CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
// register the management account of the organization as a delegated administrator
// for an Amazon Web Services service integrated with Organizations. You
// can designate only a member account as a delegated administrator.
//
// - CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management
// account. To close the management account for the organization, you must
// first either remove or close all member accounts in the organization.
// Follow standard account closure process using root credentials.
//
// - CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
// an account that is registered as a delegated administrator for a service
// integrated with your organization. To complete this operation, you must
// first deregister this account as a delegated administrator.
//
// - CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota
// for the past 30 days.
//
// - CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can close at a time.
//
// - CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
// organization in the specified region, you must enable all features mode.
//
// - DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
// an Amazon Web Services account as a delegated administrator for an Amazon
// Web Services service that already has a delegated administrator. To complete
// this operation, you must first deregister any existing delegated administrators
// for this service.
//
// - EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
// valid for a limited period of time. You must resubmit the request and
// generate a new verfication code.
//
// - HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// - INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no
// supported payment method is associated with the account. Amazon Web Services
// does not support cards issued by financial institutions in Russia or Belarus.
// For more information, see Managing your Amazon Web Services payments (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-general.html).
//
// - MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
// in this organization, you first must migrate the organization's management
// account to the marketplace that corresponds to the management account's
// address. All accounts in an organization must be associated with the same
// marketplace.
//
// - MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon
// Web Services Regions in China. To create an organization, the master must
// have a valid business license. For more information, contact customer
// support.
//
// - MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
// must first provide a valid contact address and phone number for the management
// account. Then try the operation again.
//
// - MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
// management account must have an associated account in the Amazon Web Services
// GovCloud (US-West) Region. For more information, see Organizations (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
// in the Amazon Web Services GovCloud User Guide.
//
// - MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
// with this management account, you first must associate a valid payment
// instrument, such as a credit card, with the account. For more information,
// see Considerations before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
// to register more delegated administrators than allowed for the service
// principal.
//
// - MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
// number of policies of a certain type that can be attached to an entity
// at one time.
//
// - MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
// on this resource.
//
// - MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
// with this member account, you first must associate a valid payment instrument,
// such as a credit card, with the account. For more information, see Considerations
// before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
// policy from an entity that would cause the entity to have fewer than the
// minimum number of policies of a certain type required.
//
// - ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
// that requires the organization to be configured to support all features.
// An organization that supports only consolidated billing features can't
// perform this operation.
//
// - OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
// too many levels deep.
//
// - OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
// that you can have in an organization.
//
// - POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
// is larger than the maximum size.
//
// - POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
// policies that you can have in an organization.
//
// - SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator
// before you enabled service access. Call the EnableAWSServiceAccess API
// first.
//
// - TAG_POLICY_VIOLATION: You attempted to create or update a resource with
// tags that are not compliant with the tag policy requirements for this
// account.
//
// - WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account,
// there is a waiting period before you can remove it from the organization.
// If you get an error that indicates that a wait period is required, try
// again in a few days.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/TagResource
func (c *Organizations) TagResource(input *TagResourceInput) (*TagResourceOutput, error) {
req, out := c.TagResourceRequest(input)
return out, req.Send()
}
// TagResourceWithContext is the same as TagResource with the addition of
// the ability to pass a context and additional request options.
//
// See TagResource for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) {
req, out := c.TagResourceRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opUntagResource = "UntagResource"
// UntagResourceRequest generates a "aws/request.Request" representing the
// client's request for the UntagResource operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UntagResource for more information on using the UntagResource
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the UntagResourceRequest method.
// req, resp := client.UntagResourceRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UntagResource
func (c *Organizations) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) {
op := &request.Operation{
Name: opUntagResource,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &UntagResourceInput{}
}
output = &UntagResourceOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
return
}
// UntagResource API operation for AWS Organizations.
//
// Removes any tags with the specified keys from the specified resource.
//
// You can attach tags to the following resources in Organizations.
//
// - Amazon Web Services account
//
// - Organization root
//
// - Organizational unit (OU)
//
// - Policy (any type)
//
// This operation can be called only from the organization's management account
// or by a member account that is a delegated administrator for an Amazon Web
// Services service.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation UntagResource for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - TargetNotFoundException
// We can't find a root, OU, account, or policy with the TargetId that you specified.
//
// - ConstraintViolationException
// Performing this operation violates a minimum or maximum value limit. For
// example, attempting to remove the last service control policy (SCP) from
// an OU or root, inviting or creating too many accounts to the organization,
// or attaching too many policies to an account, OU, or root. This exception
// includes a reason that contains additional information about the violated
// limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
// account from the organization. You can't remove the management account.
// Instead, after you remove all member accounts, delete the organization
// itself.
//
// - ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
// an account from the organization that doesn't yet have enough information
// to exist as a standalone account. This account requires you to first complete
// phone verification. Follow the steps at Removing a member account from
// your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
// in the Organizations User Guide.
//
// - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can create in one day.
//
// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or
// your account isn't fully active. You must complete the account setup before
// you create an organization.
//
// - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. If you need more accounts,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/)
// to request an increase in your limit. Or the number of invitations that
// you tried to send would cause you to exceed the limit of accounts in your
// organization. Send fewer invitations or contact Amazon Web Services Support
// to request an increase in the number of accounts. Deleted and closed accounts
// still count toward your limit. If you get this exception when running
// a command immediately after creating the organization, wait one hour and
// try again. After an hour, if the command continues to fail with this error,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/).
//
// - CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot
// register a suspended account as a delegated administrator.
//
// - CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
// register the management account of the organization as a delegated administrator
// for an Amazon Web Services service integrated with Organizations. You
// can designate only a member account as a delegated administrator.
//
// - CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management
// account. To close the management account for the organization, you must
// first either remove or close all member accounts in the organization.
// Follow standard account closure process using root credentials.
//
// - CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
// an account that is registered as a delegated administrator for a service
// integrated with your organization. To complete this operation, you must
// first deregister this account as a delegated administrator.
//
// - CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota
// for the past 30 days.
//
// - CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can close at a time.
//
// - CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
// organization in the specified region, you must enable all features mode.
//
// - DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
// an Amazon Web Services account as a delegated administrator for an Amazon
// Web Services service that already has a delegated administrator. To complete
// this operation, you must first deregister any existing delegated administrators
// for this service.
//
// - EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
// valid for a limited period of time. You must resubmit the request and
// generate a new verfication code.
//
// - HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// - INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no
// supported payment method is associated with the account. Amazon Web Services
// does not support cards issued by financial institutions in Russia or Belarus.
// For more information, see Managing your Amazon Web Services payments (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-general.html).
//
// - MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
// in this organization, you first must migrate the organization's management
// account to the marketplace that corresponds to the management account's
// address. All accounts in an organization must be associated with the same
// marketplace.
//
// - MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon
// Web Services Regions in China. To create an organization, the master must
// have a valid business license. For more information, contact customer
// support.
//
// - MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
// must first provide a valid contact address and phone number for the management
// account. Then try the operation again.
//
// - MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
// management account must have an associated account in the Amazon Web Services
// GovCloud (US-West) Region. For more information, see Organizations (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
// in the Amazon Web Services GovCloud User Guide.
//
// - MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
// with this management account, you first must associate a valid payment
// instrument, such as a credit card, with the account. For more information,
// see Considerations before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
// to register more delegated administrators than allowed for the service
// principal.
//
// - MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
// number of policies of a certain type that can be attached to an entity
// at one time.
//
// - MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
// on this resource.
//
// - MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
// with this member account, you first must associate a valid payment instrument,
// such as a credit card, with the account. For more information, see Considerations
// before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
// policy from an entity that would cause the entity to have fewer than the
// minimum number of policies of a certain type required.
//
// - ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
// that requires the organization to be configured to support all features.
// An organization that supports only consolidated billing features can't
// perform this operation.
//
// - OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
// too many levels deep.
//
// - OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
// that you can have in an organization.
//
// - POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
// is larger than the maximum size.
//
// - POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
// policies that you can have in an organization.
//
// - SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator
// before you enabled service access. Call the EnableAWSServiceAccess API
// first.
//
// - TAG_POLICY_VIOLATION: You attempted to create or update a resource with
// tags that are not compliant with the tag policy requirements for this
// account.
//
// - WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account,
// there is a waiting period before you can remove it from the organization.
// If you get an error that indicates that a wait period is required, try
// again in a few days.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UntagResource
func (c *Organizations) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) {
req, out := c.UntagResourceRequest(input)
return out, req.Send()
}
// UntagResourceWithContext is the same as UntagResource with the addition of
// the ability to pass a context and additional request options.
//
// See UntagResource for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) {
req, out := c.UntagResourceRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opUpdateOrganizationalUnit = "UpdateOrganizationalUnit"
// UpdateOrganizationalUnitRequest generates a "aws/request.Request" representing the
// client's request for the UpdateOrganizationalUnit operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UpdateOrganizationalUnit for more information on using the UpdateOrganizationalUnit
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the UpdateOrganizationalUnitRequest method.
// req, resp := client.UpdateOrganizationalUnitRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdateOrganizationalUnit
func (c *Organizations) UpdateOrganizationalUnitRequest(input *UpdateOrganizationalUnitInput) (req *request.Request, output *UpdateOrganizationalUnitOutput) {
op := &request.Operation{
Name: opUpdateOrganizationalUnit,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &UpdateOrganizationalUnitInput{}
}
output = &UpdateOrganizationalUnitOutput{}
req = c.newRequest(op, input, output)
return
}
// UpdateOrganizationalUnit API operation for AWS Organizations.
//
// Renames the specified organizational unit (OU). The ID and ARN don't change.
// The child OUs and accounts remain in place, and any attached policies of
// the OU remain attached.
//
// This operation can be called only from the organization's management account.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation UpdateOrganizationalUnit for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - DuplicateOrganizationalUnitException
// An OU with the same name already exists.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - OrganizationalUnitNotFoundException
// We can't find an OU with the OrganizationalUnitId that you specified.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdateOrganizationalUnit
func (c *Organizations) UpdateOrganizationalUnit(input *UpdateOrganizationalUnitInput) (*UpdateOrganizationalUnitOutput, error) {
req, out := c.UpdateOrganizationalUnitRequest(input)
return out, req.Send()
}
// UpdateOrganizationalUnitWithContext is the same as UpdateOrganizationalUnit with the addition of
// the ability to pass a context and additional request options.
//
// See UpdateOrganizationalUnit for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) UpdateOrganizationalUnitWithContext(ctx aws.Context, input *UpdateOrganizationalUnitInput, opts ...request.Option) (*UpdateOrganizationalUnitOutput, error) {
req, out := c.UpdateOrganizationalUnitRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opUpdatePolicy = "UpdatePolicy"
// UpdatePolicyRequest generates a "aws/request.Request" representing the
// client's request for the UpdatePolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UpdatePolicy for more information on using the UpdatePolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the UpdatePolicyRequest method.
// req, resp := client.UpdatePolicyRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdatePolicy
func (c *Organizations) UpdatePolicyRequest(input *UpdatePolicyInput) (req *request.Request, output *UpdatePolicyOutput) {
op := &request.Operation{
Name: opUpdatePolicy,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &UpdatePolicyInput{}
}
output = &UpdatePolicyOutput{}
req = c.newRequest(op, input, output)
return
}
// UpdatePolicy API operation for AWS Organizations.
//
// Updates an existing policy with a new name, description, or content. If you
// don't supply any parameter, that value remains unchanged. You can't change
// a policy's type.
//
// This operation can be called only from the organization's management account
// or by a member account that is a delegated administrator for an Amazon Web
// Services service.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation UpdatePolicy for usage and error information.
//
// Returned Error Types:
//
// - AccessDeniedException
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// - AWSOrganizationsNotInUseException
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// - ConcurrentModificationException
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// - ConstraintViolationException
// Performing this operation violates a minimum or maximum value limit. For
// example, attempting to remove the last service control policy (SCP) from
// an OU or root, inviting or creating too many accounts to the organization,
// or attaching too many policies to an account, OU, or root. This exception
// includes a reason that contains additional information about the violated
// limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
// account from the organization. You can't remove the management account.
// Instead, after you remove all member accounts, delete the organization
// itself.
//
// - ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
// an account from the organization that doesn't yet have enough information
// to exist as a standalone account. This account requires you to first complete
// phone verification. Follow the steps at Removing a member account from
// your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
// in the Organizations User Guide.
//
// - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can create in one day.
//
// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or
// your account isn't fully active. You must complete the account setup before
// you create an organization.
//
// - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. If you need more accounts,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/)
// to request an increase in your limit. Or the number of invitations that
// you tried to send would cause you to exceed the limit of accounts in your
// organization. Send fewer invitations or contact Amazon Web Services Support
// to request an increase in the number of accounts. Deleted and closed accounts
// still count toward your limit. If you get this exception when running
// a command immediately after creating the organization, wait one hour and
// try again. After an hour, if the command continues to fail with this error,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/).
//
// - CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot
// register a suspended account as a delegated administrator.
//
// - CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
// register the management account of the organization as a delegated administrator
// for an Amazon Web Services service integrated with Organizations. You
// can designate only a member account as a delegated administrator.
//
// - CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management
// account. To close the management account for the organization, you must
// first either remove or close all member accounts in the organization.
// Follow standard account closure process using root credentials.
//
// - CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
// an account that is registered as a delegated administrator for a service
// integrated with your organization. To complete this operation, you must
// first deregister this account as a delegated administrator.
//
// - CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota
// for the past 30 days.
//
// - CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can close at a time.
//
// - CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
// organization in the specified region, you must enable all features mode.
//
// - DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
// an Amazon Web Services account as a delegated administrator for an Amazon
// Web Services service that already has a delegated administrator. To complete
// this operation, you must first deregister any existing delegated administrators
// for this service.
//
// - EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
// valid for a limited period of time. You must resubmit the request and
// generate a new verfication code.
//
// - HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// - INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no
// supported payment method is associated with the account. Amazon Web Services
// does not support cards issued by financial institutions in Russia or Belarus.
// For more information, see Managing your Amazon Web Services payments (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-general.html).
//
// - MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
// in this organization, you first must migrate the organization's management
// account to the marketplace that corresponds to the management account's
// address. All accounts in an organization must be associated with the same
// marketplace.
//
// - MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon
// Web Services Regions in China. To create an organization, the master must
// have a valid business license. For more information, contact customer
// support.
//
// - MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
// must first provide a valid contact address and phone number for the management
// account. Then try the operation again.
//
// - MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
// management account must have an associated account in the Amazon Web Services
// GovCloud (US-West) Region. For more information, see Organizations (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
// in the Amazon Web Services GovCloud User Guide.
//
// - MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
// with this management account, you first must associate a valid payment
// instrument, such as a credit card, with the account. For more information,
// see Considerations before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
// to register more delegated administrators than allowed for the service
// principal.
//
// - MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
// number of policies of a certain type that can be attached to an entity
// at one time.
//
// - MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
// on this resource.
//
// - MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
// with this member account, you first must associate a valid payment instrument,
// such as a credit card, with the account. For more information, see Considerations
// before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
// policy from an entity that would cause the entity to have fewer than the
// minimum number of policies of a certain type required.
//
// - ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
// that requires the organization to be configured to support all features.
// An organization that supports only consolidated billing features can't
// perform this operation.
//
// - OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
// too many levels deep.
//
// - OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
// that you can have in an organization.
//
// - POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
// is larger than the maximum size.
//
// - POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
// policies that you can have in an organization.
//
// - SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator
// before you enabled service access. Call the EnableAWSServiceAccess API
// first.
//
// - TAG_POLICY_VIOLATION: You attempted to create or update a resource with
// tags that are not compliant with the tag policy requirements for this
// account.
//
// - WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account,
// there is a waiting period before you can remove it from the organization.
// If you get an error that indicates that a wait period is required, try
// again in a few days.
//
// - DuplicatePolicyException
// A policy with the same name already exists.
//
// - InvalidInputException
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
//
// - MalformedPolicyDocumentException
// The provided policy document doesn't meet the requirements of the specified
// policy type. For example, the syntax might be incorrect. For details about
// service control policy syntax, see SCP syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_syntax.html)
// in the Organizations User Guide.
//
// - PolicyNotFoundException
// We can't find a policy with the PolicyId that you specified.
//
// - ServiceException
// Organizations can't complete your request because of an internal service
// error. Try again later.
//
// - TooManyRequestsException
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
//
// - UnsupportedAPIEndpointException
// This action isn't available in the current Amazon Web Services Region.
//
// - PolicyChangesInProgressException
// Changes to the effective policy are in progress, and its contents can't be
// returned. Try the operation again later.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdatePolicy
func (c *Organizations) UpdatePolicy(input *UpdatePolicyInput) (*UpdatePolicyOutput, error) {
req, out := c.UpdatePolicyRequest(input)
return out, req.Send()
}
// UpdatePolicyWithContext is the same as UpdatePolicy with the addition of
// the ability to pass a context and additional request options.
//
// See UpdatePolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) UpdatePolicyWithContext(ctx aws.Context, input *UpdatePolicyInput, opts ...request.Option) (*UpdatePolicyOutput, error) {
req, out := c.UpdatePolicyRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
type AWSOrganizationsNotInUseException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AWSOrganizationsNotInUseException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AWSOrganizationsNotInUseException) GoString() string {
return s.String()
}
func newErrorAWSOrganizationsNotInUseException(v protocol.ResponseMetadata) error {
return &AWSOrganizationsNotInUseException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *AWSOrganizationsNotInUseException) Code() string {
return "AWSOrganizationsNotInUseException"
}
// Message returns the exception's message.
func (s *AWSOrganizationsNotInUseException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *AWSOrganizationsNotInUseException) OrigErr() error {
return nil
}
func (s *AWSOrganizationsNotInUseException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *AWSOrganizationsNotInUseException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *AWSOrganizationsNotInUseException) RequestID() string {
return s.RespMetadata.RequestID
}
type AcceptHandshakeInput struct {
_ struct{} `type:"structure"`
// The unique identifier (ID) of the handshake that you want to accept.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
// requires "h-" followed by from 8 to 32 lowercase letters or digits.
//
// HandshakeId is a required field
HandshakeId *string `type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AcceptHandshakeInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AcceptHandshakeInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *AcceptHandshakeInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "AcceptHandshakeInput"}
if s.HandshakeId == nil {
invalidParams.Add(request.NewErrParamRequired("HandshakeId"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetHandshakeId sets the HandshakeId field's value.
func (s *AcceptHandshakeInput) SetHandshakeId(v string) *AcceptHandshakeInput {
s.HandshakeId = &v
return s
}
type AcceptHandshakeOutput struct {
_ struct{} `type:"structure"`
// A structure that contains details about the accepted handshake.
Handshake *Handshake `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AcceptHandshakeOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AcceptHandshakeOutput) GoString() string {
return s.String()
}
// SetHandshake sets the Handshake field's value.
func (s *AcceptHandshakeOutput) SetHandshake(v *Handshake) *AcceptHandshakeOutput {
s.Handshake = v
return s
}
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
type AccessDeniedException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AccessDeniedException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AccessDeniedException) GoString() string {
return s.String()
}
func newErrorAccessDeniedException(v protocol.ResponseMetadata) error {
return &AccessDeniedException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *AccessDeniedException) Code() string {
return "AccessDeniedException"
}
// Message returns the exception's message.
func (s *AccessDeniedException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *AccessDeniedException) OrigErr() error {
return nil
}
func (s *AccessDeniedException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *AccessDeniedException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *AccessDeniedException) RequestID() string {
return s.RespMetadata.RequestID
}
// The operation that you attempted requires you to have the iam:CreateServiceLinkedRole
// for organizations.amazonaws.com permission so that Organizations can create
// the required service-linked role. You don't have that permission.
type AccessDeniedForDependencyException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
Reason *string `type:"string" enum:"AccessDeniedForDependencyExceptionReason"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AccessDeniedForDependencyException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AccessDeniedForDependencyException) GoString() string {
return s.String()
}
func newErrorAccessDeniedForDependencyException(v protocol.ResponseMetadata) error {
return &AccessDeniedForDependencyException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *AccessDeniedForDependencyException) Code() string {
return "AccessDeniedForDependencyException"
}
// Message returns the exception's message.
func (s *AccessDeniedForDependencyException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *AccessDeniedForDependencyException) OrigErr() error {
return nil
}
func (s *AccessDeniedForDependencyException) Error() string {
return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
}
// Status code returns the HTTP status code for the request's response error.
func (s *AccessDeniedForDependencyException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *AccessDeniedForDependencyException) RequestID() string {
return s.RespMetadata.RequestID
}
// Contains information about an Amazon Web Services account that is a member
// of an organization.
type Account struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the account.
//
// For more information about ARNs in Organizations, see ARN Formats Supported
// by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies)
// in the Amazon Web Services Service Authorization Reference.
Arn *string `type:"string"`
// The email address associated with the Amazon Web Services account.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
// a string of characters that represents a standard internet email address.
//
// Email is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by Account's
// String and GoString methods.
Email *string `min:"6" type:"string" sensitive:"true"`
// The unique identifier (ID) of the account.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string
// requires exactly 12 digits.
Id *string `type:"string"`
// The method by which the account joined the organization.
JoinedMethod *string `type:"string" enum:"AccountJoinedMethod"`
// The date the account became a part of the organization.
JoinedTimestamp *time.Time `type:"timestamp"`
// The friendly name of the account.
//
// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
// this parameter is a string of any of the characters in the ASCII character
// range.
//
// Name is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by Account's
// String and GoString methods.
Name *string `min:"1" type:"string" sensitive:"true"`
// The status of the account in the organization.
Status *string `type:"string" enum:"AccountStatus"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Account) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Account) GoString() string {
return s.String()
}
// SetArn sets the Arn field's value.
func (s *Account) SetArn(v string) *Account {
s.Arn = &v
return s
}
// SetEmail sets the Email field's value.
func (s *Account) SetEmail(v string) *Account {
s.Email = &v
return s
}
// SetId sets the Id field's value.
func (s *Account) SetId(v string) *Account {
s.Id = &v
return s
}
// SetJoinedMethod sets the JoinedMethod field's value.
func (s *Account) SetJoinedMethod(v string) *Account {
s.JoinedMethod = &v
return s
}
// SetJoinedTimestamp sets the JoinedTimestamp field's value.
func (s *Account) SetJoinedTimestamp(v time.Time) *Account {
s.JoinedTimestamp = &v
return s
}
// SetName sets the Name field's value.
func (s *Account) SetName(v string) *Account {
s.Name = &v
return s
}
// SetStatus sets the Status field's value.
func (s *Account) SetStatus(v string) *Account {
s.Status = &v
return s
}
// You attempted to close an account that is already closed.
type AccountAlreadyClosedException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AccountAlreadyClosedException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AccountAlreadyClosedException) GoString() string {
return s.String()
}
func newErrorAccountAlreadyClosedException(v protocol.ResponseMetadata) error {
return &AccountAlreadyClosedException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *AccountAlreadyClosedException) Code() string {
return "AccountAlreadyClosedException"
}
// Message returns the exception's message.
func (s *AccountAlreadyClosedException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *AccountAlreadyClosedException) OrigErr() error {
return nil
}
func (s *AccountAlreadyClosedException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *AccountAlreadyClosedException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *AccountAlreadyClosedException) RequestID() string {
return s.RespMetadata.RequestID
}
// The specified account is already a delegated administrator for this Amazon
// Web Services service.
type AccountAlreadyRegisteredException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AccountAlreadyRegisteredException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AccountAlreadyRegisteredException) GoString() string {
return s.String()
}
func newErrorAccountAlreadyRegisteredException(v protocol.ResponseMetadata) error {
return &AccountAlreadyRegisteredException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *AccountAlreadyRegisteredException) Code() string {
return "AccountAlreadyRegisteredException"
}
// Message returns the exception's message.
func (s *AccountAlreadyRegisteredException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *AccountAlreadyRegisteredException) OrigErr() error {
return nil
}
func (s *AccountAlreadyRegisteredException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *AccountAlreadyRegisteredException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *AccountAlreadyRegisteredException) RequestID() string {
return s.RespMetadata.RequestID
}
// We can't find an Amazon Web Services account with the AccountId that you
// specified, or the account whose credentials you used to make this request
// isn't a member of an organization.
type AccountNotFoundException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AccountNotFoundException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AccountNotFoundException) GoString() string {
return s.String()
}
func newErrorAccountNotFoundException(v protocol.ResponseMetadata) error {
return &AccountNotFoundException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *AccountNotFoundException) Code() string {
return "AccountNotFoundException"
}
// Message returns the exception's message.
func (s *AccountNotFoundException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *AccountNotFoundException) OrigErr() error {
return nil
}
func (s *AccountNotFoundException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *AccountNotFoundException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *AccountNotFoundException) RequestID() string {
return s.RespMetadata.RequestID
}
// The specified account is not a delegated administrator for this Amazon Web
// Services service.
type AccountNotRegisteredException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AccountNotRegisteredException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AccountNotRegisteredException) GoString() string {
return s.String()
}
func newErrorAccountNotRegisteredException(v protocol.ResponseMetadata) error {
return &AccountNotRegisteredException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *AccountNotRegisteredException) Code() string {
return "AccountNotRegisteredException"
}
// Message returns the exception's message.
func (s *AccountNotRegisteredException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *AccountNotRegisteredException) OrigErr() error {
return nil
}
func (s *AccountNotRegisteredException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *AccountNotRegisteredException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *AccountNotRegisteredException) RequestID() string {
return s.RespMetadata.RequestID
}
// You can't invite an existing account to your organization until you verify
// that you own the email address associated with the management account. For
// more information, see Email address verification (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_create.html#about-email-verification)
// in the Organizations User Guide.
type AccountOwnerNotVerifiedException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AccountOwnerNotVerifiedException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AccountOwnerNotVerifiedException) GoString() string {
return s.String()
}
func newErrorAccountOwnerNotVerifiedException(v protocol.ResponseMetadata) error {
return &AccountOwnerNotVerifiedException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *AccountOwnerNotVerifiedException) Code() string {
return "AccountOwnerNotVerifiedException"
}
// Message returns the exception's message.
func (s *AccountOwnerNotVerifiedException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *AccountOwnerNotVerifiedException) OrigErr() error {
return nil
}
func (s *AccountOwnerNotVerifiedException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *AccountOwnerNotVerifiedException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *AccountOwnerNotVerifiedException) RequestID() string {
return s.RespMetadata.RequestID
}
// This account is already a member of an organization. An account can belong
// to only one organization at a time.
type AlreadyInOrganizationException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AlreadyInOrganizationException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AlreadyInOrganizationException) GoString() string {
return s.String()
}
func newErrorAlreadyInOrganizationException(v protocol.ResponseMetadata) error {
return &AlreadyInOrganizationException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *AlreadyInOrganizationException) Code() string {
return "AlreadyInOrganizationException"
}
// Message returns the exception's message.
func (s *AlreadyInOrganizationException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *AlreadyInOrganizationException) OrigErr() error {
return nil
}
func (s *AlreadyInOrganizationException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *AlreadyInOrganizationException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *AlreadyInOrganizationException) RequestID() string {
return s.RespMetadata.RequestID
}
type AttachPolicyInput struct {
_ struct{} `type:"structure"`
// The unique identifier (ID) of the policy that you want to attach to the target.
// You can get the ID for the policy by calling the ListPolicies operation.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
// requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits,
// or the underscore character (_).
//
// PolicyId is a required field
PolicyId *string `type:"string" required:"true"`
// The unique identifier (ID) of the root, OU, or account that you want to attach
// the policy to. You can get the ID by calling the ListRoots, ListOrganizationalUnitsForParent,
// or ListAccounts operations.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string
// requires one of the following:
//
// * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
// letters or digits.
//
// * Account - A string that consists of exactly 12 digits.
//
// * Organizational unit (OU) - A string that begins with "ou-" followed
// by from 4 to 32 lowercase letters or digits (the ID of the root that the
// OU is in). This string is followed by a second "-" dash and from 8 to
// 32 additional lowercase letters or digits.
//
// TargetId is a required field
TargetId *string `type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AttachPolicyInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AttachPolicyInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *AttachPolicyInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "AttachPolicyInput"}
if s.PolicyId == nil {
invalidParams.Add(request.NewErrParamRequired("PolicyId"))
}
if s.TargetId == nil {
invalidParams.Add(request.NewErrParamRequired("TargetId"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetPolicyId sets the PolicyId field's value.
func (s *AttachPolicyInput) SetPolicyId(v string) *AttachPolicyInput {
s.PolicyId = &v
return s
}
// SetTargetId sets the TargetId field's value.
func (s *AttachPolicyInput) SetTargetId(v string) *AttachPolicyInput {
s.TargetId = &v
return s
}
type AttachPolicyOutput struct {
_ struct{} `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AttachPolicyOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AttachPolicyOutput) GoString() string {
return s.String()
}
type CancelHandshakeInput struct {
_ struct{} `type:"structure"`
// The unique identifier (ID) of the handshake that you want to cancel. You
// can get the ID from the ListHandshakesForOrganization operation.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
// requires "h-" followed by from 8 to 32 lowercase letters or digits.
//
// HandshakeId is a required field
HandshakeId *string `type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CancelHandshakeInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CancelHandshakeInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *CancelHandshakeInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "CancelHandshakeInput"}
if s.HandshakeId == nil {
invalidParams.Add(request.NewErrParamRequired("HandshakeId"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetHandshakeId sets the HandshakeId field's value.
func (s *CancelHandshakeInput) SetHandshakeId(v string) *CancelHandshakeInput {
s.HandshakeId = &v
return s
}
type CancelHandshakeOutput struct {
_ struct{} `type:"structure"`
// A structure that contains details about the handshake that you canceled.
Handshake *Handshake `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CancelHandshakeOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CancelHandshakeOutput) GoString() string {
return s.String()
}
// SetHandshake sets the Handshake field's value.
func (s *CancelHandshakeOutput) SetHandshake(v *Handshake) *CancelHandshakeOutput {
s.Handshake = v
return s
}
// Contains a list of child entities, either OUs or accounts.
type Child struct {
_ struct{} `type:"structure"`
// The unique identifier (ID) of this child entity.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for a child ID string
// requires one of the following:
//
// * Account - A string that consists of exactly 12 digits.
//
// * Organizational unit (OU) - A string that begins with "ou-" followed
// by from 4 to 32 lowercase letters or digits (the ID of the root that contains
// the OU). This string is followed by a second "-" dash and from 8 to 32
// additional lowercase letters or digits.
Id *string `type:"string"`
// The type of this child entity.
Type *string `type:"string" enum:"ChildType"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Child) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Child) GoString() string {
return s.String()
}
// SetId sets the Id field's value.
func (s *Child) SetId(v string) *Child {
s.Id = &v
return s
}
// SetType sets the Type field's value.
func (s *Child) SetType(v string) *Child {
s.Type = &v
return s
}
// We can't find an organizational unit (OU) or Amazon Web Services account
// with the ChildId that you specified.
type ChildNotFoundException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ChildNotFoundException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ChildNotFoundException) GoString() string {
return s.String()
}
func newErrorChildNotFoundException(v protocol.ResponseMetadata) error {
return &ChildNotFoundException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *ChildNotFoundException) Code() string {
return "ChildNotFoundException"
}
// Message returns the exception's message.
func (s *ChildNotFoundException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ChildNotFoundException) OrigErr() error {
return nil
}
func (s *ChildNotFoundException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *ChildNotFoundException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *ChildNotFoundException) RequestID() string {
return s.RespMetadata.RequestID
}
type CloseAccountInput struct {
_ struct{} `type:"structure"`
// Retrieves the Amazon Web Services account Id for the current CloseAccount
// API request.
//
// AccountId is a required field
AccountId *string `type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CloseAccountInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CloseAccountInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *CloseAccountInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "CloseAccountInput"}
if s.AccountId == nil {
invalidParams.Add(request.NewErrParamRequired("AccountId"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetAccountId sets the AccountId field's value.
func (s *CloseAccountInput) SetAccountId(v string) *CloseAccountInput {
s.AccountId = &v
return s
}
type CloseAccountOutput struct {
_ struct{} `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CloseAccountOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CloseAccountOutput) GoString() string {
return s.String()
}
// The target of the operation is currently being modified by a different request.
// Try again later.
type ConcurrentModificationException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ConcurrentModificationException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ConcurrentModificationException) GoString() string {
return s.String()
}
func newErrorConcurrentModificationException(v protocol.ResponseMetadata) error {
return &ConcurrentModificationException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *ConcurrentModificationException) Code() string {
return "ConcurrentModificationException"
}
// Message returns the exception's message.
func (s *ConcurrentModificationException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ConcurrentModificationException) OrigErr() error {
return nil
}
func (s *ConcurrentModificationException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *ConcurrentModificationException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *ConcurrentModificationException) RequestID() string {
return s.RespMetadata.RequestID
}
// The request failed because it conflicts with the current state of the specified
// resource.
type ConflictException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ConflictException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ConflictException) GoString() string {
return s.String()
}
func newErrorConflictException(v protocol.ResponseMetadata) error {
return &ConflictException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *ConflictException) Code() string {
return "ConflictException"
}
// Message returns the exception's message.
func (s *ConflictException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ConflictException) OrigErr() error {
return nil
}
func (s *ConflictException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *ConflictException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *ConflictException) RequestID() string {
return s.RespMetadata.RequestID
}
// Performing this operation violates a minimum or maximum value limit. For
// example, attempting to remove the last service control policy (SCP) from
// an OU or root, inviting or creating too many accounts to the organization,
// or attaching too many policies to an account, OU, or root. This exception
// includes a reason that contains additional information about the violated
// limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
// account from the organization. You can't remove the management account.
// Instead, after you remove all member accounts, delete the organization
// itself.
//
// - ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
// an account from the organization that doesn't yet have enough information
// to exist as a standalone account. This account requires you to first complete
// phone verification. Follow the steps at Removing a member account from
// your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
// in the Organizations User Guide.
//
// - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can create in one day.
//
// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or
// your account isn't fully active. You must complete the account setup before
// you create an organization.
//
// - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. If you need more accounts,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/)
// to request an increase in your limit. Or the number of invitations that
// you tried to send would cause you to exceed the limit of accounts in your
// organization. Send fewer invitations or contact Amazon Web Services Support
// to request an increase in the number of accounts. Deleted and closed accounts
// still count toward your limit. If you get this exception when running
// a command immediately after creating the organization, wait one hour and
// try again. After an hour, if the command continues to fail with this error,
// contact Amazon Web Services Support (https://console.aws.amazon.com/support/home#/).
//
// - CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot
// register a suspended account as a delegated administrator.
//
// - CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
// register the management account of the organization as a delegated administrator
// for an Amazon Web Services service integrated with Organizations. You
// can designate only a member account as a delegated administrator.
//
// - CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management
// account. To close the management account for the organization, you must
// first either remove or close all member accounts in the organization.
// Follow standard account closure process using root credentials.
//
// - CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
// an account that is registered as a delegated administrator for a service
// integrated with your organization. To complete this operation, you must
// first deregister this account as a delegated administrator.
//
// - CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota
// for the past 30 days.
//
// - CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can close at a time.
//
// - CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
// organization in the specified region, you must enable all features mode.
//
// - DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
// an Amazon Web Services account as a delegated administrator for an Amazon
// Web Services service that already has a delegated administrator. To complete
// this operation, you must first deregister any existing delegated administrators
// for this service.
//
// - EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
// valid for a limited period of time. You must resubmit the request and
// generate a new verfication code.
//
// - HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// - INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no
// supported payment method is associated with the account. Amazon Web Services
// does not support cards issued by financial institutions in Russia or Belarus.
// For more information, see Managing your Amazon Web Services payments (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-general.html).
//
// - MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
// in this organization, you first must migrate the organization's management
// account to the marketplace that corresponds to the management account's
// address. All accounts in an organization must be associated with the same
// marketplace.
//
// - MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon
// Web Services Regions in China. To create an organization, the master must
// have a valid business license. For more information, contact customer
// support.
//
// - MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
// must first provide a valid contact address and phone number for the management
// account. Then try the operation again.
//
// - MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
// management account must have an associated account in the Amazon Web Services
// GovCloud (US-West) Region. For more information, see Organizations (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
// in the Amazon Web Services GovCloud User Guide.
//
// - MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
// with this management account, you first must associate a valid payment
// instrument, such as a credit card, with the account. For more information,
// see Considerations before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
// to register more delegated administrators than allowed for the service
// principal.
//
// - MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
// number of policies of a certain type that can be attached to an entity
// at one time.
//
// - MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
// on this resource.
//
// - MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
// with this member account, you first must associate a valid payment instrument,
// such as a credit card, with the account. For more information, see Considerations
// before removing an account from an organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html)
// in the Organizations User Guide.
//
// - MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
// policy from an entity that would cause the entity to have fewer than the
// minimum number of policies of a certain type required.
//
// - ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
// that requires the organization to be configured to support all features.
// An organization that supports only consolidated billing features can't
// perform this operation.
//
// - OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
// too many levels deep.
//
// - OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
// that you can have in an organization.
//
// - POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
// is larger than the maximum size.
//
// - POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
// policies that you can have in an organization.
//
// - SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator
// before you enabled service access. Call the EnableAWSServiceAccess API
// first.
//
// - TAG_POLICY_VIOLATION: You attempted to create or update a resource with
// tags that are not compliant with the tag policy requirements for this
// account.
//
// - WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account,
// there is a waiting period before you can remove it from the organization.
// If you get an error that indicates that a wait period is required, try
// again in a few days.
type ConstraintViolationException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
Reason *string `type:"string" enum:"ConstraintViolationExceptionReason"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ConstraintViolationException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ConstraintViolationException) GoString() string {
return s.String()
}
func newErrorConstraintViolationException(v protocol.ResponseMetadata) error {
return &ConstraintViolationException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *ConstraintViolationException) Code() string {
return "ConstraintViolationException"
}
// Message returns the exception's message.
func (s *ConstraintViolationException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ConstraintViolationException) OrigErr() error {
return nil
}
func (s *ConstraintViolationException) Error() string {
return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
}
// Status code returns the HTTP status code for the request's response error.
func (s *ConstraintViolationException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *ConstraintViolationException) RequestID() string {
return s.RespMetadata.RequestID
}
type CreateAccountInput struct {
_ struct{} `type:"structure"`
// The friendly name of the member account.
//
// AccountName is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateAccountInput's
// String and GoString methods.
//
// AccountName is a required field
AccountName *string `min:"1" type:"string" required:"true" sensitive:"true"`
// The email address of the owner to assign to the new member account. This
// email address must not already be associated with another Amazon Web Services
// account. You must use a valid email address to complete account creation.
//
// The rules for a valid email address:
//
// * The address must be a minimum of 6 and a maximum of 64 characters long.
//
// * All characters must be 7-bit ASCII characters.
//
// * There must be one and only one @ symbol, which separates the local name
// from the domain name.
//
// * The local name can't contain any of the following characters: whitespace,
// " ' ( ) < > [ ] : ; , \ | % &
//
// * The local name can't begin with a dot (.)
//
// * The domain name can consist of only the characters [a-z],[A-Z],[0-9],
// hyphen (-), or dot (.)
//
// * The domain name can't begin or end with a hyphen (-) or dot (.)
//
// * The domain name must contain at least one dot
//
// You can't access the root user of the account or remove an account that was
// created with an invalid email address.
//
// Email is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateAccountInput's
// String and GoString methods.
//
// Email is a required field
Email *string `min:"6" type:"string" required:"true" sensitive:"true"`
// If set to ALLOW, the new account enables IAM users to access account billing
// information if they have the required permissions. If set to DENY, only the
// root user of the new account can access account billing information. For
// more information, see About IAM access to the Billing and Cost Management
// console (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate)
// in the Amazon Web Services Billing and Cost Management User Guide.
//
// If you don't specify this parameter, the value defaults to ALLOW, and IAM
// users and roles with the required permissions can access billing information
// for the new account.
IamUserAccessToBilling *string `type:"string" enum:"IAMUserAccessToBilling"`
// The name of an IAM role that Organizations automatically preconfigures in
// the new member account. This role trusts the management account, allowing
// users in the management account to assume the role, as permitted by the management
// account administrator. The role has administrator permissions in the new
// member account.
//
// If you don't specify this parameter, the role name defaults to OrganizationAccountAccessRole.
//
// For more information about how to use this role to access the member account,
// see the following links:
//
// * Creating the OrganizationAccountAccessRole in an invited member account
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role)
// in the Organizations User Guide
//
// * Steps 2 and 3 in IAM Tutorial: Delegate access across Amazon Web Services
// accounts using IAM roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html)
// in the IAM User Guide
//
// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
// this parameter. The pattern can include uppercase letters, lowercase letters,
// digits with no spaces, and any of the following characters: =,.@-
RoleName *string `type:"string"`
// A list of tags that you want to attach to the newly created account. For
// each tag in the list, you must specify both a tag key and a value. You can
// set the value to an empty string, but you can't set it to null. For more
// information about tagging, see Tagging Organizations resources (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html)
// in the Organizations User Guide.
//
// If any one of the tags is not valid or if you exceed the maximum allowed
// number of tags for an account, then the entire request fails and the account
// is not created.
Tags []*Tag `type:"list"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateAccountInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateAccountInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateAccountInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "CreateAccountInput"}
if s.AccountName == nil {
invalidParams.Add(request.NewErrParamRequired("AccountName"))
}
if s.AccountName != nil && len(*s.AccountName) < 1 {
invalidParams.Add(request.NewErrParamMinLen("AccountName", 1))
}
if s.Email == nil {
invalidParams.Add(request.NewErrParamRequired("Email"))
}
if s.Email != nil && len(*s.Email) < 6 {
invalidParams.Add(request.NewErrParamMinLen("Email", 6))
}
if s.Tags != nil {
for i, v := range s.Tags {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
}
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetAccountName sets the AccountName field's value.
func (s *CreateAccountInput) SetAccountName(v string) *CreateAccountInput {
s.AccountName = &v
return s
}
// SetEmail sets the Email field's value.
func (s *CreateAccountInput) SetEmail(v string) *CreateAccountInput {
s.Email = &v
return s
}
// SetIamUserAccessToBilling sets the IamUserAccessToBilling field's value.
func (s *CreateAccountInput) SetIamUserAccessToBilling(v string) *CreateAccountInput {
s.IamUserAccessToBilling = &v
return s
}
// SetRoleName sets the RoleName field's value.
func (s *CreateAccountInput) SetRoleName(v string) *CreateAccountInput {
s.RoleName = &v
return s
}
// SetTags sets the Tags field's value.
func (s *CreateAccountInput) SetTags(v []*Tag) *CreateAccountInput {
s.Tags = v
return s
}
type CreateAccountOutput struct {
_ struct{} `type:"structure"`
// A structure that contains details about the request to create an account.
// This response structure might not be fully populated when you first receive
// it because account creation is an asynchronous process. You can pass the
// returned CreateAccountStatus ID as a parameter to DescribeCreateAccountStatus
// to get status about the progress of the request at later times. You can also
// check the CloudTrail log for the CreateAccountResult event. For more information,
// see Logging and monitoring in Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_security_incident-response.html)
// in the Organizations User Guide.
CreateAccountStatus *CreateAccountStatus `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateAccountOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateAccountOutput) GoString() string {
return s.String()
}
// SetCreateAccountStatus sets the CreateAccountStatus field's value.
func (s *CreateAccountOutput) SetCreateAccountStatus(v *CreateAccountStatus) *CreateAccountOutput {
s.CreateAccountStatus = v
return s
}
// Contains the status about a CreateAccount or CreateGovCloudAccount request
// to create an Amazon Web Services account or an Amazon Web Services GovCloud
// (US) account in an organization.
type CreateAccountStatus struct {
_ struct{} `type:"structure"`
// If the account was created successfully, the unique identifier (ID) of the
// new account.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string
// requires exactly 12 digits.
AccountId *string `type:"string"`
// The account name given to the account when it was created.
//
// AccountName is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateAccountStatus's
// String and GoString methods.
AccountName *string `min:"1" type:"string" sensitive:"true"`
// The date and time that the account was created and the request completed.
CompletedTimestamp *time.Time `type:"timestamp"`
// If the request failed, a description of the reason for the failure.
//
// * ACCOUNT_LIMIT_EXCEEDED: The account couldn't be created because you
// reached the limit on the number of accounts in your organization.
//
// * CONCURRENT_ACCOUNT_MODIFICATION: You already submitted a request with
// the same information.
//
// * EMAIL_ALREADY_EXISTS: The account could not be created because another
// Amazon Web Services account with that email address already exists.
//
// * FAILED_BUSINESS_VALIDATION: The Amazon Web Services account that owns
// your organization failed to receive business license validation.
//
// * GOVCLOUD_ACCOUNT_ALREADY_EXISTS: The account in the Amazon Web Services
// GovCloud (US) Region could not be created because this Region already
// includes an account with that email address.
//
// * IDENTITY_INVALID_BUSINESS_VALIDATION: The Amazon Web Services account
// that owns your organization can't complete business license validation
// because it doesn't have valid identity data.
//
// * INVALID_ADDRESS: The account could not be created because the address
// you provided is not valid.
//
// * INVALID_EMAIL: The account could not be created because the email address
// you provided is not valid.
//
// * INVALID_PAYMENT_INSTRUMENT: The Amazon Web Services account that owns
// your organization does not have a supported payment method associated
// with the account. Amazon Web Services does not support cards issued by
// financial institutions in Russia or Belarus. For more information, see
// Managing your Amazon Web Services payments (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-general.html).
//
// * INTERNAL_FAILURE: The account could not be created because of an internal
// failure. Try again later. If the problem persists, contact Amazon Web
// Services Customer Support.
//
// * MISSING_BUSINESS_VALIDATION: The Amazon Web Services account that owns
// your organization has not received Business Validation.
//
// * MISSING_PAYMENT_INSTRUMENT: You must configure the management account
// with a valid payment method, such as a credit card.
//
// * PENDING_BUSINESS_VALIDATION: The Amazon Web Services account that owns
// your organization is still in the process of completing business license
// validation.
//
// * UNKNOWN_BUSINESS_VALIDATION: The Amazon Web Services account that owns
// your organization has an unknown issue with business license validation.
FailureReason *string `type:"string" enum:"CreateAccountFailureReason"`
// If the account was created successfully, the unique identifier (ID) of the
// new account in the Amazon Web Services GovCloud (US) Region.
GovCloudAccountId *string `type:"string"`
// The unique identifier (ID) that references this request. You get this value
// from the response of the initial CreateAccount request to create the account.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for a create account
// request ID string requires "car-" followed by from 8 to 32 lowercase letters
// or digits.
Id *string `type:"string"`
// The date and time that the request was made for the account creation.
RequestedTimestamp *time.Time `type:"timestamp"`
// The status of the asynchronous request to create an Amazon Web Services account.
State *string `type:"string" enum:"CreateAccountState"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateAccountStatus) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateAccountStatus) GoString() string {
return s.String()
}
// SetAccountId sets the AccountId field's value.
func (s *CreateAccountStatus) SetAccountId(v string) *CreateAccountStatus {
s.AccountId = &v
return s
}
// SetAccountName sets the AccountName field's value.
func (s *CreateAccountStatus) SetAccountName(v string) *CreateAccountStatus {
s.AccountName = &v
return s
}
// SetCompletedTimestamp sets the CompletedTimestamp field's value.
func (s *CreateAccountStatus) SetCompletedTimestamp(v time.Time) *CreateAccountStatus {
s.CompletedTimestamp = &v
return s
}
// SetFailureReason sets the FailureReason field's value.
func (s *CreateAccountStatus) SetFailureReason(v string) *CreateAccountStatus {
s.FailureReason = &v
return s
}
// SetGovCloudAccountId sets the GovCloudAccountId field's value.
func (s *CreateAccountStatus) SetGovCloudAccountId(v string) *CreateAccountStatus {
s.GovCloudAccountId = &v
return s
}
// SetId sets the Id field's value.
func (s *CreateAccountStatus) SetId(v string) *CreateAccountStatus {
s.Id = &v
return s
}
// SetRequestedTimestamp sets the RequestedTimestamp field's value.
func (s *CreateAccountStatus) SetRequestedTimestamp(v time.Time) *CreateAccountStatus {
s.RequestedTimestamp = &v
return s
}
// SetState sets the State field's value.
func (s *CreateAccountStatus) SetState(v string) *CreateAccountStatus {
s.State = &v
return s
}
// We can't find an create account request with the CreateAccountRequestId that
// you specified.
type CreateAccountStatusNotFoundException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateAccountStatusNotFoundException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateAccountStatusNotFoundException) GoString() string {
return s.String()
}
func newErrorCreateAccountStatusNotFoundException(v protocol.ResponseMetadata) error {
return &CreateAccountStatusNotFoundException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *CreateAccountStatusNotFoundException) Code() string {
return "CreateAccountStatusNotFoundException"
}
// Message returns the exception's message.
func (s *CreateAccountStatusNotFoundException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *CreateAccountStatusNotFoundException) OrigErr() error {
return nil
}
func (s *CreateAccountStatusNotFoundException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *CreateAccountStatusNotFoundException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *CreateAccountStatusNotFoundException) RequestID() string {
return s.RespMetadata.RequestID
}
type CreateGovCloudAccountInput struct {
_ struct{} `type:"structure"`
// The friendly name of the member account.
//
// The account name can consist of only the characters [a-z],[A-Z],[0-9], hyphen
// (-), or dot (.) You can't separate characters with a dash (–).
//
// AccountName is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateGovCloudAccountInput's
// String and GoString methods.
//
// AccountName is a required field
AccountName *string `min:"1" type:"string" required:"true" sensitive:"true"`
// Specifies the email address of the owner to assign to the new member account
// in the commercial Region. This email address must not already be associated
// with another Amazon Web Services account. You must use a valid email address
// to complete account creation.
//
// The rules for a valid email address:
//
// * The address must be a minimum of 6 and a maximum of 64 characters long.
//
// * All characters must be 7-bit ASCII characters.
//
// * There must be one and only one @ symbol, which separates the local name
// from the domain name.
//
// * The local name can't contain any of the following characters: whitespace,
// " ' ( ) < > [ ] : ; , \ | % &
//
// * The local name can't begin with a dot (.)
//
// * The domain name can consist of only the characters [a-z],[A-Z],[0-9],
// hyphen (-), or dot (.)
//
// * The domain name can't begin or end with a hyphen (-) or dot (.)
//
// * The domain name must contain at least one dot
//
// You can't access the root user of the account or remove an account that was
// created with an invalid email address. Like all request parameters for CreateGovCloudAccount,
// the request for the email address for the Amazon Web Services GovCloud (US)
// account originates from the commercial Region, not from the Amazon Web Services
// GovCloud (US) Region.
//
// Email is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateGovCloudAccountInput's
// String and GoString methods.
//
// Email is a required field
Email *string `min:"6" type:"string" required:"true" sensitive:"true"`
// If set to ALLOW, the new linked account in the commercial Region enables
// IAM users to access account billing information if they have the required
// permissions. If set to DENY, only the root user of the new account can access
// account billing information. For more information, see About IAM access to
// the Billing and Cost Management console (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate)
// in the Amazon Web Services Billing and Cost Management User Guide.
//
// If you don't specify this parameter, the value defaults to ALLOW, and IAM
// users and roles with the required permissions can access billing information
// for the new account.
IamUserAccessToBilling *string `type:"string" enum:"IAMUserAccessToBilling"`
// (Optional)
//
// The name of an IAM role that Organizations automatically preconfigures in
// the new member accounts in both the Amazon Web Services GovCloud (US) Region
// and in the commercial Region. This role trusts the management account, allowing
// users in the management account to assume the role, as permitted by the management
// account administrator. The role has administrator permissions in the new
// member account.
//
// If you don't specify this parameter, the role name defaults to OrganizationAccountAccessRole.
//
// For more information about how to use this role to access the member account,
// see the following links:
//
// * Creating the OrganizationAccountAccessRole in an invited member account
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role)
// in the Organizations User Guide
//
// * Steps 2 and 3 in IAM Tutorial: Delegate access across Amazon Web Services
// accounts using IAM roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html)
// in the IAM User Guide
//
// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
// this parameter. The pattern can include uppercase letters, lowercase letters,
// digits with no spaces, and any of the following characters: =,.@-
RoleName *string `type:"string"`
// A list of tags that you want to attach to the newly created account. These
// tags are attached to the commercial account associated with the GovCloud
// account, and not to the GovCloud account itself. To add tags to the actual
// GovCloud account, call the TagResource operation in the GovCloud region after
// the new GovCloud account exists.
//
// For each tag in the list, you must specify both a tag key and a value. You
// can set the value to an empty string, but you can't set it to null. For more
// information about tagging, see Tagging Organizations resources (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html)
// in the Organizations User Guide.
//
// If any one of the tags is not valid or if you exceed the maximum allowed
// number of tags for an account, then the entire request fails and the account
// is not created.
Tags []*Tag `type:"list"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateGovCloudAccountInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateGovCloudAccountInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateGovCloudAccountInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "CreateGovCloudAccountInput"}
if s.AccountName == nil {
invalidParams.Add(request.NewErrParamRequired("AccountName"))
}
if s.AccountName != nil && len(*s.AccountName) < 1 {
invalidParams.Add(request.NewErrParamMinLen("AccountName", 1))
}
if s.Email == nil {
invalidParams.Add(request.NewErrParamRequired("Email"))
}
if s.Email != nil && len(*s.Email) < 6 {
invalidParams.Add(request.NewErrParamMinLen("Email", 6))
}
if s.Tags != nil {
for i, v := range s.Tags {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
}
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetAccountName sets the AccountName field's value.
func (s *CreateGovCloudAccountInput) SetAccountName(v string) *CreateGovCloudAccountInput {
s.AccountName = &v
return s
}
// SetEmail sets the Email field's value.
func (s *CreateGovCloudAccountInput) SetEmail(v string) *CreateGovCloudAccountInput {
s.Email = &v
return s
}
// SetIamUserAccessToBilling sets the IamUserAccessToBilling field's value.
func (s *CreateGovCloudAccountInput) SetIamUserAccessToBilling(v string) *CreateGovCloudAccountInput {
s.IamUserAccessToBilling = &v
return s
}
// SetRoleName sets the RoleName field's value.
func (s *CreateGovCloudAccountInput) SetRoleName(v string) *CreateGovCloudAccountInput {
s.RoleName = &v
return s
}
// SetTags sets the Tags field's value.
func (s *CreateGovCloudAccountInput) SetTags(v []*Tag) *CreateGovCloudAccountInput {
s.Tags = v
return s
}
type CreateGovCloudAccountOutput struct {
_ struct{} `type:"structure"`
// Contains the status about a CreateAccount or CreateGovCloudAccount request
// to create an Amazon Web Services account or an Amazon Web Services GovCloud
// (US) account in an organization.
CreateAccountStatus *CreateAccountStatus `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateGovCloudAccountOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateGovCloudAccountOutput) GoString() string {
return s.String()
}
// SetCreateAccountStatus sets the CreateAccountStatus field's value.
func (s *CreateGovCloudAccountOutput) SetCreateAccountStatus(v *CreateAccountStatus) *CreateGovCloudAccountOutput {
s.CreateAccountStatus = v
return s
}
type CreateOrganizationInput struct {
_ struct{} `type:"structure"`
// Specifies the feature set supported by the new organization. Each feature
// set supports different levels of functionality.
//
// * CONSOLIDATED_BILLING: All member accounts have their bills consolidated
// to and paid by the management account. For more information, see Consolidated
// billing (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-cb-only)
// in the Organizations User Guide. The consolidated billing feature subset
// isn't available for organizations in the Amazon Web Services GovCloud
// (US) Region.
//
// * ALL: In addition to all the features supported by the consolidated billing
// feature set, the management account can also apply any policy type to
// any member account in the organization. For more information, see All
// features (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-all)
// in the Organizations User Guide.
FeatureSet *string `type:"string" enum:"OrganizationFeatureSet"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateOrganizationInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateOrganizationInput) GoString() string {
return s.String()
}
// SetFeatureSet sets the FeatureSet field's value.
func (s *CreateOrganizationInput) SetFeatureSet(v string) *CreateOrganizationInput {
s.FeatureSet = &v
return s
}
type CreateOrganizationOutput struct {
_ struct{} `type:"structure"`
// A structure that contains details about the newly created organization.
Organization *Organization `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateOrganizationOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateOrganizationOutput) GoString() string {
return s.String()
}
// SetOrganization sets the Organization field's value.
func (s *CreateOrganizationOutput) SetOrganization(v *Organization) *CreateOrganizationOutput {
s.Organization = v
return s
}
type CreateOrganizationalUnitInput struct {
_ struct{} `type:"structure"`
// The friendly name to assign to the new OU.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// The unique identifier (ID) of the parent root or OU that you want to create
// the new OU in.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string
// requires one of the following:
//
// * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
// letters or digits.
//
// * Organizational unit (OU) - A string that begins with "ou-" followed
// by from 4 to 32 lowercase letters or digits (the ID of the root that the
// OU is in). This string is followed by a second "-" dash and from 8 to
// 32 additional lowercase letters or digits.
//
// ParentId is a required field
ParentId *string `type:"string" required:"true"`
// A list of tags that you want to attach to the newly created OU. For each
// tag in the list, you must specify both a tag key and a value. You can set
// the value to an empty string, but you can't set it to null. For more information
// about tagging, see Tagging Organizations resources (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html)
// in the Organizations User Guide.
//
// If any one of the tags is not valid or if you exceed the allowed number of
// tags for an OU, then the entire request fails and the OU is not created.
Tags []*Tag `type:"list"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateOrganizationalUnitInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateOrganizationalUnitInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateOrganizationalUnitInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "CreateOrganizationalUnitInput"}
if s.Name == nil {
invalidParams.Add(request.NewErrParamRequired("Name"))
}
if s.Name != nil && len(*s.Name) < 1 {
invalidParams.Add(request.NewErrParamMinLen("Name", 1))
}
if s.ParentId == nil {
invalidParams.Add(request.NewErrParamRequired("ParentId"))
}
if s.Tags != nil {
for i, v := range s.Tags {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
}
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetName sets the Name field's value.
func (s *CreateOrganizationalUnitInput) SetName(v string) *CreateOrganizationalUnitInput {
s.Name = &v
return s
}
// SetParentId sets the ParentId field's value.
func (s *CreateOrganizationalUnitInput) SetParentId(v string) *CreateOrganizationalUnitInput {
s.ParentId = &v
return s
}
// SetTags sets the Tags field's value.
func (s *CreateOrganizationalUnitInput) SetTags(v []*Tag) *CreateOrganizationalUnitInput {
s.Tags = v
return s
}
type CreateOrganizationalUnitOutput struct {
_ struct{} `type:"structure"`
// A structure that contains details about the newly created OU.
OrganizationalUnit *OrganizationalUnit `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateOrganizationalUnitOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateOrganizationalUnitOutput) GoString() string {
return s.String()
}
// SetOrganizationalUnit sets the OrganizationalUnit field's value.
func (s *CreateOrganizationalUnitOutput) SetOrganizationalUnit(v *OrganizationalUnit) *CreateOrganizationalUnitOutput {
s.OrganizationalUnit = v
return s
}
type CreatePolicyInput struct {
_ struct{} `type:"structure"`
// The policy text content to add to the new policy. The text that you supply
// must adhere to the rules of the policy type you specify in the Type parameter.
//
// The maximum size of a policy document depends on the policy's type. For more
// information, see Maximum and minimum values (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html#min-max-values)
// in the Organizations User Guide.
//
// Content is a required field
Content *string `min:"1" type:"string" required:"true"`
// An optional description to assign to the policy.
//
// Description is a required field
Description *string `type:"string" required:"true"`
// The friendly name to assign to the policy.
//
// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
// this parameter is a string of any of the characters in the ASCII character
// range.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// A list of tags that you want to attach to the newly created policy. For each
// tag in the list, you must specify both a tag key and a value. You can set
// the value to an empty string, but you can't set it to null. For more information
// about tagging, see Tagging Organizations resources (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html)
// in the Organizations User Guide.
//
// If any one of the tags is not valid or if you exceed the allowed number of
// tags for a policy, then the entire request fails and the policy is not created.
Tags []*Tag `type:"list"`
// The type of policy to create. You can specify one of the following values:
//
// * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html)
//
// * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html)
//
// * SERVICE_CONTROL_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html)
//
// * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html)
//
// Type is a required field
Type *string `type:"string" required:"true" enum:"PolicyType"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreatePolicyInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreatePolicyInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *CreatePolicyInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "CreatePolicyInput"}
if s.Content == nil {
invalidParams.Add(request.NewErrParamRequired("Content"))
}
if s.Content != nil && len(*s.Content) < 1 {
invalidParams.Add(request.NewErrParamMinLen("Content", 1))
}
if s.Description == nil {
invalidParams.Add(request.NewErrParamRequired("Description"))
}
if s.Name == nil {
invalidParams.Add(request.NewErrParamRequired("Name"))
}
if s.Name != nil && len(*s.Name) < 1 {
invalidParams.Add(request.NewErrParamMinLen("Name", 1))
}
if s.Type == nil {
invalidParams.Add(request.NewErrParamRequired("Type"))
}
if s.Tags != nil {
for i, v := range s.Tags {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
}
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetContent sets the Content field's value.
func (s *CreatePolicyInput) SetContent(v string) *CreatePolicyInput {
s.Content = &v
return s
}
// SetDescription sets the Description field's value.
func (s *CreatePolicyInput) SetDescription(v string) *CreatePolicyInput {
s.Description = &v
return s
}
// SetName sets the Name field's value.
func (s *CreatePolicyInput) SetName(v string) *CreatePolicyInput {
s.Name = &v
return s
}
// SetTags sets the Tags field's value.
func (s *CreatePolicyInput) SetTags(v []*Tag) *CreatePolicyInput {
s.Tags = v
return s
}
// SetType sets the Type field's value.
func (s *CreatePolicyInput) SetType(v string) *CreatePolicyInput {
s.Type = &v
return s
}
type CreatePolicyOutput struct {
_ struct{} `type:"structure"`
// A structure that contains details about the newly created policy.
Policy *Policy `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreatePolicyOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreatePolicyOutput) GoString() string {
return s.String()
}
// SetPolicy sets the Policy field's value.
func (s *CreatePolicyOutput) SetPolicy(v *Policy) *CreatePolicyOutput {
s.Policy = v
return s
}
type DeclineHandshakeInput struct {
_ struct{} `type:"structure"`
// The unique identifier (ID) of the handshake that you want to decline. You
// can get the ID from the ListHandshakesForAccount operation.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
// requires "h-" followed by from 8 to 32 lowercase letters or digits.
//
// HandshakeId is a required field
HandshakeId *string `type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeclineHandshakeInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeclineHandshakeInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *DeclineHandshakeInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "DeclineHandshakeInput"}
if s.HandshakeId == nil {
invalidParams.Add(request.NewErrParamRequired("HandshakeId"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetHandshakeId sets the HandshakeId field's value.
func (s *DeclineHandshakeInput) SetHandshakeId(v string) *DeclineHandshakeInput {
s.HandshakeId = &v
return s
}
type DeclineHandshakeOutput struct {
_ struct{} `type:"structure"`
// A structure that contains details about the declined handshake. The state
// is updated to show the value DECLINED.
Handshake *Handshake `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeclineHandshakeOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeclineHandshakeOutput) GoString() string {
return s.String()
}
// SetHandshake sets the Handshake field's value.
func (s *DeclineHandshakeOutput) SetHandshake(v *Handshake) *DeclineHandshakeOutput {
s.Handshake = v
return s
}
// Contains information about the delegated administrator.
type DelegatedAdministrator struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the delegated administrator's account.
Arn *string `type:"string"`
// The date when the account was made a delegated administrator.
DelegationEnabledDate *time.Time `type:"timestamp"`
// The email address that is associated with the delegated administrator's Amazon
// Web Services account.
//
// Email is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by DelegatedAdministrator's
// String and GoString methods.
Email *string `min:"6" type:"string" sensitive:"true"`
// The unique identifier (ID) of the delegated administrator's account.
Id *string `type:"string"`
// The method by which the delegated administrator's account joined the organization.
JoinedMethod *string `type:"string" enum:"AccountJoinedMethod"`
// The date when the delegated administrator's account became a part of the
// organization.
JoinedTimestamp *time.Time `type:"timestamp"`
// The friendly name of the delegated administrator's account.
//
// Name is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by DelegatedAdministrator's
// String and GoString methods.
Name *string `min:"1" type:"string" sensitive:"true"`
// The status of the delegated administrator's account in the organization.
Status *string `type:"string" enum:"AccountStatus"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DelegatedAdministrator) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DelegatedAdministrator) GoString() string {
return s.String()
}
// SetArn sets the Arn field's value.
func (s *DelegatedAdministrator) SetArn(v string) *DelegatedAdministrator {
s.Arn = &v
return s
}
// SetDelegationEnabledDate sets the DelegationEnabledDate field's value.
func (s *DelegatedAdministrator) SetDelegationEnabledDate(v time.Time) *DelegatedAdministrator {
s.DelegationEnabledDate = &v
return s
}
// SetEmail sets the Email field's value.
func (s *DelegatedAdministrator) SetEmail(v string) *DelegatedAdministrator {
s.Email = &v
return s
}
// SetId sets the Id field's value.
func (s *DelegatedAdministrator) SetId(v string) *DelegatedAdministrator {
s.Id = &v
return s
}
// SetJoinedMethod sets the JoinedMethod field's value.
func (s *DelegatedAdministrator) SetJoinedMethod(v string) *DelegatedAdministrator {
s.JoinedMethod = &v
return s
}
// SetJoinedTimestamp sets the JoinedTimestamp field's value.
func (s *DelegatedAdministrator) SetJoinedTimestamp(v time.Time) *DelegatedAdministrator {
s.JoinedTimestamp = &v
return s
}
// SetName sets the Name field's value.
func (s *DelegatedAdministrator) SetName(v string) *DelegatedAdministrator {
s.Name = &v
return s
}
// SetStatus sets the Status field's value.
func (s *DelegatedAdministrator) SetStatus(v string) *DelegatedAdministrator {
s.Status = &v
return s
}
// Contains information about the Amazon Web Services service for which the
// account is a delegated administrator.
type DelegatedService struct {
_ struct{} `type:"structure"`
// The date that the account became a delegated administrator for this service.
DelegationEnabledDate *time.Time `type:"timestamp"`
// The name of an Amazon Web Services service that can request an operation
// for the specified service. This is typically in the form of a URL, such as:
// servicename.amazonaws.com.
ServicePrincipal *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DelegatedService) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DelegatedService) GoString() string {
return s.String()
}
// SetDelegationEnabledDate sets the DelegationEnabledDate field's value.
func (s *DelegatedService) SetDelegationEnabledDate(v time.Time) *DelegatedService {
s.DelegationEnabledDate = &v
return s
}
// SetServicePrincipal sets the ServicePrincipal field's value.
func (s *DelegatedService) SetServicePrincipal(v string) *DelegatedService {
s.ServicePrincipal = &v
return s
}
type DeleteOrganizationInput struct {
_ struct{} `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteOrganizationInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteOrganizationInput) GoString() string {
return s.String()
}
type DeleteOrganizationOutput struct {
_ struct{} `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteOrganizationOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteOrganizationOutput) GoString() string {
return s.String()
}
type DeleteOrganizationalUnitInput struct {
_ struct{} `type:"structure"`
// The unique identifier (ID) of the organizational unit that you want to delete.
// You can get the ID from the ListOrganizationalUnitsForParent operation.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for an organizational
// unit ID string requires "ou-" followed by from 4 to 32 lowercase letters
// or digits (the ID of the root that contains the OU). This string is followed
// by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
//
// OrganizationalUnitId is a required field
OrganizationalUnitId *string `type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteOrganizationalUnitInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteOrganizationalUnitInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteOrganizationalUnitInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "DeleteOrganizationalUnitInput"}
if s.OrganizationalUnitId == nil {
invalidParams.Add(request.NewErrParamRequired("OrganizationalUnitId"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetOrganizationalUnitId sets the OrganizationalUnitId field's value.
func (s *DeleteOrganizationalUnitInput) SetOrganizationalUnitId(v string) *DeleteOrganizationalUnitInput {
s.OrganizationalUnitId = &v
return s
}
type DeleteOrganizationalUnitOutput struct {
_ struct{} `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteOrganizationalUnitOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteOrganizationalUnitOutput) GoString() string {
return s.String()
}
type DeletePolicyInput struct {
_ struct{} `type:"structure"`
// The unique identifier (ID) of the policy that you want to delete. You can
// get the ID from the ListPolicies or ListPoliciesForTarget operations.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
// requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits,
// or the underscore character (_).
//
// PolicyId is a required field
PolicyId *string `type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeletePolicyInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeletePolicyInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *DeletePolicyInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "DeletePolicyInput"}
if s.PolicyId == nil {
invalidParams.Add(request.NewErrParamRequired("PolicyId"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetPolicyId sets the PolicyId field's value.
func (s *DeletePolicyInput) SetPolicyId(v string) *DeletePolicyInput {
s.PolicyId = &v
return s
}
type DeletePolicyOutput struct {
_ struct{} `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeletePolicyOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeletePolicyOutput) GoString() string {
return s.String()
}
type DeleteResourcePolicyInput struct {
_ struct{} `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteResourcePolicyInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteResourcePolicyInput) GoString() string {
return s.String()
}
type DeleteResourcePolicyOutput struct {
_ struct{} `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteResourcePolicyOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteResourcePolicyOutput) GoString() string {
return s.String()
}
type DeregisterDelegatedAdministratorInput struct {
_ struct{} `type:"structure"`
// The account ID number of the member account in the organization that you
// want to deregister as a delegated administrator.
//
// AccountId is a required field
AccountId *string `type:"string" required:"true"`
// The service principal name of an Amazon Web Services service for which the
// account is a delegated administrator.
//
// Delegated administrator privileges are revoked for only the specified Amazon
// Web Services service from the member account. If the specified service is
// the only service for which the member account is a delegated administrator,
// the operation also revokes Organizations read action permissions.
//
// ServicePrincipal is a required field
ServicePrincipal *string `min:"1" type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeregisterDelegatedAdministratorInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeregisterDelegatedAdministratorInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *DeregisterDelegatedAdministratorInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "DeregisterDelegatedAdministratorInput"}
if s.AccountId == nil {
invalidParams.Add(request.NewErrParamRequired("AccountId"))
}
if s.ServicePrincipal == nil {
invalidParams.Add(request.NewErrParamRequired("ServicePrincipal"))
}
if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 {
invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetAccountId sets the AccountId field's value.
func (s *DeregisterDelegatedAdministratorInput) SetAccountId(v string) *DeregisterDelegatedAdministratorInput {
s.AccountId = &v
return s
}
// SetServicePrincipal sets the ServicePrincipal field's value.
func (s *DeregisterDelegatedAdministratorInput) SetServicePrincipal(v string) *DeregisterDelegatedAdministratorInput {
s.ServicePrincipal = &v
return s
}
type DeregisterDelegatedAdministratorOutput struct {
_ struct{} `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeregisterDelegatedAdministratorOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeregisterDelegatedAdministratorOutput) GoString() string {
return s.String()
}
type DescribeAccountInput struct {
_ struct{} `type:"structure"`
// The unique identifier (ID) of the Amazon Web Services account that you want
// information about. You can get the ID from the ListAccounts or ListAccountsForParent
// operations.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string
// requires exactly 12 digits.
//
// AccountId is a required field
AccountId *string `type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeAccountInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeAccountInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *DescribeAccountInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "DescribeAccountInput"}
if s.AccountId == nil {
invalidParams.Add(request.NewErrParamRequired("AccountId"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetAccountId sets the AccountId field's value.
func (s *DescribeAccountInput) SetAccountId(v string) *DescribeAccountInput {
s.AccountId = &v
return s
}
type DescribeAccountOutput struct {
_ struct{} `type:"structure"`
// A structure that contains information about the requested account.
Account *Account `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeAccountOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeAccountOutput) GoString() string {
return s.String()
}
// SetAccount sets the Account field's value.
func (s *DescribeAccountOutput) SetAccount(v *Account) *DescribeAccountOutput {
s.Account = v
return s
}
type DescribeCreateAccountStatusInput struct {
_ struct{} `type:"structure"`
// Specifies the Id value that uniquely identifies the CreateAccount request.
// You can get the value from the CreateAccountStatus.Id response in an earlier
// CreateAccount request, or from the ListCreateAccountStatus operation.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for a create account
// request ID string requires "car-" followed by from 8 to 32 lowercase letters
// or digits.
//
// CreateAccountRequestId is a required field
CreateAccountRequestId *string `type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeCreateAccountStatusInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeCreateAccountStatusInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *DescribeCreateAccountStatusInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "DescribeCreateAccountStatusInput"}
if s.CreateAccountRequestId == nil {
invalidParams.Add(request.NewErrParamRequired("CreateAccountRequestId"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetCreateAccountRequestId sets the CreateAccountRequestId field's value.
func (s *DescribeCreateAccountStatusInput) SetCreateAccountRequestId(v string) *DescribeCreateAccountStatusInput {
s.CreateAccountRequestId = &v
return s
}
type DescribeCreateAccountStatusOutput struct {
_ struct{} `type:"structure"`
// A structure that contains the current status of an account creation request.
CreateAccountStatus *CreateAccountStatus `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeCreateAccountStatusOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeCreateAccountStatusOutput) GoString() string {
return s.String()
}
// SetCreateAccountStatus sets the CreateAccountStatus field's value.
func (s *DescribeCreateAccountStatusOutput) SetCreateAccountStatus(v *CreateAccountStatus) *DescribeCreateAccountStatusOutput {
s.CreateAccountStatus = v
return s
}
type DescribeEffectivePolicyInput struct {
_ struct{} `type:"structure"`
// The type of policy that you want information about. You can specify one of
// the following values:
//
// * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html)
//
// * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html)
//
// * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html)
//
// PolicyType is a required field
PolicyType *string `type:"string" required:"true" enum:"EffectivePolicyType"`
// When you're signed in as the management account, specify the ID of the account
// that you want details about. Specifying an organization root or organizational
// unit (OU) as the target is not supported.
TargetId *string `type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeEffectivePolicyInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeEffectivePolicyInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *DescribeEffectivePolicyInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "DescribeEffectivePolicyInput"}
if s.PolicyType == nil {
invalidParams.Add(request.NewErrParamRequired("PolicyType"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetPolicyType sets the PolicyType field's value.
func (s *DescribeEffectivePolicyInput) SetPolicyType(v string) *DescribeEffectivePolicyInput {
s.PolicyType = &v
return s
}
// SetTargetId sets the TargetId field's value.
func (s *DescribeEffectivePolicyInput) SetTargetId(v string) *DescribeEffectivePolicyInput {
s.TargetId = &v
return s
}
type DescribeEffectivePolicyOutput struct {
_ struct{} `type:"structure"`
// The contents of the effective policy.
EffectivePolicy *EffectivePolicy `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeEffectivePolicyOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeEffectivePolicyOutput) GoString() string {
return s.String()
}
// SetEffectivePolicy sets the EffectivePolicy field's value.
func (s *DescribeEffectivePolicyOutput) SetEffectivePolicy(v *EffectivePolicy) *DescribeEffectivePolicyOutput {
s.EffectivePolicy = v
return s
}
type DescribeHandshakeInput struct {
_ struct{} `type:"structure"`
// The unique identifier (ID) of the handshake that you want information about.
// You can get the ID from the original call to InviteAccountToOrganization,
// or from a call to ListHandshakesForAccount or ListHandshakesForOrganization.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
// requires "h-" followed by from 8 to 32 lowercase letters or digits.
//
// HandshakeId is a required field
HandshakeId *string `type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeHandshakeInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeHandshakeInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *DescribeHandshakeInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "DescribeHandshakeInput"}
if s.HandshakeId == nil {
invalidParams.Add(request.NewErrParamRequired("HandshakeId"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetHandshakeId sets the HandshakeId field's value.
func (s *DescribeHandshakeInput) SetHandshakeId(v string) *DescribeHandshakeInput {
s.HandshakeId = &v
return s
}
type DescribeHandshakeOutput struct {
_ struct{} `type:"structure"`
// A structure that contains information about the specified handshake.
Handshake *Handshake `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeHandshakeOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeHandshakeOutput) GoString() string {
return s.String()
}
// SetHandshake sets the Handshake field's value.
func (s *DescribeHandshakeOutput) SetHandshake(v *Handshake) *DescribeHandshakeOutput {
s.Handshake = v
return s
}
type DescribeOrganizationInput struct {
_ struct{} `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeOrganizationInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeOrganizationInput) GoString() string {
return s.String()
}
type DescribeOrganizationOutput struct {
_ struct{} `type:"structure"`
// A structure that contains information about the organization.
//
// The AvailablePolicyTypes part of the response is deprecated, and you shouldn't
// use it in your apps. It doesn't include any policy type supported by Organizations
// other than SCPs. To determine which policy types are enabled in your organization,
// use the ListRoots operation.
Organization *Organization `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeOrganizationOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeOrganizationOutput) GoString() string {
return s.String()
}
// SetOrganization sets the Organization field's value.
func (s *DescribeOrganizationOutput) SetOrganization(v *Organization) *DescribeOrganizationOutput {
s.Organization = v
return s
}
type DescribeOrganizationalUnitInput struct {
_ struct{} `type:"structure"`
// The unique identifier (ID) of the organizational unit that you want details
// about. You can get the ID from the ListOrganizationalUnitsForParent operation.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for an organizational
// unit ID string requires "ou-" followed by from 4 to 32 lowercase letters
// or digits (the ID of the root that contains the OU). This string is followed
// by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
//
// OrganizationalUnitId is a required field
OrganizationalUnitId *string `type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeOrganizationalUnitInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeOrganizationalUnitInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *DescribeOrganizationalUnitInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "DescribeOrganizationalUnitInput"}
if s.OrganizationalUnitId == nil {
invalidParams.Add(request.NewErrParamRequired("OrganizationalUnitId"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetOrganizationalUnitId sets the OrganizationalUnitId field's value.
func (s *DescribeOrganizationalUnitInput) SetOrganizationalUnitId(v string) *DescribeOrganizationalUnitInput {
s.OrganizationalUnitId = &v
return s
}
type DescribeOrganizationalUnitOutput struct {
_ struct{} `type:"structure"`
// A structure that contains details about the specified OU.
OrganizationalUnit *OrganizationalUnit `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeOrganizationalUnitOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeOrganizationalUnitOutput) GoString() string {
return s.String()
}
// SetOrganizationalUnit sets the OrganizationalUnit field's value.
func (s *DescribeOrganizationalUnitOutput) SetOrganizationalUnit(v *OrganizationalUnit) *DescribeOrganizationalUnitOutput {
s.OrganizationalUnit = v
return s
}
type DescribePolicyInput struct {
_ struct{} `type:"structure"`
// The unique identifier (ID) of the policy that you want details about. You
// can get the ID from the ListPolicies or ListPoliciesForTarget operations.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
// requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits,
// or the underscore character (_).
//
// PolicyId is a required field
PolicyId *string `type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribePolicyInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribePolicyInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *DescribePolicyInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "DescribePolicyInput"}
if s.PolicyId == nil {
invalidParams.Add(request.NewErrParamRequired("PolicyId"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetPolicyId sets the PolicyId field's value.
func (s *DescribePolicyInput) SetPolicyId(v string) *DescribePolicyInput {
s.PolicyId = &v
return s
}
type DescribePolicyOutput struct {
_ struct{} `type:"structure"`
// A structure that contains details about the specified policy.
Policy *Policy `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribePolicyOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribePolicyOutput) GoString() string {
return s.String()
}
// SetPolicy sets the Policy field's value.
func (s *DescribePolicyOutput) SetPolicy(v *Policy) *DescribePolicyOutput {
s.Policy = v
return s
}
type DescribeResourcePolicyInput struct {
_ struct{} `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeResourcePolicyInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeResourcePolicyInput) GoString() string {
return s.String()
}
type DescribeResourcePolicyOutput struct {
_ struct{} `type:"structure"`
// A structure that contains details about the resource policy.
ResourcePolicy *ResourcePolicy `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeResourcePolicyOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeResourcePolicyOutput) GoString() string {
return s.String()
}
// SetResourcePolicy sets the ResourcePolicy field's value.
func (s *DescribeResourcePolicyOutput) SetResourcePolicy(v *ResourcePolicy) *DescribeResourcePolicyOutput {
s.ResourcePolicy = v
return s
}
// We can't find the destination container (a root or OU) with the ParentId
// that you specified.
type DestinationParentNotFoundException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DestinationParentNotFoundException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DestinationParentNotFoundException) GoString() string {
return s.String()
}
func newErrorDestinationParentNotFoundException(v protocol.ResponseMetadata) error {
return &DestinationParentNotFoundException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *DestinationParentNotFoundException) Code() string {
return "DestinationParentNotFoundException"
}
// Message returns the exception's message.
func (s *DestinationParentNotFoundException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *DestinationParentNotFoundException) OrigErr() error {
return nil
}
func (s *DestinationParentNotFoundException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *DestinationParentNotFoundException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *DestinationParentNotFoundException) RequestID() string {
return s.RespMetadata.RequestID
}
type DetachPolicyInput struct {
_ struct{} `type:"structure"`
// The unique identifier (ID) of the policy you want to detach. You can get
// the ID from the ListPolicies or ListPoliciesForTarget operations.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
// requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits,
// or the underscore character (_).
//
// PolicyId is a required field
PolicyId *string `type:"string" required:"true"`
// The unique identifier (ID) of the root, OU, or account that you want to detach
// the policy from. You can get the ID from the ListRoots, ListOrganizationalUnitsForParent,
// or ListAccounts operations.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string
// requires one of the following:
//
// * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
// letters or digits.
//
// * Account - A string that consists of exactly 12 digits.
//
// * Organizational unit (OU) - A string that begins with "ou-" followed
// by from 4 to 32 lowercase letters or digits (the ID of the root that the
// OU is in). This string is followed by a second "-" dash and from 8 to
// 32 additional lowercase letters or digits.
//
// TargetId is a required field
TargetId *string `type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DetachPolicyInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DetachPolicyInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *DetachPolicyInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "DetachPolicyInput"}
if s.PolicyId == nil {
invalidParams.Add(request.NewErrParamRequired("PolicyId"))
}
if s.TargetId == nil {
invalidParams.Add(request.NewErrParamRequired("TargetId"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetPolicyId sets the PolicyId field's value.
func (s *DetachPolicyInput) SetPolicyId(v string) *DetachPolicyInput {
s.PolicyId = &v
return s
}
// SetTargetId sets the TargetId field's value.
func (s *DetachPolicyInput) SetTargetId(v string) *DetachPolicyInput {
s.TargetId = &v
return s
}
type DetachPolicyOutput struct {
_ struct{} `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DetachPolicyOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DetachPolicyOutput) GoString() string {
return s.String()
}
type DisableAWSServiceAccessInput struct {
_ struct{} `type:"structure"`
// The service principal name of the Amazon Web Services service for which you
// want to disable integration with your organization. This is typically in
// the form of a URL, such as service-abbreviation.amazonaws.com.
//
// ServicePrincipal is a required field
ServicePrincipal *string `min:"1" type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DisableAWSServiceAccessInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DisableAWSServiceAccessInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *DisableAWSServiceAccessInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "DisableAWSServiceAccessInput"}
if s.ServicePrincipal == nil {
invalidParams.Add(request.NewErrParamRequired("ServicePrincipal"))
}
if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 {
invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetServicePrincipal sets the ServicePrincipal field's value.
func (s *DisableAWSServiceAccessInput) SetServicePrincipal(v string) *DisableAWSServiceAccessInput {
s.ServicePrincipal = &v
return s
}
type DisableAWSServiceAccessOutput struct {
_ struct{} `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DisableAWSServiceAccessOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DisableAWSServiceAccessOutput) GoString() string {
return s.String()
}
type DisablePolicyTypeInput struct {
_ struct{} `type:"structure"`
// The policy type that you want to disable in this root. You can specify one
// of the following values:
//
// * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html)
//
// * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html)
//
// * SERVICE_CONTROL_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html)
//
// * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html)
//
// PolicyType is a required field
PolicyType *string `type:"string" required:"true" enum:"PolicyType"`
// The unique identifier (ID) of the root in which you want to disable a policy
// type. You can get the ID from the ListRoots operation.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for a root ID string
// requires "r-" followed by from 4 to 32 lowercase letters or digits.
//
// RootId is a required field
RootId *string `type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DisablePolicyTypeInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DisablePolicyTypeInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *DisablePolicyTypeInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "DisablePolicyTypeInput"}
if s.PolicyType == nil {
invalidParams.Add(request.NewErrParamRequired("PolicyType"))
}
if s.RootId == nil {
invalidParams.Add(request.NewErrParamRequired("RootId"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetPolicyType sets the PolicyType field's value.
func (s *DisablePolicyTypeInput) SetPolicyType(v string) *DisablePolicyTypeInput {
s.PolicyType = &v
return s
}
// SetRootId sets the RootId field's value.
func (s *DisablePolicyTypeInput) SetRootId(v string) *DisablePolicyTypeInput {
s.RootId = &v
return s
}
type DisablePolicyTypeOutput struct {
_ struct{} `type:"structure"`
// A structure that shows the root with the updated list of enabled policy types.
Root *Root `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DisablePolicyTypeOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DisablePolicyTypeOutput) GoString() string {
return s.String()
}
// SetRoot sets the Root field's value.
func (s *DisablePolicyTypeOutput) SetRoot(v *Root) *DisablePolicyTypeOutput {
s.Root = v
return s
}
// That account is already present in the specified destination.
type DuplicateAccountException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DuplicateAccountException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DuplicateAccountException) GoString() string {
return s.String()
}
func newErrorDuplicateAccountException(v protocol.ResponseMetadata) error {
return &DuplicateAccountException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *DuplicateAccountException) Code() string {
return "DuplicateAccountException"
}
// Message returns the exception's message.
func (s *DuplicateAccountException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *DuplicateAccountException) OrigErr() error {
return nil
}
func (s *DuplicateAccountException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *DuplicateAccountException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *DuplicateAccountException) RequestID() string {
return s.RespMetadata.RequestID
}
// A handshake with the same action and target already exists. For example,
// if you invited an account to join your organization, the invited account
// might already have a pending invitation from this organization. If you intend
// to resend an invitation to an account, ensure that existing handshakes that
// might be considered duplicates are canceled or declined.
type DuplicateHandshakeException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DuplicateHandshakeException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DuplicateHandshakeException) GoString() string {
return s.String()
}
func newErrorDuplicateHandshakeException(v protocol.ResponseMetadata) error {
return &DuplicateHandshakeException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *DuplicateHandshakeException) Code() string {
return "DuplicateHandshakeException"
}
// Message returns the exception's message.
func (s *DuplicateHandshakeException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *DuplicateHandshakeException) OrigErr() error {
return nil
}
func (s *DuplicateHandshakeException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *DuplicateHandshakeException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *DuplicateHandshakeException) RequestID() string {
return s.RespMetadata.RequestID
}
// An OU with the same name already exists.
type DuplicateOrganizationalUnitException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DuplicateOrganizationalUnitException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DuplicateOrganizationalUnitException) GoString() string {
return s.String()
}
func newErrorDuplicateOrganizationalUnitException(v protocol.ResponseMetadata) error {
return &DuplicateOrganizationalUnitException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *DuplicateOrganizationalUnitException) Code() string {
return "DuplicateOrganizationalUnitException"
}
// Message returns the exception's message.
func (s *DuplicateOrganizationalUnitException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *DuplicateOrganizationalUnitException) OrigErr() error {
return nil
}
func (s *DuplicateOrganizationalUnitException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *DuplicateOrganizationalUnitException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *DuplicateOrganizationalUnitException) RequestID() string {
return s.RespMetadata.RequestID
}
// The selected policy is already attached to the specified target.
type DuplicatePolicyAttachmentException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DuplicatePolicyAttachmentException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DuplicatePolicyAttachmentException) GoString() string {
return s.String()
}
func newErrorDuplicatePolicyAttachmentException(v protocol.ResponseMetadata) error {
return &DuplicatePolicyAttachmentException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *DuplicatePolicyAttachmentException) Code() string {
return "DuplicatePolicyAttachmentException"
}
// Message returns the exception's message.
func (s *DuplicatePolicyAttachmentException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *DuplicatePolicyAttachmentException) OrigErr() error {
return nil
}
func (s *DuplicatePolicyAttachmentException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *DuplicatePolicyAttachmentException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *DuplicatePolicyAttachmentException) RequestID() string {
return s.RespMetadata.RequestID
}
// A policy with the same name already exists.
type DuplicatePolicyException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DuplicatePolicyException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DuplicatePolicyException) GoString() string {
return s.String()
}
func newErrorDuplicatePolicyException(v protocol.ResponseMetadata) error {
return &DuplicatePolicyException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *DuplicatePolicyException) Code() string {
return "DuplicatePolicyException"
}
// Message returns the exception's message.
func (s *DuplicatePolicyException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *DuplicatePolicyException) OrigErr() error {
return nil
}
func (s *DuplicatePolicyException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *DuplicatePolicyException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *DuplicatePolicyException) RequestID() string {
return s.RespMetadata.RequestID
}
// Contains rules to be applied to the affected accounts. The effective policy
// is the aggregation of any policies the account inherits, plus any policy
// directly attached to the account.
type EffectivePolicy struct {
_ struct{} `type:"structure"`
// The time of the last update to this policy.
LastUpdatedTimestamp *time.Time `type:"timestamp"`
// The text content of the policy.
PolicyContent *string `min:"1" type:"string"`
// The policy type.
PolicyType *string `type:"string" enum:"EffectivePolicyType"`
// The account ID of the policy target.
TargetId *string `type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EffectivePolicy) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EffectivePolicy) GoString() string {
return s.String()
}
// SetLastUpdatedTimestamp sets the LastUpdatedTimestamp field's value.
func (s *EffectivePolicy) SetLastUpdatedTimestamp(v time.Time) *EffectivePolicy {
s.LastUpdatedTimestamp = &v
return s
}
// SetPolicyContent sets the PolicyContent field's value.
func (s *EffectivePolicy) SetPolicyContent(v string) *EffectivePolicy {
s.PolicyContent = &v
return s
}
// SetPolicyType sets the PolicyType field's value.
func (s *EffectivePolicy) SetPolicyType(v string) *EffectivePolicy {
s.PolicyType = &v
return s
}
// SetTargetId sets the TargetId field's value.
func (s *EffectivePolicy) SetTargetId(v string) *EffectivePolicy {
s.TargetId = &v
return s
}
// If you ran this action on the management account, this policy type is not
// enabled. If you ran the action on a member account, the account doesn't have
// an effective policy of this type. Contact the administrator of your organization
// about attaching a policy of this type to the account.
type EffectivePolicyNotFoundException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EffectivePolicyNotFoundException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EffectivePolicyNotFoundException) GoString() string {
return s.String()
}
func newErrorEffectivePolicyNotFoundException(v protocol.ResponseMetadata) error {
return &EffectivePolicyNotFoundException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *EffectivePolicyNotFoundException) Code() string {
return "EffectivePolicyNotFoundException"
}
// Message returns the exception's message.
func (s *EffectivePolicyNotFoundException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *EffectivePolicyNotFoundException) OrigErr() error {
return nil
}
func (s *EffectivePolicyNotFoundException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *EffectivePolicyNotFoundException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *EffectivePolicyNotFoundException) RequestID() string {
return s.RespMetadata.RequestID
}
type EnableAWSServiceAccessInput struct {
_ struct{} `type:"structure"`
// The service principal name of the Amazon Web Services service for which you
// want to enable integration with your organization. This is typically in the
// form of a URL, such as service-abbreviation.amazonaws.com.
//
// ServicePrincipal is a required field
ServicePrincipal *string `min:"1" type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EnableAWSServiceAccessInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EnableAWSServiceAccessInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *EnableAWSServiceAccessInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "EnableAWSServiceAccessInput"}
if s.ServicePrincipal == nil {
invalidParams.Add(request.NewErrParamRequired("ServicePrincipal"))
}
if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 {
invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetServicePrincipal sets the ServicePrincipal field's value.
func (s *EnableAWSServiceAccessInput) SetServicePrincipal(v string) *EnableAWSServiceAccessInput {
s.ServicePrincipal = &v
return s
}
type EnableAWSServiceAccessOutput struct {
_ struct{} `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EnableAWSServiceAccessOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EnableAWSServiceAccessOutput) GoString() string {
return s.String()
}
type EnableAllFeaturesInput struct {
_ struct{} `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EnableAllFeaturesInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EnableAllFeaturesInput) GoString() string {
return s.String()
}
type EnableAllFeaturesOutput struct {
_ struct{} `type:"structure"`
// A structure that contains details about the handshake created to support
// this request to enable all features in the organization.
Handshake *Handshake `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EnableAllFeaturesOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EnableAllFeaturesOutput) GoString() string {
return s.String()
}
// SetHandshake sets the Handshake field's value.
func (s *EnableAllFeaturesOutput) SetHandshake(v *Handshake) *EnableAllFeaturesOutput {
s.Handshake = v
return s
}
type EnablePolicyTypeInput struct {
_ struct{} `type:"structure"`
// The policy type that you want to enable. You can specify one of the following
// values:
//
// * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html)
//
// * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html)
//
// * SERVICE_CONTROL_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html)
//
// * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html)
//
// PolicyType is a required field
PolicyType *string `type:"string" required:"true" enum:"PolicyType"`
// The unique identifier (ID) of the root in which you want to enable a policy
// type. You can get the ID from the ListRoots operation.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for a root ID string
// requires "r-" followed by from 4 to 32 lowercase letters or digits.
//
// RootId is a required field
RootId *string `type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EnablePolicyTypeInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EnablePolicyTypeInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *EnablePolicyTypeInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "EnablePolicyTypeInput"}
if s.PolicyType == nil {
invalidParams.Add(request.NewErrParamRequired("PolicyType"))
}
if s.RootId == nil {
invalidParams.Add(request.NewErrParamRequired("RootId"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetPolicyType sets the PolicyType field's value.
func (s *EnablePolicyTypeInput) SetPolicyType(v string) *EnablePolicyTypeInput {
s.PolicyType = &v
return s
}
// SetRootId sets the RootId field's value.
func (s *EnablePolicyTypeInput) SetRootId(v string) *EnablePolicyTypeInput {
s.RootId = &v
return s
}
type EnablePolicyTypeOutput struct {
_ struct{} `type:"structure"`
// A structure that shows the root with the updated list of enabled policy types.
Root *Root `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EnablePolicyTypeOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EnablePolicyTypeOutput) GoString() string {
return s.String()
}
// SetRoot sets the Root field's value.
func (s *EnablePolicyTypeOutput) SetRoot(v *Root) *EnablePolicyTypeOutput {
s.Root = v
return s
}
// A structure that contains details of a service principal that represents
// an Amazon Web Services service that is enabled to integrate with Organizations.
type EnabledServicePrincipal struct {
_ struct{} `type:"structure"`
// The date that the service principal was enabled for integration with Organizations.
DateEnabled *time.Time `type:"timestamp"`
// The name of the service principal. This is typically in the form of a URL,
// such as: servicename.amazonaws.com.
ServicePrincipal *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EnabledServicePrincipal) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EnabledServicePrincipal) GoString() string {
return s.String()
}
// SetDateEnabled sets the DateEnabled field's value.
func (s *EnabledServicePrincipal) SetDateEnabled(v time.Time) *EnabledServicePrincipal {
s.DateEnabled = &v
return s
}
// SetServicePrincipal sets the ServicePrincipal field's value.
func (s *EnabledServicePrincipal) SetServicePrincipal(v string) *EnabledServicePrincipal {
s.ServicePrincipal = &v
return s
}
// Organizations couldn't perform the operation because your organization hasn't
// finished initializing. This can take up to an hour. Try again later. If after
// one hour you continue to receive this error, contact Amazon Web Services
// Support (https://console.aws.amazon.com/support/home#/).
type FinalizingOrganizationException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s FinalizingOrganizationException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s FinalizingOrganizationException) GoString() string {
return s.String()
}
func newErrorFinalizingOrganizationException(v protocol.ResponseMetadata) error {
return &FinalizingOrganizationException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *FinalizingOrganizationException) Code() string {
return "FinalizingOrganizationException"
}
// Message returns the exception's message.
func (s *FinalizingOrganizationException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *FinalizingOrganizationException) OrigErr() error {
return nil
}
func (s *FinalizingOrganizationException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *FinalizingOrganizationException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *FinalizingOrganizationException) RequestID() string {
return s.RespMetadata.RequestID
}
// Contains information that must be exchanged to securely establish a relationship
// between two accounts (an originator and a recipient). For example, when a
// management account (the originator) invites another account (the recipient)
// to join its organization, the two accounts exchange information as a series
// of handshake requests and responses.
//
// Note: Handshakes that are CANCELED, ACCEPTED, DECLINED, or EXPIRED show up
// in lists for only 30 days after entering that state After that they are deleted.
type Handshake struct {
_ struct{} `type:"structure"`
// The type of handshake, indicating what action occurs when the recipient accepts
// the handshake. The following handshake types are supported:
//
// * INVITE: This type of handshake represents a request to join an organization.
// It is always sent from the management account to only non-member accounts.
//
// * ENABLE_ALL_FEATURES: This type of handshake represents a request to
// enable all features in an organization. It is always sent from the management
// account to only invited member accounts. Created accounts do not receive
// this because those accounts were created by the organization's management
// account and approval is inferred.
//
// * APPROVE_ALL_FEATURES: This type of handshake is sent from the Organizations
// service when all member accounts have approved the ENABLE_ALL_FEATURES
// invitation. It is sent only to the management account and signals the
// master that it can finalize the process to enable all features.
Action *string `type:"string" enum:"ActionType"`
// The Amazon Resource Name (ARN) of a handshake.
//
// For more information about ARNs in Organizations, see ARN Formats Supported
// by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies)
// in the Amazon Web Services Service Authorization Reference.
Arn *string `type:"string"`
// The date and time that the handshake expires. If the recipient of the handshake
// request fails to respond before the specified date and time, the handshake
// becomes inactive and is no longer valid.
ExpirationTimestamp *time.Time `type:"timestamp"`
// The unique identifier (ID) of a handshake. The originating account creates
// the ID when it initiates the handshake.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
// requires "h-" followed by from 8 to 32 lowercase letters or digits.
Id *string `type:"string"`
// Information about the two accounts that are participating in the handshake.
Parties []*HandshakeParty `type:"list"`
// The date and time that the handshake request was made.
RequestedTimestamp *time.Time `type:"timestamp"`
// Additional information that is needed to process the handshake.
Resources []*HandshakeResource `type:"list"`
// The current state of the handshake. Use the state to trace the flow of the
// handshake through the process from its creation to its acceptance. The meaning
// of each of the valid values is as follows:
//
// * REQUESTED: This handshake was sent to multiple recipients (applicable
// to only some handshake types) and not all recipients have responded yet.
// The request stays in this state until all recipients respond.
//
// * OPEN: This handshake was sent to multiple recipients (applicable to
// only some policy types) and all recipients have responded, allowing the
// originator to complete the handshake action.
//
// * CANCELED: This handshake is no longer active because it was canceled
// by the originating account.
//
// * ACCEPTED: This handshake is complete because it has been accepted by
// the recipient.
//
// * DECLINED: This handshake is no longer active because it was declined
// by the recipient account.
//
// * EXPIRED: This handshake is no longer active because the originator did
// not receive a response of any kind from the recipient before the expiration
// time (15 days).
State *string `type:"string" enum:"HandshakeState"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Handshake) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Handshake) GoString() string {
return s.String()
}
// SetAction sets the Action field's value.
func (s *Handshake) SetAction(v string) *Handshake {
s.Action = &v
return s
}
// SetArn sets the Arn field's value.
func (s *Handshake) SetArn(v string) *Handshake {
s.Arn = &v
return s
}
// SetExpirationTimestamp sets the ExpirationTimestamp field's value.
func (s *Handshake) SetExpirationTimestamp(v time.Time) *Handshake {
s.ExpirationTimestamp = &v
return s
}
// SetId sets the Id field's value.
func (s *Handshake) SetId(v string) *Handshake {
s.Id = &v
return s
}
// SetParties sets the Parties field's value.
func (s *Handshake) SetParties(v []*HandshakeParty) *Handshake {
s.Parties = v
return s
}
// SetRequestedTimestamp sets the RequestedTimestamp field's value.
func (s *Handshake) SetRequestedTimestamp(v time.Time) *Handshake {
s.RequestedTimestamp = &v
return s
}
// SetResources sets the Resources field's value.
func (s *Handshake) SetResources(v []*HandshakeResource) *Handshake {
s.Resources = v
return s
}
// SetState sets the State field's value.
func (s *Handshake) SetState(v string) *Handshake {
s.State = &v
return s
}
// The specified handshake is already in the requested state. For example, you
// can't accept a handshake that was already accepted.
type HandshakeAlreadyInStateException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s HandshakeAlreadyInStateException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s HandshakeAlreadyInStateException) GoString() string {
return s.String()
}
func newErrorHandshakeAlreadyInStateException(v protocol.ResponseMetadata) error {
return &HandshakeAlreadyInStateException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *HandshakeAlreadyInStateException) Code() string {
return "HandshakeAlreadyInStateException"
}
// Message returns the exception's message.
func (s *HandshakeAlreadyInStateException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *HandshakeAlreadyInStateException) OrigErr() error {
return nil
}
func (s *HandshakeAlreadyInStateException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *HandshakeAlreadyInStateException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *HandshakeAlreadyInStateException) RequestID() string {
return s.RespMetadata.RequestID
}
// The requested operation would violate the constraint identified in the reason
// code.
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation:
//
// - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. Note that deleted and closed
// accounts still count toward your limit. If you get this exception immediately
// after creating the organization, wait one hour and try again. If after
// an hour it continues to fail with this error, contact Amazon Web Services
// Support (https://console.aws.amazon.com/support/home#/).
//
// - ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because
// the invited account is already a member of an organization.
//
// - HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// - INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations
// to join an organization while it's in the process of enabling all features.
// You can resume inviting accounts after you finalize the process when all
// accounts have agreed to the change.
//
// - ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid
// because the organization has already enabled all features.
//
// - ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake
// request is invalid because the organization has already started the process
// to enable all features.
//
// - ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because
// the account is from a different marketplace than the accounts in the organization.
// For example, accounts with India addresses must be associated with the
// AISPL marketplace. All accounts in an organization must be from the same
// marketplace.
//
// - ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to
// change the membership of an account too quickly after its previous change.
//
// - PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an
// account that doesn't have a payment instrument, such as a credit card,
// associated with it.
type HandshakeConstraintViolationException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
Reason *string `type:"string" enum:"HandshakeConstraintViolationExceptionReason"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s HandshakeConstraintViolationException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s HandshakeConstraintViolationException) GoString() string {
return s.String()
}
func newErrorHandshakeConstraintViolationException(v protocol.ResponseMetadata) error {
return &HandshakeConstraintViolationException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *HandshakeConstraintViolationException) Code() string {
return "HandshakeConstraintViolationException"
}
// Message returns the exception's message.
func (s *HandshakeConstraintViolationException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *HandshakeConstraintViolationException) OrigErr() error {
return nil
}
func (s *HandshakeConstraintViolationException) Error() string {
return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
}
// Status code returns the HTTP status code for the request's response error.
func (s *HandshakeConstraintViolationException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *HandshakeConstraintViolationException) RequestID() string {
return s.RespMetadata.RequestID
}
// Specifies the criteria that are used to select the handshakes for the operation.
type HandshakeFilter struct {
_ struct{} `type:"structure"`
// Specifies the type of handshake action.
//
// If you specify ActionType, you cannot also specify ParentHandshakeId.
ActionType *string `type:"string" enum:"ActionType"`
// Specifies the parent handshake. Only used for handshake types that are a
// child of another type.
//
// If you specify ParentHandshakeId, you cannot also specify ActionType.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
// requires "h-" followed by from 8 to 32 lowercase letters or digits.
ParentHandshakeId *string `type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s HandshakeFilter) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s HandshakeFilter) GoString() string {
return s.String()
}
// SetActionType sets the ActionType field's value.
func (s *HandshakeFilter) SetActionType(v string) *HandshakeFilter {
s.ActionType = &v
return s
}
// SetParentHandshakeId sets the ParentHandshakeId field's value.
func (s *HandshakeFilter) SetParentHandshakeId(v string) *HandshakeFilter {
s.ParentHandshakeId = &v
return s
}
// We can't find a handshake with the HandshakeId that you specified.
type HandshakeNotFoundException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s HandshakeNotFoundException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s HandshakeNotFoundException) GoString() string {
return s.String()
}
func newErrorHandshakeNotFoundException(v protocol.ResponseMetadata) error {
return &HandshakeNotFoundException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *HandshakeNotFoundException) Code() string {
return "HandshakeNotFoundException"
}
// Message returns the exception's message.
func (s *HandshakeNotFoundException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *HandshakeNotFoundException) OrigErr() error {
return nil
}
func (s *HandshakeNotFoundException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *HandshakeNotFoundException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *HandshakeNotFoundException) RequestID() string {
return s.RespMetadata.RequestID
}
// Identifies a participant in a handshake.
type HandshakeParty struct {
_ struct{} `type:"structure"`
// The unique identifier (ID) for the party.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
// requires "h-" followed by from 8 to 32 lowercase letters or digits.
//
// Id is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by HandshakeParty's
// String and GoString methods.
//
// Id is a required field
Id *string `min:"1" type:"string" required:"true" sensitive:"true"`
// The type of party.
//
// Type is a required field
Type *string `type:"string" required:"true" enum:"HandshakePartyType"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s HandshakeParty) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s HandshakeParty) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *HandshakeParty) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "HandshakeParty"}
if s.Id == nil {
invalidParams.Add(request.NewErrParamRequired("Id"))
}
if s.Id != nil && len(*s.Id) < 1 {
invalidParams.Add(request.NewErrParamMinLen("Id", 1))
}
if s.Type == nil {
invalidParams.Add(request.NewErrParamRequired("Type"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetId sets the Id field's value.
func (s *HandshakeParty) SetId(v string) *HandshakeParty {
s.Id = &v
return s
}
// SetType sets the Type field's value.
func (s *HandshakeParty) SetType(v string) *HandshakeParty {
s.Type = &v
return s
}
// Contains additional data that is needed to process a handshake.
type HandshakeResource struct {
_ struct{} `type:"structure"`
// When needed, contains an additional array of HandshakeResource objects.
Resources []*HandshakeResource `type:"list"`
// The type of information being passed, specifying how the value is to be interpreted
// by the other party:
//
// * ACCOUNT - Specifies an Amazon Web Services account ID number.
//
// * ORGANIZATION - Specifies an organization ID number.
//
// * EMAIL - Specifies the email address that is associated with the account
// that receives the handshake.
//
// * OWNER_EMAIL - Specifies the email address associated with the management
// account. Included as information about an organization.
//
// * OWNER_NAME - Specifies the name associated with the management account.
// Included as information about an organization.
//
// * NOTES - Additional text provided by the handshake initiator and intended
// for the recipient to read.
Type *string `type:"string" enum:"HandshakeResourceType"`
// The information that is passed to the other party in the handshake. The format
// of the value string must match the requirements of the specified type.
//
// Value is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by HandshakeResource's
// String and GoString methods.
Value *string `type:"string" sensitive:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s HandshakeResource) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s HandshakeResource) GoString() string {
return s.String()
}
// SetResources sets the Resources field's value.
func (s *HandshakeResource) SetResources(v []*HandshakeResource) *HandshakeResource {
s.Resources = v
return s
}
// SetType sets the Type field's value.
func (s *HandshakeResource) SetType(v string) *HandshakeResource {
s.Type = &v
return s
}
// SetValue sets the Value field's value.
func (s *HandshakeResource) SetValue(v string) *HandshakeResource {
s.Value = &v
return s
}
// You can't perform the operation on the handshake in its current state. For
// example, you can't cancel a handshake that was already accepted or accept
// a handshake that was already declined.
type InvalidHandshakeTransitionException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InvalidHandshakeTransitionException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InvalidHandshakeTransitionException) GoString() string {
return s.String()
}
func newErrorInvalidHandshakeTransitionException(v protocol.ResponseMetadata) error {
return &InvalidHandshakeTransitionException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *InvalidHandshakeTransitionException) Code() string {
return "InvalidHandshakeTransitionException"
}
// Message returns the exception's message.
func (s *InvalidHandshakeTransitionException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *InvalidHandshakeTransitionException) OrigErr() error {
return nil
}
func (s *InvalidHandshakeTransitionException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *InvalidHandshakeTransitionException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *InvalidHandshakeTransitionException) RequestID() string {
return s.RespMetadata.RequestID
}
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation.
//
// - DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
// the same entity.
//
// - IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web
// Services and can't be modified.
//
// - INPUT_REQUIRED: You must include a value for all required parameters.
//
// - INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
// for the invited account owner.
//
// - INVALID_ENUM: You specified an invalid value.
//
// - INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
//
// - INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// - INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// - INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// - INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// - INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// - INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// - INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// - INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
// tag. You can’t add, edit, or delete system tag keys because they're
// reserved for Amazon Web Services use. System tags don’t count against
// your tags per resource limit.
//
// - MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// - MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// - MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// - MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// - MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// - MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// - TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
// target entity.
//
// - UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
// isn't recognized.
type InvalidInputException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
Reason *string `type:"string" enum:"InvalidInputExceptionReason"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InvalidInputException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InvalidInputException) GoString() string {
return s.String()
}
func newErrorInvalidInputException(v protocol.ResponseMetadata) error {
return &InvalidInputException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *InvalidInputException) Code() string {
return "InvalidInputException"
}
// Message returns the exception's message.
func (s *InvalidInputException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *InvalidInputException) OrigErr() error {
return nil
}
func (s *InvalidInputException) Error() string {
return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
}
// Status code returns the HTTP status code for the request's response error.
func (s *InvalidInputException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *InvalidInputException) RequestID() string {
return s.RespMetadata.RequestID
}
type InviteAccountToOrganizationInput struct {
_ struct{} `type:"structure"`
// Additional information that you want to include in the generated email to
// the recipient account owner.
//
// Notes is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by InviteAccountToOrganizationInput's
// String and GoString methods.
Notes *string `type:"string" sensitive:"true"`
// A list of tags that you want to attach to the account when it becomes a member
// of the organization. For each tag in the list, you must specify both a tag
// key and a value. You can set the value to an empty string, but you can't
// set it to null. For more information about tagging, see Tagging Organizations
// resources (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html)
// in the Organizations User Guide.
//
// Any tags in the request are checked for compliance with any applicable tag
// policies when the request is made. The request is rejected if the tags in
// the request don't match the requirements of the policy at that time. Tag
// policy compliance is not checked again when the invitation is accepted and
// the tags are actually attached to the account. That means that if the tag
// policy changes between the invitation and the acceptance, then that tags
// could potentially be non-compliant.
//
// If any one of the tags is not valid or if you exceed the allowed number of
// tags for an account, then the entire request fails and invitations are not
// sent.
Tags []*Tag `type:"list"`
// The identifier (ID) of the Amazon Web Services account that you want to invite
// to join your organization. This is a JSON object that contains the following
// elements:
//
// { "Type": "ACCOUNT", "Id": "< account id number >" }
//
// If you use the CLI, you can submit this as a single string, similar to the
// following example:
//
// --target Id=123456789012,Type=ACCOUNT
//
// If you specify "Type": "ACCOUNT", you must provide the Amazon Web Services
// account ID number as the Id. If you specify "Type": "EMAIL", you must specify
// the email address that is associated with the account.
//
// --target [email protected],Type=EMAIL
//
// Target is a required field
Target *HandshakeParty `type:"structure" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InviteAccountToOrganizationInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InviteAccountToOrganizationInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *InviteAccountToOrganizationInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "InviteAccountToOrganizationInput"}
if s.Target == nil {
invalidParams.Add(request.NewErrParamRequired("Target"))
}
if s.Tags != nil {
for i, v := range s.Tags {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
}
}
}
if s.Target != nil {
if err := s.Target.Validate(); err != nil {
invalidParams.AddNested("Target", err.(request.ErrInvalidParams))
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetNotes sets the Notes field's value.
func (s *InviteAccountToOrganizationInput) SetNotes(v string) *InviteAccountToOrganizationInput {
s.Notes = &v
return s
}
// SetTags sets the Tags field's value.
func (s *InviteAccountToOrganizationInput) SetTags(v []*Tag) *InviteAccountToOrganizationInput {
s.Tags = v
return s
}
// SetTarget sets the Target field's value.
func (s *InviteAccountToOrganizationInput) SetTarget(v *HandshakeParty) *InviteAccountToOrganizationInput {
s.Target = v
return s
}
type InviteAccountToOrganizationOutput struct {
_ struct{} `type:"structure"`
// A structure that contains details about the handshake that is created to
// support this invitation request.
Handshake *Handshake `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InviteAccountToOrganizationOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InviteAccountToOrganizationOutput) GoString() string {
return s.String()
}
// SetHandshake sets the Handshake field's value.
func (s *InviteAccountToOrganizationOutput) SetHandshake(v *Handshake) *InviteAccountToOrganizationOutput {
s.Handshake = v
return s
}
type LeaveOrganizationInput struct {
_ struct{} `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s LeaveOrganizationInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s LeaveOrganizationInput) GoString() string {
return s.String()
}
type LeaveOrganizationOutput struct {
_ struct{} `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s LeaveOrganizationOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s LeaveOrganizationOutput) GoString() string {
return s.String()
}
type ListAWSServiceAccessForOrganizationInput struct {
_ struct{} `type:"structure"`
// The total number of results that you want included on each page of the response.
// If you do not include this parameter, it defaults to a value that is specific
// to the operation. If additional items exist beyond the maximum you specify,
// the NextToken response element is present and has a value (is not null).
// Include that value as the NextToken request parameter in the next call to
// the operation to get the next part of the results. Note that Organizations
// might return fewer results than the maximum even when there are more results
// available. You should check NextToken after every operation to ensure that
// you receive all of the results.
MaxResults *int64 `min:"1" type:"integer"`
// The parameter for receiving additional results if you receive a NextToken
// response in a previous request. A NextToken response indicates that more
// output is available. Set this parameter to the value of the previous call's
// NextToken response to indicate where the output should continue from.
NextToken *string `type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAWSServiceAccessForOrganizationInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAWSServiceAccessForOrganizationInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *ListAWSServiceAccessForOrganizationInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "ListAWSServiceAccessForOrganizationInput"}
if s.MaxResults != nil && *s.MaxResults < 1 {
invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetMaxResults sets the MaxResults field's value.
func (s *ListAWSServiceAccessForOrganizationInput) SetMaxResults(v int64) *ListAWSServiceAccessForOrganizationInput {
s.MaxResults = &v
return s
}
// SetNextToken sets the NextToken field's value.
func (s *ListAWSServiceAccessForOrganizationInput) SetNextToken(v string) *ListAWSServiceAccessForOrganizationInput {
s.NextToken = &v
return s
}
type ListAWSServiceAccessForOrganizationOutput struct {
_ struct{} `type:"structure"`
// A list of the service principals for the services that are enabled to integrate
// with your organization. Each principal is a structure that includes the name
// and the date that it was enabled for integration with Organizations.
EnabledServicePrincipals []*EnabledServicePrincipal `type:"list"`
// If present, indicates that more output is available than is included in the
// current response. Use this value in the NextToken request parameter in a
// subsequent call to the operation to get the next part of the output. You
// should repeat this until the NextToken response element comes back as null.
NextToken *string `type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAWSServiceAccessForOrganizationOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAWSServiceAccessForOrganizationOutput) GoString() string {
return s.String()
}
// SetEnabledServicePrincipals sets the EnabledServicePrincipals field's value.
func (s *ListAWSServiceAccessForOrganizationOutput) SetEnabledServicePrincipals(v []*EnabledServicePrincipal) *ListAWSServiceAccessForOrganizationOutput {
s.EnabledServicePrincipals = v
return s
}
// SetNextToken sets the NextToken field's value.
func (s *ListAWSServiceAccessForOrganizationOutput) SetNextToken(v string) *ListAWSServiceAccessForOrganizationOutput {
s.NextToken = &v
return s
}
type ListAccountsForParentInput struct {
_ struct{} `type:"structure"`
// The total number of results that you want included on each page of the response.
// If you do not include this parameter, it defaults to a value that is specific
// to the operation. If additional items exist beyond the maximum you specify,
// the NextToken response element is present and has a value (is not null).
// Include that value as the NextToken request parameter in the next call to
// the operation to get the next part of the results. Note that Organizations
// might return fewer results than the maximum even when there are more results
// available. You should check NextToken after every operation to ensure that
// you receive all of the results.
MaxResults *int64 `min:"1" type:"integer"`
// The parameter for receiving additional results if you receive a NextToken
// response in a previous request. A NextToken response indicates that more
// output is available. Set this parameter to the value of the previous call's
// NextToken response to indicate where the output should continue from.
NextToken *string `type:"string"`
// The unique identifier (ID) for the parent root or organization unit (OU)
// whose accounts you want to list.
//
// ParentId is a required field
ParentId *string `type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAccountsForParentInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAccountsForParentInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *ListAccountsForParentInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "ListAccountsForParentInput"}
if s.MaxResults != nil && *s.MaxResults < 1 {
invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
}
if s.ParentId == nil {
invalidParams.Add(request.NewErrParamRequired("ParentId"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetMaxResults sets the MaxResults field's value.
func (s *ListAccountsForParentInput) SetMaxResults(v int64) *ListAccountsForParentInput {
s.MaxResults = &v
return s
}
// SetNextToken sets the NextToken field's value.
func (s *ListAccountsForParentInput) SetNextToken(v string) *ListAccountsForParentInput {
s.NextToken = &v
return s
}
// SetParentId sets the ParentId field's value.
func (s *ListAccountsForParentInput) SetParentId(v string) *ListAccountsForParentInput {
s.ParentId = &v
return s
}
type ListAccountsForParentOutput struct {
_ struct{} `type:"structure"`
// A list of the accounts in the specified root or OU.
Accounts []*Account `type:"list"`
// If present, indicates that more output is available than is included in the
// current response. Use this value in the NextToken request parameter in a
// subsequent call to the operation to get the next part of the output. You
// should repeat this until the NextToken response element comes back as null.
NextToken *string `type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAccountsForParentOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAccountsForParentOutput) GoString() string {
return s.String()
}
// SetAccounts sets the Accounts field's value.
func (s *ListAccountsForParentOutput) SetAccounts(v []*Account) *ListAccountsForParentOutput {
s.Accounts = v
return s
}
// SetNextToken sets the NextToken field's value.
func (s *ListAccountsForParentOutput) SetNextToken(v string) *ListAccountsForParentOutput {
s.NextToken = &v
return s
}
type ListAccountsInput struct {
_ struct{} `type:"structure"`
// The total number of results that you want included on each page of the response.
// If you do not include this parameter, it defaults to a value that is specific
// to the operation. If additional items exist beyond the maximum you specify,
// the NextToken response element is present and has a value (is not null).
// Include that value as the NextToken request parameter in the next call to
// the operation to get the next part of the results. Note that Organizations
// might return fewer results than the maximum even when there are more results
// available. You should check NextToken after every operation to ensure that
// you receive all of the results.
MaxResults *int64 `min:"1" type:"integer"`
// The parameter for receiving additional results if you receive a NextToken
// response in a previous request. A NextToken response indicates that more
// output is available. Set this parameter to the value of the previous call's
// NextToken response to indicate where the output should continue from.
NextToken *string `type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAccountsInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAccountsInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *ListAccountsInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "ListAccountsInput"}
if s.MaxResults != nil && *s.MaxResults < 1 {
invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetMaxResults sets the MaxResults field's value.
func (s *ListAccountsInput) SetMaxResults(v int64) *ListAccountsInput {
s.MaxResults = &v
return s
}
// SetNextToken sets the NextToken field's value.
func (s *ListAccountsInput) SetNextToken(v string) *ListAccountsInput {
s.NextToken = &v
return s
}
type ListAccountsOutput struct {
_ struct{} `type:"structure"`
// A list of objects in the organization.
Accounts []*Account `type:"list"`
// If present, indicates that more output is available than is included in the
// current response. Use this value in the NextToken request parameter in a
// subsequent call to the operation to get the next part of the output. You
// should repeat this until the NextToken response element comes back as null.
NextToken *string `type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAccountsOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAccountsOutput) GoString() string {
return s.String()
}
// SetAccounts sets the Accounts field's value.
func (s *ListAccountsOutput) SetAccounts(v []*Account) *ListAccountsOutput {
s.Accounts = v
return s
}
// SetNextToken sets the NextToken field's value.
func (s *ListAccountsOutput) SetNextToken(v string) *ListAccountsOutput {
s.NextToken = &v
return s
}
type ListChildrenInput struct {
_ struct{} `type:"structure"`
// Filters the output to include only the specified child type.
//
// ChildType is a required field
ChildType *string `type:"string" required:"true" enum:"ChildType"`
// The total number of results that you want included on each page of the response.
// If you do not include this parameter, it defaults to a value that is specific
// to the operation. If additional items exist beyond the maximum you specify,
// the NextToken response element is present and has a value (is not null).
// Include that value as the NextToken request parameter in the next call to
// the operation to get the next part of the results. Note that Organizations
// might return fewer results than the maximum even when there are more results
// available. You should check NextToken after every operation to ensure that
// you receive all of the results.
MaxResults *int64 `min:"1" type:"integer"`
// The parameter for receiving additional results if you receive a NextToken
// response in a previous request. A NextToken response indicates that more
// output is available. Set this parameter to the value of the previous call's
// NextToken response to indicate where the output should continue from.
NextToken *string `type:"string"`
// The unique identifier (ID) for the parent root or OU whose children you want
// to list.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string
// requires one of the following:
//
// * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
// letters or digits.
//
// * Organizational unit (OU) - A string that begins with "ou-" followed
// by from 4 to 32 lowercase letters or digits (the ID of the root that the
// OU is in). This string is followed by a second "-" dash and from 8 to
// 32 additional lowercase letters or digits.
//
// ParentId is a required field
ParentId *string `type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListChildrenInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListChildrenInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *ListChildrenInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "ListChildrenInput"}
if s.ChildType == nil {
invalidParams.Add(request.NewErrParamRequired("ChildType"))
}
if s.MaxResults != nil && *s.MaxResults < 1 {
invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
}
if s.ParentId == nil {
invalidParams.Add(request.NewErrParamRequired("ParentId"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetChildType sets the ChildType field's value.
func (s *ListChildrenInput) SetChildType(v string) *ListChildrenInput {
s.ChildType = &v
return s
}
// SetMaxResults sets the MaxResults field's value.
func (s *ListChildrenInput) SetMaxResults(v int64) *ListChildrenInput {
s.MaxResults = &v
return s
}
// SetNextToken sets the NextToken field's value.
func (s *ListChildrenInput) SetNextToken(v string) *ListChildrenInput {
s.NextToken = &v
return s
}
// SetParentId sets the ParentId field's value.
func (s *ListChildrenInput) SetParentId(v string) *ListChildrenInput {
s.ParentId = &v
return s
}
type ListChildrenOutput struct {
_ struct{} `type:"structure"`
// The list of children of the specified parent container.
Children []*Child `type:"list"`
// If present, indicates that more output is available than is included in the
// current response. Use this value in the NextToken request parameter in a
// subsequent call to the operation to get the next part of the output. You
// should repeat this until the NextToken response element comes back as null.
NextToken *string `type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListChildrenOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListChildrenOutput) GoString() string {
return s.String()
}
// SetChildren sets the Children field's value.
func (s *ListChildrenOutput) SetChildren(v []*Child) *ListChildrenOutput {
s.Children = v
return s
}
// SetNextToken sets the NextToken field's value.
func (s *ListChildrenOutput) SetNextToken(v string) *ListChildrenOutput {
s.NextToken = &v
return s
}
type ListCreateAccountStatusInput struct {
_ struct{} `type:"structure"`
// The total number of results that you want included on each page of the response.
// If you do not include this parameter, it defaults to a value that is specific
// to the operation. If additional items exist beyond the maximum you specify,
// the NextToken response element is present and has a value (is not null).
// Include that value as the NextToken request parameter in the next call to
// the operation to get the next part of the results. Note that Organizations
// might return fewer results than the maximum even when there are more results
// available. You should check NextToken after every operation to ensure that
// you receive all of the results.
MaxResults *int64 `min:"1" type:"integer"`
// The parameter for receiving additional results if you receive a NextToken
// response in a previous request. A NextToken response indicates that more
// output is available. Set this parameter to the value of the previous call's
// NextToken response to indicate where the output should continue from.
NextToken *string `type:"string"`
// A list of one or more states that you want included in the response. If this
// parameter isn't present, all requests are included in the response.
States []*string `type:"list" enum:"CreateAccountState"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListCreateAccountStatusInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListCreateAccountStatusInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *ListCreateAccountStatusInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "ListCreateAccountStatusInput"}
if s.MaxResults != nil && *s.MaxResults < 1 {
invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetMaxResults sets the MaxResults field's value.
func (s *ListCreateAccountStatusInput) SetMaxResults(v int64) *ListCreateAccountStatusInput {
s.MaxResults = &v
return s
}
// SetNextToken sets the NextToken field's value.
func (s *ListCreateAccountStatusInput) SetNextToken(v string) *ListCreateAccountStatusInput {
s.NextToken = &v
return s
}
// SetStates sets the States field's value.
func (s *ListCreateAccountStatusInput) SetStates(v []*string) *ListCreateAccountStatusInput {
s.States = v
return s
}
type ListCreateAccountStatusOutput struct {
_ struct{} `type:"structure"`
// A list of objects with details about the requests. Certain elements, such
// as the accountId number, are present in the output only after the account
// has been successfully created.
CreateAccountStatuses []*CreateAccountStatus `type:"list"`
// If present, indicates that more output is available than is included in the
// current response. Use this value in the NextToken request parameter in a
// subsequent call to the operation to get the next part of the output. You
// should repeat this until the NextToken response element comes back as null.
NextToken *string `type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListCreateAccountStatusOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListCreateAccountStatusOutput) GoString() string {
return s.String()
}
// SetCreateAccountStatuses sets the CreateAccountStatuses field's value.
func (s *ListCreateAccountStatusOutput) SetCreateAccountStatuses(v []*CreateAccountStatus) *ListCreateAccountStatusOutput {
s.CreateAccountStatuses = v
return s
}
// SetNextToken sets the NextToken field's value.
func (s *ListCreateAccountStatusOutput) SetNextToken(v string) *ListCreateAccountStatusOutput {
s.NextToken = &v
return s
}
type ListDelegatedAdministratorsInput struct {
_ struct{} `type:"structure"`
// The total number of results that you want included on each page of the response.
// If you do not include this parameter, it defaults to a value that is specific
// to the operation. If additional items exist beyond the maximum you specify,
// the NextToken response element is present and has a value (is not null).
// Include that value as the NextToken request parameter in the next call to
// the operation to get the next part of the results. Note that Organizations
// might return fewer results than the maximum even when there are more results
// available. You should check NextToken after every operation to ensure that
// you receive all of the results.
MaxResults *int64 `min:"1" type:"integer"`
// The parameter for receiving additional results if you receive a NextToken
// response in a previous request. A NextToken response indicates that more
// output is available. Set this parameter to the value of the previous call's
// NextToken response to indicate where the output should continue from.
NextToken *string `type:"string"`
// Specifies a service principal name. If specified, then the operation lists
// the delegated administrators only for the specified service.
//
// If you don't specify a service principal, the operation lists all delegated
// administrators for all services in your organization.
ServicePrincipal *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListDelegatedAdministratorsInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListDelegatedAdministratorsInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *ListDelegatedAdministratorsInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "ListDelegatedAdministratorsInput"}
if s.MaxResults != nil && *s.MaxResults < 1 {
invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
}
if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 {
invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetMaxResults sets the MaxResults field's value.
func (s *ListDelegatedAdministratorsInput) SetMaxResults(v int64) *ListDelegatedAdministratorsInput {
s.MaxResults = &v
return s
}
// SetNextToken sets the NextToken field's value.
func (s *ListDelegatedAdministratorsInput) SetNextToken(v string) *ListDelegatedAdministratorsInput {
s.NextToken = &v
return s
}
// SetServicePrincipal sets the ServicePrincipal field's value.
func (s *ListDelegatedAdministratorsInput) SetServicePrincipal(v string) *ListDelegatedAdministratorsInput {
s.ServicePrincipal = &v
return s
}
type ListDelegatedAdministratorsOutput struct {
_ struct{} `type:"structure"`
// The list of delegated administrators in your organization.
DelegatedAdministrators []*DelegatedAdministrator `type:"list"`
// If present, indicates that more output is available than is included in the
// current response. Use this value in the NextToken request parameter in a
// subsequent call to the operation to get the next part of the output. You
// should repeat this until the NextToken response element comes back as null.
NextToken *string `type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListDelegatedAdministratorsOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListDelegatedAdministratorsOutput) GoString() string {
return s.String()
}
// SetDelegatedAdministrators sets the DelegatedAdministrators field's value.
func (s *ListDelegatedAdministratorsOutput) SetDelegatedAdministrators(v []*DelegatedAdministrator) *ListDelegatedAdministratorsOutput {
s.DelegatedAdministrators = v
return s
}
// SetNextToken sets the NextToken field's value.
func (s *ListDelegatedAdministratorsOutput) SetNextToken(v string) *ListDelegatedAdministratorsOutput {
s.NextToken = &v
return s
}
type ListDelegatedServicesForAccountInput struct {
_ struct{} `type:"structure"`
// The account ID number of a delegated administrator account in the organization.
//
// AccountId is a required field
AccountId *string `type:"string" required:"true"`
// The total number of results that you want included on each page of the response.
// If you do not include this parameter, it defaults to a value that is specific
// to the operation. If additional items exist beyond the maximum you specify,
// the NextToken response element is present and has a value (is not null).
// Include that value as the NextToken request parameter in the next call to
// the operation to get the next part of the results. Note that Organizations
// might return fewer results than the maximum even when there are more results
// available. You should check NextToken after every operation to ensure that
// you receive all of the results.
MaxResults *int64 `min:"1" type:"integer"`
// The parameter for receiving additional results if you receive a NextToken
// response in a previous request. A NextToken response indicates that more
// output is available. Set this parameter to the value of the previous call's
// NextToken response to indicate where the output should continue from.
NextToken *string `type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListDelegatedServicesForAccountInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListDelegatedServicesForAccountInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *ListDelegatedServicesForAccountInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "ListDelegatedServicesForAccountInput"}
if s.AccountId == nil {
invalidParams.Add(request.NewErrParamRequired("AccountId"))
}
if s.MaxResults != nil && *s.MaxResults < 1 {
invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetAccountId sets the AccountId field's value.
func (s *ListDelegatedServicesForAccountInput) SetAccountId(v string) *ListDelegatedServicesForAccountInput {
s.AccountId = &v
return s
}
// SetMaxResults sets the MaxResults field's value.
func (s *ListDelegatedServicesForAccountInput) SetMaxResults(v int64) *ListDelegatedServicesForAccountInput {
s.MaxResults = &v
return s
}
// SetNextToken sets the NextToken field's value.
func (s *ListDelegatedServicesForAccountInput) SetNextToken(v string) *ListDelegatedServicesForAccountInput {
s.NextToken = &v
return s
}
type ListDelegatedServicesForAccountOutput struct {
_ struct{} `type:"structure"`
// The services for which the account is a delegated administrator.
DelegatedServices []*DelegatedService `type:"list"`
// If present, indicates that more output is available than is included in the
// current response. Use this value in the NextToken request parameter in a
// subsequent call to the operation to get the next part of the output. You
// should repeat this until the NextToken response element comes back as null.
NextToken *string `type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListDelegatedServicesForAccountOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListDelegatedServicesForAccountOutput) GoString() string {
return s.String()
}
// SetDelegatedServices sets the DelegatedServices field's value.
func (s *ListDelegatedServicesForAccountOutput) SetDelegatedServices(v []*DelegatedService) *ListDelegatedServicesForAccountOutput {
s.DelegatedServices = v
return s
}
// SetNextToken sets the NextToken field's value.
func (s *ListDelegatedServicesForAccountOutput) SetNextToken(v string) *ListDelegatedServicesForAccountOutput {
s.NextToken = &v
return s
}
type ListHandshakesForAccountInput struct {
_ struct{} `type:"structure"`
// Filters the handshakes that you want included in the response. The default
// is all types. Use the ActionType element to limit the output to only a specified
// type, such as INVITE, ENABLE_ALL_FEATURES, or APPROVE_ALL_FEATURES. Alternatively,
// for the ENABLE_ALL_FEATURES handshake that generates a separate child handshake
// for each member account, you can specify ParentHandshakeId to see only the
// handshakes that were generated by that parent request.
Filter *HandshakeFilter `type:"structure"`
// The total number of results that you want included on each page of the response.
// If you do not include this parameter, it defaults to a value that is specific
// to the operation. If additional items exist beyond the maximum you specify,
// the NextToken response element is present and has a value (is not null).
// Include that value as the NextToken request parameter in the next call to
// the operation to get the next part of the results. Note that Organizations
// might return fewer results than the maximum even when there are more results
// available. You should check NextToken after every operation to ensure that
// you receive all of the results.
MaxResults *int64 `min:"1" type:"integer"`
// The parameter for receiving additional results if you receive a NextToken
// response in a previous request. A NextToken response indicates that more
// output is available. Set this parameter to the value of the previous call's
// NextToken response to indicate where the output should continue from.
NextToken *string `type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListHandshakesForAccountInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListHandshakesForAccountInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *ListHandshakesForAccountInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "ListHandshakesForAccountInput"}
if s.MaxResults != nil && *s.MaxResults < 1 {
invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetFilter sets the Filter field's value.
func (s *ListHandshakesForAccountInput) SetFilter(v *HandshakeFilter) *ListHandshakesForAccountInput {
s.Filter = v
return s
}
// SetMaxResults sets the MaxResults field's value.
func (s *ListHandshakesForAccountInput) SetMaxResults(v int64) *ListHandshakesForAccountInput {
s.MaxResults = &v
return s
}
// SetNextToken sets the NextToken field's value.
func (s *ListHandshakesForAccountInput) SetNextToken(v string) *ListHandshakesForAccountInput {
s.NextToken = &v
return s
}
type ListHandshakesForAccountOutput struct {
_ struct{} `type:"structure"`
// A list of Handshake objects with details about each of the handshakes that
// is associated with the specified account.
Handshakes []*Handshake `type:"list"`
// If present, indicates that more output is available than is included in the
// current response. Use this value in the NextToken request parameter in a
// subsequent call to the operation to get the next part of the output. You
// should repeat this until the NextToken response element comes back as null.
NextToken *string `type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListHandshakesForAccountOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListHandshakesForAccountOutput) GoString() string {
return s.String()
}
// SetHandshakes sets the Handshakes field's value.
func (s *ListHandshakesForAccountOutput) SetHandshakes(v []*Handshake) *ListHandshakesForAccountOutput {
s.Handshakes = v
return s
}
// SetNextToken sets the NextToken field's value.
func (s *ListHandshakesForAccountOutput) SetNextToken(v string) *ListHandshakesForAccountOutput {
s.NextToken = &v
return s
}
type ListHandshakesForOrganizationInput struct {
_ struct{} `type:"structure"`
// A filter of the handshakes that you want included in the response. The default
// is all types. Use the ActionType element to limit the output to only a specified
// type, such as INVITE, ENABLE-ALL-FEATURES, or APPROVE-ALL-FEATURES. Alternatively,
// for the ENABLE-ALL-FEATURES handshake that generates a separate child handshake
// for each member account, you can specify the ParentHandshakeId to see only
// the handshakes that were generated by that parent request.
Filter *HandshakeFilter `type:"structure"`
// The total number of results that you want included on each page of the response.
// If you do not include this parameter, it defaults to a value that is specific
// to the operation. If additional items exist beyond the maximum you specify,
// the NextToken response element is present and has a value (is not null).
// Include that value as the NextToken request parameter in the next call to
// the operation to get the next part of the results. Note that Organizations
// might return fewer results than the maximum even when there are more results
// available. You should check NextToken after every operation to ensure that
// you receive all of the results.
MaxResults *int64 `min:"1" type:"integer"`
// The parameter for receiving additional results if you receive a NextToken
// response in a previous request. A NextToken response indicates that more
// output is available. Set this parameter to the value of the previous call's
// NextToken response to indicate where the output should continue from.
NextToken *string `type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListHandshakesForOrganizationInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListHandshakesForOrganizationInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *ListHandshakesForOrganizationInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "ListHandshakesForOrganizationInput"}
if s.MaxResults != nil && *s.MaxResults < 1 {
invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetFilter sets the Filter field's value.
func (s *ListHandshakesForOrganizationInput) SetFilter(v *HandshakeFilter) *ListHandshakesForOrganizationInput {
s.Filter = v
return s
}
// SetMaxResults sets the MaxResults field's value.
func (s *ListHandshakesForOrganizationInput) SetMaxResults(v int64) *ListHandshakesForOrganizationInput {
s.MaxResults = &v
return s
}
// SetNextToken sets the NextToken field's value.
func (s *ListHandshakesForOrganizationInput) SetNextToken(v string) *ListHandshakesForOrganizationInput {
s.NextToken = &v
return s
}
type ListHandshakesForOrganizationOutput struct {
_ struct{} `type:"structure"`
// A list of Handshake objects with details about each of the handshakes that
// are associated with an organization.
Handshakes []*Handshake `type:"list"`
// If present, indicates that more output is available than is included in the
// current response. Use this value in the NextToken request parameter in a
// subsequent call to the operation to get the next part of the output. You
// should repeat this until the NextToken response element comes back as null.
NextToken *string `type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListHandshakesForOrganizationOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListHandshakesForOrganizationOutput) GoString() string {
return s.String()
}
// SetHandshakes sets the Handshakes field's value.
func (s *ListHandshakesForOrganizationOutput) SetHandshakes(v []*Handshake) *ListHandshakesForOrganizationOutput {
s.Handshakes = v
return s
}
// SetNextToken sets the NextToken field's value.
func (s *ListHandshakesForOrganizationOutput) SetNextToken(v string) *ListHandshakesForOrganizationOutput {
s.NextToken = &v
return s
}
type ListOrganizationalUnitsForParentInput struct {
_ struct{} `type:"structure"`
// The total number of results that you want included on each page of the response.
// If you do not include this parameter, it defaults to a value that is specific
// to the operation. If additional items exist beyond the maximum you specify,
// the NextToken response element is present and has a value (is not null).
// Include that value as the NextToken request parameter in the next call to
// the operation to get the next part of the results. Note that Organizations
// might return fewer results than the maximum even when there are more results
// available. You should check NextToken after every operation to ensure that
// you receive all of the results.
MaxResults *int64 `min:"1" type:"integer"`
// The parameter for receiving additional results if you receive a NextToken
// response in a previous request. A NextToken response indicates that more
// output is available. Set this parameter to the value of the previous call's
// NextToken response to indicate where the output should continue from.
NextToken *string `type:"string"`
// The unique identifier (ID) of the root or OU whose child OUs you want to
// list.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string
// requires one of the following:
//
// * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
// letters or digits.
//
// * Organizational unit (OU) - A string that begins with "ou-" followed
// by from 4 to 32 lowercase letters or digits (the ID of the root that the
// OU is in). This string is followed by a second "-" dash and from 8 to
// 32 additional lowercase letters or digits.
//
// ParentId is a required field
ParentId *string `type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListOrganizationalUnitsForParentInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListOrganizationalUnitsForParentInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *ListOrganizationalUnitsForParentInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "ListOrganizationalUnitsForParentInput"}
if s.MaxResults != nil && *s.MaxResults < 1 {
invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
}
if s.ParentId == nil {
invalidParams.Add(request.NewErrParamRequired("ParentId"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetMaxResults sets the MaxResults field's value.
func (s *ListOrganizationalUnitsForParentInput) SetMaxResults(v int64) *ListOrganizationalUnitsForParentInput {
s.MaxResults = &v
return s
}
// SetNextToken sets the NextToken field's value.
func (s *ListOrganizationalUnitsForParentInput) SetNextToken(v string) *ListOrganizationalUnitsForParentInput {
s.NextToken = &v
return s
}
// SetParentId sets the ParentId field's value.
func (s *ListOrganizationalUnitsForParentInput) SetParentId(v string) *ListOrganizationalUnitsForParentInput {
s.ParentId = &v
return s
}
type ListOrganizationalUnitsForParentOutput struct {
_ struct{} `type:"structure"`
// If present, indicates that more output is available than is included in the
// current response. Use this value in the NextToken request parameter in a
// subsequent call to the operation to get the next part of the output. You
// should repeat this until the NextToken response element comes back as null.
NextToken *string `type:"string"`
// A list of the OUs in the specified root or parent OU.
OrganizationalUnits []*OrganizationalUnit `type:"list"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListOrganizationalUnitsForParentOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListOrganizationalUnitsForParentOutput) GoString() string {
return s.String()
}
// SetNextToken sets the NextToken field's value.
func (s *ListOrganizationalUnitsForParentOutput) SetNextToken(v string) *ListOrganizationalUnitsForParentOutput {
s.NextToken = &v
return s
}
// SetOrganizationalUnits sets the OrganizationalUnits field's value.
func (s *ListOrganizationalUnitsForParentOutput) SetOrganizationalUnits(v []*OrganizationalUnit) *ListOrganizationalUnitsForParentOutput {
s.OrganizationalUnits = v
return s
}
type ListParentsInput struct {
_ struct{} `type:"structure"`
// The unique identifier (ID) of the OU or account whose parent containers you
// want to list. Don't specify a root.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for a child ID string
// requires one of the following:
//
// * Account - A string that consists of exactly 12 digits.
//
// * Organizational unit (OU) - A string that begins with "ou-" followed
// by from 4 to 32 lowercase letters or digits (the ID of the root that contains
// the OU). This string is followed by a second "-" dash and from 8 to 32
// additional lowercase letters or digits.
//
// ChildId is a required field
ChildId *string `type:"string" required:"true"`
// The total number of results that you want included on each page of the response.
// If you do not include this parameter, it defaults to a value that is specific
// to the operation. If additional items exist beyond the maximum you specify,
// the NextToken response element is present and has a value (is not null).
// Include that value as the NextToken request parameter in the next call to
// the operation to get the next part of the results. Note that Organizations
// might return fewer results than the maximum even when there are more results
// available. You should check NextToken after every operation to ensure that
// you receive all of the results.
MaxResults *int64 `min:"1" type:"integer"`
// The parameter for receiving additional results if you receive a NextToken
// response in a previous request. A NextToken response indicates that more
// output is available. Set this parameter to the value of the previous call's
// NextToken response to indicate where the output should continue from.
NextToken *string `type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListParentsInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListParentsInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *ListParentsInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "ListParentsInput"}
if s.ChildId == nil {
invalidParams.Add(request.NewErrParamRequired("ChildId"))
}
if s.MaxResults != nil && *s.MaxResults < 1 {
invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetChildId sets the ChildId field's value.
func (s *ListParentsInput) SetChildId(v string) *ListParentsInput {
s.ChildId = &v
return s
}
// SetMaxResults sets the MaxResults field's value.
func (s *ListParentsInput) SetMaxResults(v int64) *ListParentsInput {
s.MaxResults = &v
return s
}
// SetNextToken sets the NextToken field's value.
func (s *ListParentsInput) SetNextToken(v string) *ListParentsInput {
s.NextToken = &v
return s
}
type ListParentsOutput struct {
_ struct{} `type:"structure"`
// If present, indicates that more output is available than is included in the
// current response. Use this value in the NextToken request parameter in a
// subsequent call to the operation to get the next part of the output. You
// should repeat this until the NextToken response element comes back as null.
NextToken *string `type:"string"`
// A list of parents for the specified child account or OU.
Parents []*Parent `type:"list"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListParentsOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListParentsOutput) GoString() string {
return s.String()
}
// SetNextToken sets the NextToken field's value.
func (s *ListParentsOutput) SetNextToken(v string) *ListParentsOutput {
s.NextToken = &v
return s
}
// SetParents sets the Parents field's value.
func (s *ListParentsOutput) SetParents(v []*Parent) *ListParentsOutput {
s.Parents = v
return s
}
type ListPoliciesForTargetInput struct {
_ struct{} `type:"structure"`
// The type of policy that you want to include in the returned list. You must
// specify one of the following values:
//
// * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html)
//
// * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html)
//
// * SERVICE_CONTROL_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html)
//
// * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html)
//
// Filter is a required field
Filter *string `type:"string" required:"true" enum:"PolicyType"`
// The total number of results that you want included on each page of the response.
// If you do not include this parameter, it defaults to a value that is specific
// to the operation. If additional items exist beyond the maximum you specify,
// the NextToken response element is present and has a value (is not null).
// Include that value as the NextToken request parameter in the next call to
// the operation to get the next part of the results. Note that Organizations
// might return fewer results than the maximum even when there are more results
// available. You should check NextToken after every operation to ensure that
// you receive all of the results.
MaxResults *int64 `min:"1" type:"integer"`
// The parameter for receiving additional results if you receive a NextToken
// response in a previous request. A NextToken response indicates that more
// output is available. Set this parameter to the value of the previous call's
// NextToken response to indicate where the output should continue from.
NextToken *string `type:"string"`
// The unique identifier (ID) of the root, organizational unit, or account whose
// policies you want to list.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string
// requires one of the following:
//
// * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
// letters or digits.
//
// * Account - A string that consists of exactly 12 digits.
//
// * Organizational unit (OU) - A string that begins with "ou-" followed
// by from 4 to 32 lowercase letters or digits (the ID of the root that the
// OU is in). This string is followed by a second "-" dash and from 8 to
// 32 additional lowercase letters or digits.
//
// TargetId is a required field
TargetId *string `type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPoliciesForTargetInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPoliciesForTargetInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *ListPoliciesForTargetInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "ListPoliciesForTargetInput"}
if s.Filter == nil {
invalidParams.Add(request.NewErrParamRequired("Filter"))
}
if s.MaxResults != nil && *s.MaxResults < 1 {
invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
}
if s.TargetId == nil {
invalidParams.Add(request.NewErrParamRequired("TargetId"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetFilter sets the Filter field's value.
func (s *ListPoliciesForTargetInput) SetFilter(v string) *ListPoliciesForTargetInput {
s.Filter = &v
return s
}
// SetMaxResults sets the MaxResults field's value.
func (s *ListPoliciesForTargetInput) SetMaxResults(v int64) *ListPoliciesForTargetInput {
s.MaxResults = &v
return s
}
// SetNextToken sets the NextToken field's value.
func (s *ListPoliciesForTargetInput) SetNextToken(v string) *ListPoliciesForTargetInput {
s.NextToken = &v
return s
}
// SetTargetId sets the TargetId field's value.
func (s *ListPoliciesForTargetInput) SetTargetId(v string) *ListPoliciesForTargetInput {
s.TargetId = &v
return s
}
type ListPoliciesForTargetOutput struct {
_ struct{} `type:"structure"`
// If present, indicates that more output is available than is included in the
// current response. Use this value in the NextToken request parameter in a
// subsequent call to the operation to get the next part of the output. You
// should repeat this until the NextToken response element comes back as null.
NextToken *string `type:"string"`
// The list of policies that match the criteria in the request.
Policies []*PolicySummary `type:"list"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPoliciesForTargetOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPoliciesForTargetOutput) GoString() string {
return s.String()
}
// SetNextToken sets the NextToken field's value.
func (s *ListPoliciesForTargetOutput) SetNextToken(v string) *ListPoliciesForTargetOutput {
s.NextToken = &v
return s
}
// SetPolicies sets the Policies field's value.
func (s *ListPoliciesForTargetOutput) SetPolicies(v []*PolicySummary) *ListPoliciesForTargetOutput {
s.Policies = v
return s
}
type ListPoliciesInput struct {
_ struct{} `type:"structure"`
// Specifies the type of policy that you want to include in the response. You
// must specify one of the following values:
//
// * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html)
//
// * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html)
//
// * SERVICE_CONTROL_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html)
//
// * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html)
//
// Filter is a required field
Filter *string `type:"string" required:"true" enum:"PolicyType"`
// The total number of results that you want included on each page of the response.
// If you do not include this parameter, it defaults to a value that is specific
// to the operation. If additional items exist beyond the maximum you specify,
// the NextToken response element is present and has a value (is not null).
// Include that value as the NextToken request parameter in the next call to
// the operation to get the next part of the results. Note that Organizations
// might return fewer results than the maximum even when there are more results
// available. You should check NextToken after every operation to ensure that
// you receive all of the results.
MaxResults *int64 `min:"1" type:"integer"`
// The parameter for receiving additional results if you receive a NextToken
// response in a previous request. A NextToken response indicates that more
// output is available. Set this parameter to the value of the previous call's
// NextToken response to indicate where the output should continue from.
NextToken *string `type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPoliciesInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPoliciesInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *ListPoliciesInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "ListPoliciesInput"}
if s.Filter == nil {
invalidParams.Add(request.NewErrParamRequired("Filter"))
}
if s.MaxResults != nil && *s.MaxResults < 1 {
invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetFilter sets the Filter field's value.
func (s *ListPoliciesInput) SetFilter(v string) *ListPoliciesInput {
s.Filter = &v
return s
}
// SetMaxResults sets the MaxResults field's value.
func (s *ListPoliciesInput) SetMaxResults(v int64) *ListPoliciesInput {
s.MaxResults = &v
return s
}
// SetNextToken sets the NextToken field's value.
func (s *ListPoliciesInput) SetNextToken(v string) *ListPoliciesInput {
s.NextToken = &v
return s
}
type ListPoliciesOutput struct {
_ struct{} `type:"structure"`
// If present, indicates that more output is available than is included in the
// current response. Use this value in the NextToken request parameter in a
// subsequent call to the operation to get the next part of the output. You
// should repeat this until the NextToken response element comes back as null.
NextToken *string `type:"string"`
// A list of policies that match the filter criteria in the request. The output
// list doesn't include the policy contents. To see the content for a policy,
// see DescribePolicy.
Policies []*PolicySummary `type:"list"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPoliciesOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPoliciesOutput) GoString() string {
return s.String()
}
// SetNextToken sets the NextToken field's value.
func (s *ListPoliciesOutput) SetNextToken(v string) *ListPoliciesOutput {
s.NextToken = &v
return s
}
// SetPolicies sets the Policies field's value.
func (s *ListPoliciesOutput) SetPolicies(v []*PolicySummary) *ListPoliciesOutput {
s.Policies = v
return s
}
type ListRootsInput struct {
_ struct{} `type:"structure"`
// The total number of results that you want included on each page of the response.
// If you do not include this parameter, it defaults to a value that is specific
// to the operation. If additional items exist beyond the maximum you specify,
// the NextToken response element is present and has a value (is not null).
// Include that value as the NextToken request parameter in the next call to
// the operation to get the next part of the results. Note that Organizations
// might return fewer results than the maximum even when there are more results
// available. You should check NextToken after every operation to ensure that
// you receive all of the results.
MaxResults *int64 `min:"1" type:"integer"`
// The parameter for receiving additional results if you receive a NextToken
// response in a previous request. A NextToken response indicates that more
// output is available. Set this parameter to the value of the previous call's
// NextToken response to indicate where the output should continue from.
NextToken *string `type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListRootsInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListRootsInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *ListRootsInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "ListRootsInput"}
if s.MaxResults != nil && *s.MaxResults < 1 {
invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetMaxResults sets the MaxResults field's value.
func (s *ListRootsInput) SetMaxResults(v int64) *ListRootsInput {
s.MaxResults = &v
return s
}
// SetNextToken sets the NextToken field's value.
func (s *ListRootsInput) SetNextToken(v string) *ListRootsInput {
s.NextToken = &v
return s
}
type ListRootsOutput struct {
_ struct{} `type:"structure"`
// If present, indicates that more output is available than is included in the
// current response. Use this value in the NextToken request parameter in a
// subsequent call to the operation to get the next part of the output. You
// should repeat this until the NextToken response element comes back as null.
NextToken *string `type:"string"`
// A list of roots that are defined in an organization.
Roots []*Root `type:"list"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListRootsOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListRootsOutput) GoString() string {
return s.String()
}
// SetNextToken sets the NextToken field's value.
func (s *ListRootsOutput) SetNextToken(v string) *ListRootsOutput {
s.NextToken = &v
return s
}
// SetRoots sets the Roots field's value.
func (s *ListRootsOutput) SetRoots(v []*Root) *ListRootsOutput {
s.Roots = v
return s
}
type ListTagsForResourceInput struct {
_ struct{} `type:"structure"`
// The parameter for receiving additional results if you receive a NextToken
// response in a previous request. A NextToken response indicates that more
// output is available. Set this parameter to the value of the previous call's
// NextToken response to indicate where the output should continue from.
NextToken *string `type:"string"`
// The ID of the resource with the tags to list.
//
// You can specify any of the following taggable resources.
//
// * Amazon Web Services account – specify the account ID number.
//
// * Organizational unit – specify the OU ID that begins with ou- and looks
// similar to: ou-1a2b-34uvwxyz
//
// * Root – specify the root ID that begins with r- and looks similar to:
// r-1a2b
//
// * Policy – specify the policy ID that begins with p- andlooks similar
// to: p-12abcdefg3
//
// ResourceId is a required field
ResourceId *string `type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListTagsForResourceInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListTagsForResourceInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *ListTagsForResourceInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "ListTagsForResourceInput"}
if s.ResourceId == nil {
invalidParams.Add(request.NewErrParamRequired("ResourceId"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetNextToken sets the NextToken field's value.
func (s *ListTagsForResourceInput) SetNextToken(v string) *ListTagsForResourceInput {
s.NextToken = &v
return s
}
// SetResourceId sets the ResourceId field's value.
func (s *ListTagsForResourceInput) SetResourceId(v string) *ListTagsForResourceInput {
s.ResourceId = &v
return s
}
type ListTagsForResourceOutput struct {
_ struct{} `type:"structure"`
// If present, indicates that more output is available than is included in the
// current response. Use this value in the NextToken request parameter in a
// subsequent call to the operation to get the next part of the output. You
// should repeat this until the NextToken response element comes back as null.
NextToken *string `type:"string"`
// The tags that are assigned to the resource.
Tags []*Tag `type:"list"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListTagsForResourceOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListTagsForResourceOutput) GoString() string {
return s.String()
}
// SetNextToken sets the NextToken field's value.
func (s *ListTagsForResourceOutput) SetNextToken(v string) *ListTagsForResourceOutput {
s.NextToken = &v
return s
}
// SetTags sets the Tags field's value.
func (s *ListTagsForResourceOutput) SetTags(v []*Tag) *ListTagsForResourceOutput {
s.Tags = v
return s
}
type ListTargetsForPolicyInput struct {
_ struct{} `type:"structure"`
// The total number of results that you want included on each page of the response.
// If you do not include this parameter, it defaults to a value that is specific
// to the operation. If additional items exist beyond the maximum you specify,
// the NextToken response element is present and has a value (is not null).
// Include that value as the NextToken request parameter in the next call to
// the operation to get the next part of the results. Note that Organizations
// might return fewer results than the maximum even when there are more results
// available. You should check NextToken after every operation to ensure that
// you receive all of the results.
MaxResults *int64 `min:"1" type:"integer"`
// The parameter for receiving additional results if you receive a NextToken
// response in a previous request. A NextToken response indicates that more
// output is available. Set this parameter to the value of the previous call's
// NextToken response to indicate where the output should continue from.
NextToken *string `type:"string"`
// The unique identifier (ID) of the policy whose attachments you want to know.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
// requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits,
// or the underscore character (_).
//
// PolicyId is a required field
PolicyId *string `type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListTargetsForPolicyInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListTargetsForPolicyInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *ListTargetsForPolicyInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "ListTargetsForPolicyInput"}
if s.MaxResults != nil && *s.MaxResults < 1 {
invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
}
if s.PolicyId == nil {
invalidParams.Add(request.NewErrParamRequired("PolicyId"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetMaxResults sets the MaxResults field's value.
func (s *ListTargetsForPolicyInput) SetMaxResults(v int64) *ListTargetsForPolicyInput {
s.MaxResults = &v
return s
}
// SetNextToken sets the NextToken field's value.
func (s *ListTargetsForPolicyInput) SetNextToken(v string) *ListTargetsForPolicyInput {
s.NextToken = &v
return s
}
// SetPolicyId sets the PolicyId field's value.
func (s *ListTargetsForPolicyInput) SetPolicyId(v string) *ListTargetsForPolicyInput {
s.PolicyId = &v
return s
}
type ListTargetsForPolicyOutput struct {
_ struct{} `type:"structure"`
// If present, indicates that more output is available than is included in the
// current response. Use this value in the NextToken request parameter in a
// subsequent call to the operation to get the next part of the output. You
// should repeat this until the NextToken response element comes back as null.
NextToken *string `type:"string"`
// A list of structures, each of which contains details about one of the entities
// to which the specified policy is attached.
Targets []*PolicyTargetSummary `type:"list"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListTargetsForPolicyOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListTargetsForPolicyOutput) GoString() string {
return s.String()
}
// SetNextToken sets the NextToken field's value.
func (s *ListTargetsForPolicyOutput) SetNextToken(v string) *ListTargetsForPolicyOutput {
s.NextToken = &v
return s
}
// SetTargets sets the Targets field's value.
func (s *ListTargetsForPolicyOutput) SetTargets(v []*PolicyTargetSummary) *ListTargetsForPolicyOutput {
s.Targets = v
return s
}
// The provided policy document doesn't meet the requirements of the specified
// policy type. For example, the syntax might be incorrect. For details about
// service control policy syntax, see SCP syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_syntax.html)
// in the Organizations User Guide.
type MalformedPolicyDocumentException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s MalformedPolicyDocumentException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s MalformedPolicyDocumentException) GoString() string {
return s.String()
}
func newErrorMalformedPolicyDocumentException(v protocol.ResponseMetadata) error {
return &MalformedPolicyDocumentException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *MalformedPolicyDocumentException) Code() string {
return "MalformedPolicyDocumentException"
}
// Message returns the exception's message.
func (s *MalformedPolicyDocumentException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *MalformedPolicyDocumentException) OrigErr() error {
return nil
}
func (s *MalformedPolicyDocumentException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *MalformedPolicyDocumentException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *MalformedPolicyDocumentException) RequestID() string {
return s.RespMetadata.RequestID
}
// You can't remove a management account from an organization. If you want the
// management account to become a member account in another organization, you
// must first delete the current organization of the management account.
type MasterCannotLeaveOrganizationException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s MasterCannotLeaveOrganizationException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s MasterCannotLeaveOrganizationException) GoString() string {
return s.String()
}
func newErrorMasterCannotLeaveOrganizationException(v protocol.ResponseMetadata) error {
return &MasterCannotLeaveOrganizationException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *MasterCannotLeaveOrganizationException) Code() string {
return "MasterCannotLeaveOrganizationException"
}
// Message returns the exception's message.
func (s *MasterCannotLeaveOrganizationException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *MasterCannotLeaveOrganizationException) OrigErr() error {
return nil
}
func (s *MasterCannotLeaveOrganizationException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *MasterCannotLeaveOrganizationException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *MasterCannotLeaveOrganizationException) RequestID() string {
return s.RespMetadata.RequestID
}
type MoveAccountInput struct {
_ struct{} `type:"structure"`
// The unique identifier (ID) of the account that you want to move.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string
// requires exactly 12 digits.
//
// AccountId is a required field
AccountId *string `type:"string" required:"true"`
// The unique identifier (ID) of the root or organizational unit that you want
// to move the account to.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string
// requires one of the following:
//
// * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
// letters or digits.
//
// * Organizational unit (OU) - A string that begins with "ou-" followed
// by from 4 to 32 lowercase letters or digits (the ID of the root that the
// OU is in). This string is followed by a second "-" dash and from 8 to
// 32 additional lowercase letters or digits.
//
// DestinationParentId is a required field
DestinationParentId *string `type:"string" required:"true"`
// The unique identifier (ID) of the root or organizational unit that you want
// to move the account from.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string
// requires one of the following:
//
// * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
// letters or digits.
//
// * Organizational unit (OU) - A string that begins with "ou-" followed
// by from 4 to 32 lowercase letters or digits (the ID of the root that the
// OU is in). This string is followed by a second "-" dash and from 8 to
// 32 additional lowercase letters or digits.
//
// SourceParentId is a required field
SourceParentId *string `type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s MoveAccountInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s MoveAccountInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *MoveAccountInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "MoveAccountInput"}
if s.AccountId == nil {
invalidParams.Add(request.NewErrParamRequired("AccountId"))
}
if s.DestinationParentId == nil {
invalidParams.Add(request.NewErrParamRequired("DestinationParentId"))
}
if s.SourceParentId == nil {
invalidParams.Add(request.NewErrParamRequired("SourceParentId"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetAccountId sets the AccountId field's value.
func (s *MoveAccountInput) SetAccountId(v string) *MoveAccountInput {
s.AccountId = &v
return s
}
// SetDestinationParentId sets the DestinationParentId field's value.
func (s *MoveAccountInput) SetDestinationParentId(v string) *MoveAccountInput {
s.DestinationParentId = &v
return s
}
// SetSourceParentId sets the SourceParentId field's value.
func (s *MoveAccountInput) SetSourceParentId(v string) *MoveAccountInput {
s.SourceParentId = &v
return s
}
type MoveAccountOutput struct {
_ struct{} `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s MoveAccountOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s MoveAccountOutput) GoString() string {
return s.String()
}
// Contains details about an organization. An organization is a collection of
// accounts that are centrally managed together using consolidated billing,
// organized hierarchically with organizational units (OUs), and controlled
// with policies .
type Organization struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of an organization.
//
// For more information about ARNs in Organizations, see ARN Formats Supported
// by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies)
// in the Amazon Web Services Service Authorization Reference.
Arn *string `type:"string"`
//
// Do not use. This field is deprecated and doesn't provide complete information
// about the policies in your organization.
//
// To determine the policies that are enabled and available for use in your
// organization, use the ListRoots operation instead.
AvailablePolicyTypes []*PolicyTypeSummary `type:"list"`
// Specifies the functionality that currently is available to the organization.
// If set to "ALL", then all features are enabled and policies can be applied
// to accounts in the organization. If set to "CONSOLIDATED_BILLING", then only
// consolidated billing functionality is available. For more information, see
// Enabling all features in your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
// in the Organizations User Guide.
FeatureSet *string `type:"string" enum:"OrganizationFeatureSet"`
// The unique identifier (ID) of an organization.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for an organization ID
// string requires "o-" followed by from 10 to 32 lowercase letters or digits.
Id *string `type:"string"`
// The Amazon Resource Name (ARN) of the account that is designated as the management
// account for the organization.
//
// For more information about ARNs in Organizations, see ARN Formats Supported
// by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies)
// in the Amazon Web Services Service Authorization Reference.
MasterAccountArn *string `type:"string"`
// The email address that is associated with the Amazon Web Services account
// that is designated as the management account for the organization.
//
// MasterAccountEmail is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by Organization's
// String and GoString methods.
MasterAccountEmail *string `min:"6" type:"string" sensitive:"true"`
// The unique identifier (ID) of the management account of an organization.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string
// requires exactly 12 digits.
MasterAccountId *string `type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Organization) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Organization) GoString() string {
return s.String()
}
// SetArn sets the Arn field's value.
func (s *Organization) SetArn(v string) *Organization {
s.Arn = &v
return s
}
// SetAvailablePolicyTypes sets the AvailablePolicyTypes field's value.
func (s *Organization) SetAvailablePolicyTypes(v []*PolicyTypeSummary) *Organization {
s.AvailablePolicyTypes = v
return s
}
// SetFeatureSet sets the FeatureSet field's value.
func (s *Organization) SetFeatureSet(v string) *Organization {
s.FeatureSet = &v
return s
}
// SetId sets the Id field's value.
func (s *Organization) SetId(v string) *Organization {
s.Id = &v
return s
}
// SetMasterAccountArn sets the MasterAccountArn field's value.
func (s *Organization) SetMasterAccountArn(v string) *Organization {
s.MasterAccountArn = &v
return s
}
// SetMasterAccountEmail sets the MasterAccountEmail field's value.
func (s *Organization) SetMasterAccountEmail(v string) *Organization {
s.MasterAccountEmail = &v
return s
}
// SetMasterAccountId sets the MasterAccountId field's value.
func (s *Organization) SetMasterAccountId(v string) *Organization {
s.MasterAccountId = &v
return s
}
// The organization isn't empty. To delete an organization, you must first remove
// all accounts except the management account.
type OrganizationNotEmptyException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s OrganizationNotEmptyException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s OrganizationNotEmptyException) GoString() string {
return s.String()
}
func newErrorOrganizationNotEmptyException(v protocol.ResponseMetadata) error {
return &OrganizationNotEmptyException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *OrganizationNotEmptyException) Code() string {
return "OrganizationNotEmptyException"
}
// Message returns the exception's message.
func (s *OrganizationNotEmptyException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *OrganizationNotEmptyException) OrigErr() error {
return nil
}
func (s *OrganizationNotEmptyException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *OrganizationNotEmptyException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *OrganizationNotEmptyException) RequestID() string {
return s.RespMetadata.RequestID
}
// Contains details about an organizational unit (OU). An OU is a container
// of Amazon Web Services accounts within a root of an organization. Policies
// that are attached to an OU apply to all accounts contained in that OU and
// in any child OUs.
type OrganizationalUnit struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of this OU.
//
// For more information about ARNs in Organizations, see ARN Formats Supported
// by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies)
// in the Amazon Web Services Service Authorization Reference.
Arn *string `type:"string"`
// The unique identifier (ID) associated with this OU. The ID is unique to the
// organization only.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for an organizational
// unit ID string requires "ou-" followed by from 4 to 32 lowercase letters
// or digits (the ID of the root that contains the OU). This string is followed
// by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
Id *string `type:"string"`
// The friendly name of this OU.
//
// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
// this parameter is a string of any of the characters in the ASCII character
// range.
Name *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s OrganizationalUnit) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s OrganizationalUnit) GoString() string {
return s.String()
}
// SetArn sets the Arn field's value.
func (s *OrganizationalUnit) SetArn(v string) *OrganizationalUnit {
s.Arn = &v
return s
}
// SetId sets the Id field's value.
func (s *OrganizationalUnit) SetId(v string) *OrganizationalUnit {
s.Id = &v
return s
}
// SetName sets the Name field's value.
func (s *OrganizationalUnit) SetName(v string) *OrganizationalUnit {
s.Name = &v
return s
}
// The specified OU is not empty. Move all accounts to another root or to other
// OUs, remove all child OUs, and try the operation again.
type OrganizationalUnitNotEmptyException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s OrganizationalUnitNotEmptyException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s OrganizationalUnitNotEmptyException) GoString() string {
return s.String()
}
func newErrorOrganizationalUnitNotEmptyException(v protocol.ResponseMetadata) error {
return &OrganizationalUnitNotEmptyException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *OrganizationalUnitNotEmptyException) Code() string {
return "OrganizationalUnitNotEmptyException"
}
// Message returns the exception's message.
func (s *OrganizationalUnitNotEmptyException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *OrganizationalUnitNotEmptyException) OrigErr() error {
return nil
}
func (s *OrganizationalUnitNotEmptyException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *OrganizationalUnitNotEmptyException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *OrganizationalUnitNotEmptyException) RequestID() string {
return s.RespMetadata.RequestID
}
// We can't find an OU with the OrganizationalUnitId that you specified.
type OrganizationalUnitNotFoundException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s OrganizationalUnitNotFoundException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s OrganizationalUnitNotFoundException) GoString() string {
return s.String()
}
func newErrorOrganizationalUnitNotFoundException(v protocol.ResponseMetadata) error {
return &OrganizationalUnitNotFoundException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *OrganizationalUnitNotFoundException) Code() string {
return "OrganizationalUnitNotFoundException"
}
// Message returns the exception's message.
func (s *OrganizationalUnitNotFoundException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *OrganizationalUnitNotFoundException) OrigErr() error {
return nil
}
func (s *OrganizationalUnitNotFoundException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *OrganizationalUnitNotFoundException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *OrganizationalUnitNotFoundException) RequestID() string {
return s.RespMetadata.RequestID
}
// Contains information about either a root or an organizational unit (OU) that
// can contain OUs or accounts in an organization.
type Parent struct {
_ struct{} `type:"structure"`
// The unique identifier (ID) of the parent entity.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string
// requires one of the following:
//
// * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
// letters or digits.
//
// * Organizational unit (OU) - A string that begins with "ou-" followed
// by from 4 to 32 lowercase letters or digits (the ID of the root that the
// OU is in). This string is followed by a second "-" dash and from 8 to
// 32 additional lowercase letters or digits.
Id *string `type:"string"`
// The type of the parent entity.
Type *string `type:"string" enum:"ParentType"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Parent) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Parent) GoString() string {
return s.String()
}
// SetId sets the Id field's value.
func (s *Parent) SetId(v string) *Parent {
s.Id = &v
return s
}
// SetType sets the Type field's value.
func (s *Parent) SetType(v string) *Parent {
s.Type = &v
return s
}
// We can't find a root or OU with the ParentId that you specified.
type ParentNotFoundException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ParentNotFoundException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ParentNotFoundException) GoString() string {
return s.String()
}
func newErrorParentNotFoundException(v protocol.ResponseMetadata) error {
return &ParentNotFoundException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *ParentNotFoundException) Code() string {
return "ParentNotFoundException"
}
// Message returns the exception's message.
func (s *ParentNotFoundException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ParentNotFoundException) OrigErr() error {
return nil
}
func (s *ParentNotFoundException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *ParentNotFoundException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *ParentNotFoundException) RequestID() string {
return s.RespMetadata.RequestID
}
// Contains rules to be applied to the affected accounts. Policies can be attached
// directly to accounts, or to roots and OUs to affect all accounts in those
// hierarchies.
type Policy struct {
_ struct{} `type:"structure"`
// The text content of the policy.
Content *string `min:"1" type:"string"`
// A structure that contains additional details about the policy.
PolicySummary *PolicySummary `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Policy) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Policy) GoString() string {
return s.String()
}
// SetContent sets the Content field's value.
func (s *Policy) SetContent(v string) *Policy {
s.Content = &v
return s
}
// SetPolicySummary sets the PolicySummary field's value.
func (s *Policy) SetPolicySummary(v *PolicySummary) *Policy {
s.PolicySummary = v
return s
}
// Changes to the effective policy are in progress, and its contents can't be
// returned. Try the operation again later.
type PolicyChangesInProgressException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyChangesInProgressException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyChangesInProgressException) GoString() string {
return s.String()
}
func newErrorPolicyChangesInProgressException(v protocol.ResponseMetadata) error {
return &PolicyChangesInProgressException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *PolicyChangesInProgressException) Code() string {
return "PolicyChangesInProgressException"
}
// Message returns the exception's message.
func (s *PolicyChangesInProgressException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *PolicyChangesInProgressException) OrigErr() error {
return nil
}
func (s *PolicyChangesInProgressException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *PolicyChangesInProgressException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *PolicyChangesInProgressException) RequestID() string {
return s.RespMetadata.RequestID
}
// The policy is attached to one or more entities. You must detach it from all
// roots, OUs, and accounts before performing this operation.
type PolicyInUseException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyInUseException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyInUseException) GoString() string {
return s.String()
}
func newErrorPolicyInUseException(v protocol.ResponseMetadata) error {
return &PolicyInUseException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *PolicyInUseException) Code() string {
return "PolicyInUseException"
}
// Message returns the exception's message.
func (s *PolicyInUseException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *PolicyInUseException) OrigErr() error {
return nil
}
func (s *PolicyInUseException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *PolicyInUseException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *PolicyInUseException) RequestID() string {
return s.RespMetadata.RequestID
}
// The policy isn't attached to the specified target in the specified root.
type PolicyNotAttachedException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyNotAttachedException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyNotAttachedException) GoString() string {
return s.String()
}
func newErrorPolicyNotAttachedException(v protocol.ResponseMetadata) error {
return &PolicyNotAttachedException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *PolicyNotAttachedException) Code() string {
return "PolicyNotAttachedException"
}
// Message returns the exception's message.
func (s *PolicyNotAttachedException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *PolicyNotAttachedException) OrigErr() error {
return nil
}
func (s *PolicyNotAttachedException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *PolicyNotAttachedException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *PolicyNotAttachedException) RequestID() string {
return s.RespMetadata.RequestID
}
// We can't find a policy with the PolicyId that you specified.
type PolicyNotFoundException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyNotFoundException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyNotFoundException) GoString() string {
return s.String()
}
func newErrorPolicyNotFoundException(v protocol.ResponseMetadata) error {
return &PolicyNotFoundException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *PolicyNotFoundException) Code() string {
return "PolicyNotFoundException"
}
// Message returns the exception's message.
func (s *PolicyNotFoundException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *PolicyNotFoundException) OrigErr() error {
return nil
}
func (s *PolicyNotFoundException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *PolicyNotFoundException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *PolicyNotFoundException) RequestID() string {
return s.RespMetadata.RequestID
}
// Contains information about a policy, but does not include the content. To
// see the content of a policy, see DescribePolicy.
type PolicySummary struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the policy.
//
// For more information about ARNs in Organizations, see ARN Formats Supported
// by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies)
// in the Amazon Web Services Service Authorization Reference.
Arn *string `type:"string"`
// A boolean value that indicates whether the specified policy is an Amazon
// Web Services managed policy. If true, then you can attach the policy to roots,
// OUs, or accounts, but you cannot edit it.
AwsManaged *bool `type:"boolean"`
// The description of the policy.
Description *string `type:"string"`
// The unique identifier (ID) of the policy.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
// requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits,
// or the underscore character (_).
Id *string `type:"string"`
// The friendly name of the policy.
//
// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
// this parameter is a string of any of the characters in the ASCII character
// range.
Name *string `min:"1" type:"string"`
// The type of policy.
Type *string `type:"string" enum:"PolicyType"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicySummary) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicySummary) GoString() string {
return s.String()
}
// SetArn sets the Arn field's value.
func (s *PolicySummary) SetArn(v string) *PolicySummary {
s.Arn = &v
return s
}
// SetAwsManaged sets the AwsManaged field's value.
func (s *PolicySummary) SetAwsManaged(v bool) *PolicySummary {
s.AwsManaged = &v
return s
}
// SetDescription sets the Description field's value.
func (s *PolicySummary) SetDescription(v string) *PolicySummary {
s.Description = &v
return s
}
// SetId sets the Id field's value.
func (s *PolicySummary) SetId(v string) *PolicySummary {
s.Id = &v
return s
}
// SetName sets the Name field's value.
func (s *PolicySummary) SetName(v string) *PolicySummary {
s.Name = &v
return s
}
// SetType sets the Type field's value.
func (s *PolicySummary) SetType(v string) *PolicySummary {
s.Type = &v
return s
}
// Contains information about a root, OU, or account that a policy is attached
// to.
type PolicyTargetSummary struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the policy target.
//
// For more information about ARNs in Organizations, see ARN Formats Supported
// by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies)
// in the Amazon Web Services Service Authorization Reference.
Arn *string `type:"string"`
// The friendly name of the policy target.
//
// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
// this parameter is a string of any of the characters in the ASCII character
// range.
Name *string `min:"1" type:"string"`
// The unique identifier (ID) of the policy target.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string
// requires one of the following:
//
// * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
// letters or digits.
//
// * Account - A string that consists of exactly 12 digits.
//
// * Organizational unit (OU) - A string that begins with "ou-" followed
// by from 4 to 32 lowercase letters or digits (the ID of the root that the
// OU is in). This string is followed by a second "-" dash and from 8 to
// 32 additional lowercase letters or digits.
TargetId *string `type:"string"`
// The type of the policy target.
Type *string `type:"string" enum:"TargetType"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyTargetSummary) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyTargetSummary) GoString() string {
return s.String()
}
// SetArn sets the Arn field's value.
func (s *PolicyTargetSummary) SetArn(v string) *PolicyTargetSummary {
s.Arn = &v
return s
}
// SetName sets the Name field's value.
func (s *PolicyTargetSummary) SetName(v string) *PolicyTargetSummary {
s.Name = &v
return s
}
// SetTargetId sets the TargetId field's value.
func (s *PolicyTargetSummary) SetTargetId(v string) *PolicyTargetSummary {
s.TargetId = &v
return s
}
// SetType sets the Type field's value.
func (s *PolicyTargetSummary) SetType(v string) *PolicyTargetSummary {
s.Type = &v
return s
}
// The specified policy type is already enabled in the specified root.
type PolicyTypeAlreadyEnabledException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyTypeAlreadyEnabledException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyTypeAlreadyEnabledException) GoString() string {
return s.String()
}
func newErrorPolicyTypeAlreadyEnabledException(v protocol.ResponseMetadata) error {
return &PolicyTypeAlreadyEnabledException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *PolicyTypeAlreadyEnabledException) Code() string {
return "PolicyTypeAlreadyEnabledException"
}
// Message returns the exception's message.
func (s *PolicyTypeAlreadyEnabledException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *PolicyTypeAlreadyEnabledException) OrigErr() error {
return nil
}
func (s *PolicyTypeAlreadyEnabledException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *PolicyTypeAlreadyEnabledException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *PolicyTypeAlreadyEnabledException) RequestID() string {
return s.RespMetadata.RequestID
}
// You can't use the specified policy type with the feature set currently enabled
// for this organization. For example, you can enable SCPs only after you enable
// all features in the organization. For more information, see Managing Organizations
// policies (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root)in
// the Organizations User Guide.
type PolicyTypeNotAvailableForOrganizationException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyTypeNotAvailableForOrganizationException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyTypeNotAvailableForOrganizationException) GoString() string {
return s.String()
}
func newErrorPolicyTypeNotAvailableForOrganizationException(v protocol.ResponseMetadata) error {
return &PolicyTypeNotAvailableForOrganizationException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *PolicyTypeNotAvailableForOrganizationException) Code() string {
return "PolicyTypeNotAvailableForOrganizationException"
}
// Message returns the exception's message.
func (s *PolicyTypeNotAvailableForOrganizationException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *PolicyTypeNotAvailableForOrganizationException) OrigErr() error {
return nil
}
func (s *PolicyTypeNotAvailableForOrganizationException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *PolicyTypeNotAvailableForOrganizationException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *PolicyTypeNotAvailableForOrganizationException) RequestID() string {
return s.RespMetadata.RequestID
}
// The specified policy type isn't currently enabled in this root. You can't
// attach policies of the specified type to entities in a root until you enable
// that type in the root. For more information, see Enabling all features in
// your organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
// in the Organizations User Guide.
type PolicyTypeNotEnabledException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyTypeNotEnabledException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyTypeNotEnabledException) GoString() string {
return s.String()
}
func newErrorPolicyTypeNotEnabledException(v protocol.ResponseMetadata) error {
return &PolicyTypeNotEnabledException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *PolicyTypeNotEnabledException) Code() string {
return "PolicyTypeNotEnabledException"
}
// Message returns the exception's message.
func (s *PolicyTypeNotEnabledException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *PolicyTypeNotEnabledException) OrigErr() error {
return nil
}
func (s *PolicyTypeNotEnabledException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *PolicyTypeNotEnabledException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *PolicyTypeNotEnabledException) RequestID() string {
return s.RespMetadata.RequestID
}
// Contains information about a policy type and its status in the associated
// root.
type PolicyTypeSummary struct {
_ struct{} `type:"structure"`
// The status of the policy type as it relates to the associated root. To attach
// a policy of the specified type to a root or to an OU or account in that root,
// it must be available in the organization and enabled for that root.
Status *string `type:"string" enum:"PolicyTypeStatus"`
// The name of the policy type.
Type *string `type:"string" enum:"PolicyType"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyTypeSummary) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyTypeSummary) GoString() string {
return s.String()
}
// SetStatus sets the Status field's value.
func (s *PolicyTypeSummary) SetStatus(v string) *PolicyTypeSummary {
s.Status = &v
return s
}
// SetType sets the Type field's value.
func (s *PolicyTypeSummary) SetType(v string) *PolicyTypeSummary {
s.Type = &v
return s
}
type PutResourcePolicyInput struct {
_ struct{} `type:"structure"`
// If provided, the new content for the resource policy. The text must be correctly
// formatted JSON that complies with the syntax for the resource policy's type.
// For more information, see SCP syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_syntax.html)
// in the Organizations User Guide.
//
// Content is a required field
Content *string `min:"1" type:"string" required:"true"`
// A list of tags that you want to attach to the newly created resource policy.
// For each tag in the list, you must specify both a tag key and a value. You
// can set the value to an empty string, but you can't set it to null. For more
// information about tagging, see Tagging Organizations resources (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html)
// in the Organizations User Guide.
//
// Calls with tags apply to the initial creation of the resource policy, otherwise
// an exception is thrown. If any one of the tags is not valid or if you exceed
// the allowed number of tags for the resource policy, then the entire request
// fails and the resource policy is not created.
Tags []*Tag `type:"list"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PutResourcePolicyInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PutResourcePolicyInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *PutResourcePolicyInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "PutResourcePolicyInput"}
if s.Content == nil {
invalidParams.Add(request.NewErrParamRequired("Content"))
}
if s.Content != nil && len(*s.Content) < 1 {
invalidParams.Add(request.NewErrParamMinLen("Content", 1))
}
if s.Tags != nil {
for i, v := range s.Tags {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
}
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetContent sets the Content field's value.
func (s *PutResourcePolicyInput) SetContent(v string) *PutResourcePolicyInput {
s.Content = &v
return s
}
// SetTags sets the Tags field's value.
func (s *PutResourcePolicyInput) SetTags(v []*Tag) *PutResourcePolicyInput {
s.Tags = v
return s
}
type PutResourcePolicyOutput struct {
_ struct{} `type:"structure"`
// A structure that contains details about the resource policy.
ResourcePolicy *ResourcePolicy `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PutResourcePolicyOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PutResourcePolicyOutput) GoString() string {
return s.String()
}
// SetResourcePolicy sets the ResourcePolicy field's value.
func (s *PutResourcePolicyOutput) SetResourcePolicy(v *ResourcePolicy) *PutResourcePolicyOutput {
s.ResourcePolicy = v
return s
}
type RegisterDelegatedAdministratorInput struct {
_ struct{} `type:"structure"`
// The account ID number of the member account in the organization to register
// as a delegated administrator.
//
// AccountId is a required field
AccountId *string `type:"string" required:"true"`
// The service principal of the Amazon Web Services service for which you want
// to make the member account a delegated administrator.
//
// ServicePrincipal is a required field
ServicePrincipal *string `min:"1" type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RegisterDelegatedAdministratorInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RegisterDelegatedAdministratorInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *RegisterDelegatedAdministratorInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "RegisterDelegatedAdministratorInput"}
if s.AccountId == nil {
invalidParams.Add(request.NewErrParamRequired("AccountId"))
}
if s.ServicePrincipal == nil {
invalidParams.Add(request.NewErrParamRequired("ServicePrincipal"))
}
if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 {
invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetAccountId sets the AccountId field's value.
func (s *RegisterDelegatedAdministratorInput) SetAccountId(v string) *RegisterDelegatedAdministratorInput {
s.AccountId = &v
return s
}
// SetServicePrincipal sets the ServicePrincipal field's value.
func (s *RegisterDelegatedAdministratorInput) SetServicePrincipal(v string) *RegisterDelegatedAdministratorInput {
s.ServicePrincipal = &v
return s
}
type RegisterDelegatedAdministratorOutput struct {
_ struct{} `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RegisterDelegatedAdministratorOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RegisterDelegatedAdministratorOutput) GoString() string {
return s.String()
}
type RemoveAccountFromOrganizationInput struct {
_ struct{} `type:"structure"`
// The unique identifier (ID) of the member account that you want to remove
// from the organization.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string
// requires exactly 12 digits.
//
// AccountId is a required field
AccountId *string `type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RemoveAccountFromOrganizationInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RemoveAccountFromOrganizationInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *RemoveAccountFromOrganizationInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "RemoveAccountFromOrganizationInput"}
if s.AccountId == nil {
invalidParams.Add(request.NewErrParamRequired("AccountId"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetAccountId sets the AccountId field's value.
func (s *RemoveAccountFromOrganizationInput) SetAccountId(v string) *RemoveAccountFromOrganizationInput {
s.AccountId = &v
return s
}
type RemoveAccountFromOrganizationOutput struct {
_ struct{} `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RemoveAccountFromOrganizationOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RemoveAccountFromOrganizationOutput) GoString() string {
return s.String()
}
// A structure that contains details about a resource policy.
type ResourcePolicy struct {
_ struct{} `type:"structure"`
// The policy text of the resource policy.
Content *string `min:"1" type:"string"`
// A structure that contains resource policy ID and Amazon Resource Name (ARN).
ResourcePolicySummary *ResourcePolicySummary `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ResourcePolicy) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ResourcePolicy) GoString() string {
return s.String()
}
// SetContent sets the Content field's value.
func (s *ResourcePolicy) SetContent(v string) *ResourcePolicy {
s.Content = &v
return s
}
// SetResourcePolicySummary sets the ResourcePolicySummary field's value.
func (s *ResourcePolicy) SetResourcePolicySummary(v *ResourcePolicySummary) *ResourcePolicy {
s.ResourcePolicySummary = v
return s
}
// We can't find a resource policy request with the parameter that you specified.
type ResourcePolicyNotFoundException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ResourcePolicyNotFoundException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ResourcePolicyNotFoundException) GoString() string {
return s.String()
}
func newErrorResourcePolicyNotFoundException(v protocol.ResponseMetadata) error {
return &ResourcePolicyNotFoundException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *ResourcePolicyNotFoundException) Code() string {
return "ResourcePolicyNotFoundException"
}
// Message returns the exception's message.
func (s *ResourcePolicyNotFoundException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ResourcePolicyNotFoundException) OrigErr() error {
return nil
}
func (s *ResourcePolicyNotFoundException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *ResourcePolicyNotFoundException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *ResourcePolicyNotFoundException) RequestID() string {
return s.RespMetadata.RequestID
}
// A structure that contains resource policy ID and Amazon Resource Name (ARN).
type ResourcePolicySummary struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the resource policy.
Arn *string `type:"string"`
// The unique identifier (ID) of the resource policy.
Id *string `type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ResourcePolicySummary) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ResourcePolicySummary) GoString() string {
return s.String()
}
// SetArn sets the Arn field's value.
func (s *ResourcePolicySummary) SetArn(v string) *ResourcePolicySummary {
s.Arn = &v
return s
}
// SetId sets the Id field's value.
func (s *ResourcePolicySummary) SetId(v string) *ResourcePolicySummary {
s.Id = &v
return s
}
// Contains details about a root. A root is a top-level parent node in the hierarchy
// of an organization that can contain organizational units (OUs) and accounts.
// The root contains every Amazon Web Services account in the organization.
type Root struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the root.
//
// For more information about ARNs in Organizations, see ARN Formats Supported
// by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies)
// in the Amazon Web Services Service Authorization Reference.
Arn *string `type:"string"`
// The unique identifier (ID) for the root. The ID is unique to the organization
// only.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for a root ID string
// requires "r-" followed by from 4 to 32 lowercase letters or digits.
Id *string `type:"string"`
// The friendly name of the root.
//
// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
// this parameter is a string of any of the characters in the ASCII character
// range.
Name *string `min:"1" type:"string"`
// The types of policies that are currently enabled for the root and therefore
// can be attached to the root or to its OUs or accounts.
//
// Even if a policy type is shown as available in the organization, you can
// separately enable and disable them at the root level by using EnablePolicyType
// and DisablePolicyType. Use DescribeOrganization to see the availability of
// the policy types in that organization.
PolicyTypes []*PolicyTypeSummary `type:"list"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Root) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Root) GoString() string {
return s.String()
}
// SetArn sets the Arn field's value.
func (s *Root) SetArn(v string) *Root {
s.Arn = &v
return s
}
// SetId sets the Id field's value.
func (s *Root) SetId(v string) *Root {
s.Id = &v
return s
}
// SetName sets the Name field's value.
func (s *Root) SetName(v string) *Root {
s.Name = &v
return s
}
// SetPolicyTypes sets the PolicyTypes field's value.
func (s *Root) SetPolicyTypes(v []*PolicyTypeSummary) *Root {
s.PolicyTypes = v
return s
}
// We can't find a root with the RootId that you specified.
type RootNotFoundException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RootNotFoundException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RootNotFoundException) GoString() string {
return s.String()
}
func newErrorRootNotFoundException(v protocol.ResponseMetadata) error {
return &RootNotFoundException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *RootNotFoundException) Code() string {
return "RootNotFoundException"
}
// Message returns the exception's message.
func (s *RootNotFoundException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *RootNotFoundException) OrigErr() error {
return nil
}
func (s *RootNotFoundException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *RootNotFoundException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *RootNotFoundException) RequestID() string {
return s.RespMetadata.RequestID
}
// Organizations can't complete your request because of an internal service
// error. Try again later.
type ServiceException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ServiceException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ServiceException) GoString() string {
return s.String()
}
func newErrorServiceException(v protocol.ResponseMetadata) error {
return &ServiceException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *ServiceException) Code() string {
return "ServiceException"
}
// Message returns the exception's message.
func (s *ServiceException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ServiceException) OrigErr() error {
return nil
}
func (s *ServiceException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *ServiceException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *ServiceException) RequestID() string {
return s.RespMetadata.RequestID
}
// We can't find a source root or OU with the ParentId that you specified.
type SourceParentNotFoundException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s SourceParentNotFoundException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s SourceParentNotFoundException) GoString() string {
return s.String()
}
func newErrorSourceParentNotFoundException(v protocol.ResponseMetadata) error {
return &SourceParentNotFoundException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *SourceParentNotFoundException) Code() string {
return "SourceParentNotFoundException"
}
// Message returns the exception's message.
func (s *SourceParentNotFoundException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *SourceParentNotFoundException) OrigErr() error {
return nil
}
func (s *SourceParentNotFoundException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *SourceParentNotFoundException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *SourceParentNotFoundException) RequestID() string {
return s.RespMetadata.RequestID
}
// A custom key-value pair associated with a resource within your organization.
//
// You can attach tags to any of the following organization resources.
//
// - Amazon Web Services account
//
// - Organizational unit (OU)
//
// - Organization root
//
// - Policy
type Tag struct {
_ struct{} `type:"structure"`
// The key identifier, or name, of the tag.
//
// Key is a required field
Key *string `min:"1" type:"string" required:"true"`
// The string value that's associated with the key of the tag. You can set the
// value of a tag to an empty string, but you can't set the value of a tag to
// null.
//
// Value is a required field
Value *string `type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Tag) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Tag) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *Tag) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "Tag"}
if s.Key == nil {
invalidParams.Add(request.NewErrParamRequired("Key"))
}
if s.Key != nil && len(*s.Key) < 1 {
invalidParams.Add(request.NewErrParamMinLen("Key", 1))
}
if s.Value == nil {
invalidParams.Add(request.NewErrParamRequired("Value"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetKey sets the Key field's value.
func (s *Tag) SetKey(v string) *Tag {
s.Key = &v
return s
}
// SetValue sets the Value field's value.
func (s *Tag) SetValue(v string) *Tag {
s.Value = &v
return s
}
type TagResourceInput struct {
_ struct{} `type:"structure"`
// The ID of the resource to add a tag to.
//
// You can specify any of the following taggable resources.
//
// * Amazon Web Services account – specify the account ID number.
//
// * Organizational unit – specify the OU ID that begins with ou- and looks
// similar to: ou-1a2b-34uvwxyz
//
// * Root – specify the root ID that begins with r- and looks similar to:
// r-1a2b
//
// * Policy – specify the policy ID that begins with p- andlooks similar
// to: p-12abcdefg3
//
// ResourceId is a required field
ResourceId *string `type:"string" required:"true"`
// A list of tags to add to the specified resource.
//
// For each tag in the list, you must specify both a tag key and a value. The
// value can be an empty string, but you can't set it to null.
//
// If any one of the tags is not valid or if you exceed the maximum allowed
// number of tags for a resource, then the entire request fails.
//
// Tags is a required field
Tags []*Tag `type:"list" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagResourceInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagResourceInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *TagResourceInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"}
if s.ResourceId == nil {
invalidParams.Add(request.NewErrParamRequired("ResourceId"))
}
if s.Tags == nil {
invalidParams.Add(request.NewErrParamRequired("Tags"))
}
if s.Tags != nil {
for i, v := range s.Tags {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
}
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetResourceId sets the ResourceId field's value.
func (s *TagResourceInput) SetResourceId(v string) *TagResourceInput {
s.ResourceId = &v
return s
}
// SetTags sets the Tags field's value.
func (s *TagResourceInput) SetTags(v []*Tag) *TagResourceInput {
s.Tags = v
return s
}
type TagResourceOutput struct {
_ struct{} `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagResourceOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagResourceOutput) GoString() string {
return s.String()
}
// We can't find a root, OU, account, or policy with the TargetId that you specified.
type TargetNotFoundException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TargetNotFoundException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TargetNotFoundException) GoString() string {
return s.String()
}
func newErrorTargetNotFoundException(v protocol.ResponseMetadata) error {
return &TargetNotFoundException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *TargetNotFoundException) Code() string {
return "TargetNotFoundException"
}
// Message returns the exception's message.
func (s *TargetNotFoundException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *TargetNotFoundException) OrigErr() error {
return nil
}
func (s *TargetNotFoundException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *TargetNotFoundException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *TargetNotFoundException) RequestID() string {
return s.RespMetadata.RequestID
}
// You have sent too many requests in too short a period of time. The quota
// helps protect against denial-of-service attacks. Try again later.
//
// For information about quotas that affect Organizations, see Quotas for Organizations
// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
// in the Organizations User Guide.
type TooManyRequestsException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
Type *string `type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TooManyRequestsException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TooManyRequestsException) GoString() string {
return s.String()
}
func newErrorTooManyRequestsException(v protocol.ResponseMetadata) error {
return &TooManyRequestsException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *TooManyRequestsException) Code() string {
return "TooManyRequestsException"
}
// Message returns the exception's message.
func (s *TooManyRequestsException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *TooManyRequestsException) OrigErr() error {
return nil
}
func (s *TooManyRequestsException) Error() string {
return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
}
// Status code returns the HTTP status code for the request's response error.
func (s *TooManyRequestsException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *TooManyRequestsException) RequestID() string {
return s.RespMetadata.RequestID
}
// This action isn't available in the current Amazon Web Services Region.
type UnsupportedAPIEndpointException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UnsupportedAPIEndpointException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UnsupportedAPIEndpointException) GoString() string {
return s.String()
}
func newErrorUnsupportedAPIEndpointException(v protocol.ResponseMetadata) error {
return &UnsupportedAPIEndpointException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *UnsupportedAPIEndpointException) Code() string {
return "UnsupportedAPIEndpointException"
}
// Message returns the exception's message.
func (s *UnsupportedAPIEndpointException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *UnsupportedAPIEndpointException) OrigErr() error {
return nil
}
func (s *UnsupportedAPIEndpointException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *UnsupportedAPIEndpointException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *UnsupportedAPIEndpointException) RequestID() string {
return s.RespMetadata.RequestID
}
type UntagResourceInput struct {
_ struct{} `type:"structure"`
// The ID of the resource to remove a tag from.
//
// You can specify any of the following taggable resources.
//
// * Amazon Web Services account – specify the account ID number.
//
// * Organizational unit – specify the OU ID that begins with ou- and looks
// similar to: ou-1a2b-34uvwxyz
//
// * Root – specify the root ID that begins with r- and looks similar to:
// r-1a2b
//
// * Policy – specify the policy ID that begins with p- andlooks similar
// to: p-12abcdefg3
//
// ResourceId is a required field
ResourceId *string `type:"string" required:"true"`
// The list of keys for tags to remove from the specified resource.
//
// TagKeys is a required field
TagKeys []*string `type:"list" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagResourceInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagResourceInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *UntagResourceInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"}
if s.ResourceId == nil {
invalidParams.Add(request.NewErrParamRequired("ResourceId"))
}
if s.TagKeys == nil {
invalidParams.Add(request.NewErrParamRequired("TagKeys"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetResourceId sets the ResourceId field's value.
func (s *UntagResourceInput) SetResourceId(v string) *UntagResourceInput {
s.ResourceId = &v
return s
}
// SetTagKeys sets the TagKeys field's value.
func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput {
s.TagKeys = v
return s
}
type UntagResourceOutput struct {
_ struct{} `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagResourceOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagResourceOutput) GoString() string {
return s.String()
}
type UpdateOrganizationalUnitInput struct {
_ struct{} `type:"structure"`
// The new name that you want to assign to the OU.
//
// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
// this parameter is a string of any of the characters in the ASCII character
// range.
Name *string `min:"1" type:"string"`
// The unique identifier (ID) of the OU that you want to rename. You can get
// the ID from the ListOrganizationalUnitsForParent operation.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for an organizational
// unit ID string requires "ou-" followed by from 4 to 32 lowercase letters
// or digits (the ID of the root that contains the OU). This string is followed
// by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
//
// OrganizationalUnitId is a required field
OrganizationalUnitId *string `type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateOrganizationalUnitInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateOrganizationalUnitInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateOrganizationalUnitInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "UpdateOrganizationalUnitInput"}
if s.Name != nil && len(*s.Name) < 1 {
invalidParams.Add(request.NewErrParamMinLen("Name", 1))
}
if s.OrganizationalUnitId == nil {
invalidParams.Add(request.NewErrParamRequired("OrganizationalUnitId"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetName sets the Name field's value.
func (s *UpdateOrganizationalUnitInput) SetName(v string) *UpdateOrganizationalUnitInput {
s.Name = &v
return s
}
// SetOrganizationalUnitId sets the OrganizationalUnitId field's value.
func (s *UpdateOrganizationalUnitInput) SetOrganizationalUnitId(v string) *UpdateOrganizationalUnitInput {
s.OrganizationalUnitId = &v
return s
}
type UpdateOrganizationalUnitOutput struct {
_ struct{} `type:"structure"`
// A structure that contains the details about the specified OU, including its
// new name.
OrganizationalUnit *OrganizationalUnit `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateOrganizationalUnitOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateOrganizationalUnitOutput) GoString() string {
return s.String()
}
// SetOrganizationalUnit sets the OrganizationalUnit field's value.
func (s *UpdateOrganizationalUnitOutput) SetOrganizationalUnit(v *OrganizationalUnit) *UpdateOrganizationalUnitOutput {
s.OrganizationalUnit = v
return s
}
type UpdatePolicyInput struct {
_ struct{} `type:"structure"`
// If provided, the new content for the policy. The text must be correctly formatted
// JSON that complies with the syntax for the policy's type. For more information,
// see SCP syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_syntax.html)
// in the Organizations User Guide.
//
// The maximum size of a policy document depends on the policy's type. For more
// information, see Maximum and minimum values (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html#min-max-values)
// in the Organizations User Guide.
Content *string `min:"1" type:"string"`
// If provided, the new description for the policy.
Description *string `type:"string"`
// If provided, the new name for the policy.
//
// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
// this parameter is a string of any of the characters in the ASCII character
// range.
Name *string `min:"1" type:"string"`
// The unique identifier (ID) of the policy that you want to update.
//
// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
// requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits,
// or the underscore character (_).
//
// PolicyId is a required field
PolicyId *string `type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdatePolicyInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdatePolicyInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdatePolicyInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "UpdatePolicyInput"}
if s.Content != nil && len(*s.Content) < 1 {
invalidParams.Add(request.NewErrParamMinLen("Content", 1))
}
if s.Name != nil && len(*s.Name) < 1 {
invalidParams.Add(request.NewErrParamMinLen("Name", 1))
}
if s.PolicyId == nil {
invalidParams.Add(request.NewErrParamRequired("PolicyId"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetContent sets the Content field's value.
func (s *UpdatePolicyInput) SetContent(v string) *UpdatePolicyInput {
s.Content = &v
return s
}
// SetDescription sets the Description field's value.
func (s *UpdatePolicyInput) SetDescription(v string) *UpdatePolicyInput {
s.Description = &v
return s
}
// SetName sets the Name field's value.
func (s *UpdatePolicyInput) SetName(v string) *UpdatePolicyInput {
s.Name = &v
return s
}
// SetPolicyId sets the PolicyId field's value.
func (s *UpdatePolicyInput) SetPolicyId(v string) *UpdatePolicyInput {
s.PolicyId = &v
return s
}
type UpdatePolicyOutput struct {
_ struct{} `type:"structure"`
// A structure that contains details about the updated policy, showing the requested
// changes.
Policy *Policy `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdatePolicyOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdatePolicyOutput) GoString() string {
return s.String()
}
// SetPolicy sets the Policy field's value.
func (s *UpdatePolicyOutput) SetPolicy(v *Policy) *UpdatePolicyOutput {
s.Policy = v
return s
}
const (
// AccessDeniedForDependencyExceptionReasonAccessDeniedDuringCreateServiceLinkedRole is a AccessDeniedForDependencyExceptionReason enum value
AccessDeniedForDependencyExceptionReasonAccessDeniedDuringCreateServiceLinkedRole = "ACCESS_DENIED_DURING_CREATE_SERVICE_LINKED_ROLE"
)
// AccessDeniedForDependencyExceptionReason_Values returns all elements of the AccessDeniedForDependencyExceptionReason enum
func AccessDeniedForDependencyExceptionReason_Values() []string {
return []string{
AccessDeniedForDependencyExceptionReasonAccessDeniedDuringCreateServiceLinkedRole,
}
}
const (
// AccountJoinedMethodInvited is a AccountJoinedMethod enum value
AccountJoinedMethodInvited = "INVITED"
// AccountJoinedMethodCreated is a AccountJoinedMethod enum value
AccountJoinedMethodCreated = "CREATED"
)
// AccountJoinedMethod_Values returns all elements of the AccountJoinedMethod enum
func AccountJoinedMethod_Values() []string {
return []string{
AccountJoinedMethodInvited,
AccountJoinedMethodCreated,
}
}
const (
// AccountStatusActive is a AccountStatus enum value
AccountStatusActive = "ACTIVE"
// AccountStatusSuspended is a AccountStatus enum value
AccountStatusSuspended = "SUSPENDED"
// AccountStatusPendingClosure is a AccountStatus enum value
AccountStatusPendingClosure = "PENDING_CLOSURE"
)
// AccountStatus_Values returns all elements of the AccountStatus enum
func AccountStatus_Values() []string {
return []string{
AccountStatusActive,
AccountStatusSuspended,
AccountStatusPendingClosure,
}
}
const (
// ActionTypeInvite is a ActionType enum value
ActionTypeInvite = "INVITE"
// ActionTypeEnableAllFeatures is a ActionType enum value
ActionTypeEnableAllFeatures = "ENABLE_ALL_FEATURES"
// ActionTypeApproveAllFeatures is a ActionType enum value
ActionTypeApproveAllFeatures = "APPROVE_ALL_FEATURES"
// ActionTypeAddOrganizationsServiceLinkedRole is a ActionType enum value
ActionTypeAddOrganizationsServiceLinkedRole = "ADD_ORGANIZATIONS_SERVICE_LINKED_ROLE"
)
// ActionType_Values returns all elements of the ActionType enum
func ActionType_Values() []string {
return []string{
ActionTypeInvite,
ActionTypeEnableAllFeatures,
ActionTypeApproveAllFeatures,
ActionTypeAddOrganizationsServiceLinkedRole,
}
}
const (
// ChildTypeAccount is a ChildType enum value
ChildTypeAccount = "ACCOUNT"
// ChildTypeOrganizationalUnit is a ChildType enum value
ChildTypeOrganizationalUnit = "ORGANIZATIONAL_UNIT"
)
// ChildType_Values returns all elements of the ChildType enum
func ChildType_Values() []string {
return []string{
ChildTypeAccount,
ChildTypeOrganizationalUnit,
}
}
const (
// ConstraintViolationExceptionReasonAccountNumberLimitExceeded is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonAccountNumberLimitExceeded = "ACCOUNT_NUMBER_LIMIT_EXCEEDED"
// ConstraintViolationExceptionReasonHandshakeRateLimitExceeded is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonHandshakeRateLimitExceeded = "HANDSHAKE_RATE_LIMIT_EXCEEDED"
// ConstraintViolationExceptionReasonOuNumberLimitExceeded is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonOuNumberLimitExceeded = "OU_NUMBER_LIMIT_EXCEEDED"
// ConstraintViolationExceptionReasonOuDepthLimitExceeded is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonOuDepthLimitExceeded = "OU_DEPTH_LIMIT_EXCEEDED"
// ConstraintViolationExceptionReasonPolicyNumberLimitExceeded is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonPolicyNumberLimitExceeded = "POLICY_NUMBER_LIMIT_EXCEEDED"
// ConstraintViolationExceptionReasonPolicyContentLimitExceeded is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonPolicyContentLimitExceeded = "POLICY_CONTENT_LIMIT_EXCEEDED"
// ConstraintViolationExceptionReasonMaxPolicyTypeAttachmentLimitExceeded is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonMaxPolicyTypeAttachmentLimitExceeded = "MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED"
// ConstraintViolationExceptionReasonMinPolicyTypeAttachmentLimitExceeded is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonMinPolicyTypeAttachmentLimitExceeded = "MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED"
// ConstraintViolationExceptionReasonAccountCannotLeaveOrganization is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonAccountCannotLeaveOrganization = "ACCOUNT_CANNOT_LEAVE_ORGANIZATION"
// ConstraintViolationExceptionReasonAccountCannotLeaveWithoutEula is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonAccountCannotLeaveWithoutEula = "ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA"
// ConstraintViolationExceptionReasonAccountCannotLeaveWithoutPhoneVerification is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonAccountCannotLeaveWithoutPhoneVerification = "ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION"
// ConstraintViolationExceptionReasonMasterAccountPaymentInstrumentRequired is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonMasterAccountPaymentInstrumentRequired = "MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED"
// ConstraintViolationExceptionReasonMemberAccountPaymentInstrumentRequired is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonMemberAccountPaymentInstrumentRequired = "MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED"
// ConstraintViolationExceptionReasonAccountCreationRateLimitExceeded is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonAccountCreationRateLimitExceeded = "ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED"
// ConstraintViolationExceptionReasonMasterAccountAddressDoesNotMatchMarketplace is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonMasterAccountAddressDoesNotMatchMarketplace = "MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE"
// ConstraintViolationExceptionReasonMasterAccountMissingContactInfo is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonMasterAccountMissingContactInfo = "MASTER_ACCOUNT_MISSING_CONTACT_INFO"
// ConstraintViolationExceptionReasonMasterAccountNotGovcloudEnabled is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonMasterAccountNotGovcloudEnabled = "MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED"
// ConstraintViolationExceptionReasonOrganizationNotInAllFeaturesMode is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonOrganizationNotInAllFeaturesMode = "ORGANIZATION_NOT_IN_ALL_FEATURES_MODE"
// ConstraintViolationExceptionReasonCreateOrganizationInBillingModeUnsupportedRegion is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonCreateOrganizationInBillingModeUnsupportedRegion = "CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION"
// ConstraintViolationExceptionReasonEmailVerificationCodeExpired is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonEmailVerificationCodeExpired = "EMAIL_VERIFICATION_CODE_EXPIRED"
// ConstraintViolationExceptionReasonWaitPeriodActive is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonWaitPeriodActive = "WAIT_PERIOD_ACTIVE"
// ConstraintViolationExceptionReasonMaxTagLimitExceeded is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonMaxTagLimitExceeded = "MAX_TAG_LIMIT_EXCEEDED"
// ConstraintViolationExceptionReasonTagPolicyViolation is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonTagPolicyViolation = "TAG_POLICY_VIOLATION"
// ConstraintViolationExceptionReasonMaxDelegatedAdministratorsForServiceLimitExceeded is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonMaxDelegatedAdministratorsForServiceLimitExceeded = "MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED"
// ConstraintViolationExceptionReasonCannotRegisterMasterAsDelegatedAdministrator is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonCannotRegisterMasterAsDelegatedAdministrator = "CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR"
// ConstraintViolationExceptionReasonCannotRemoveDelegatedAdministratorFromOrg is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonCannotRemoveDelegatedAdministratorFromOrg = "CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG"
// ConstraintViolationExceptionReasonDelegatedAdministratorExistsForThisService is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonDelegatedAdministratorExistsForThisService = "DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE"
// ConstraintViolationExceptionReasonMasterAccountMissingBusinessLicense is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonMasterAccountMissingBusinessLicense = "MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE"
// ConstraintViolationExceptionReasonCannotCloseManagementAccount is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonCannotCloseManagementAccount = "CANNOT_CLOSE_MANAGEMENT_ACCOUNT"
// ConstraintViolationExceptionReasonCloseAccountQuotaExceeded is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonCloseAccountQuotaExceeded = "CLOSE_ACCOUNT_QUOTA_EXCEEDED"
// ConstraintViolationExceptionReasonCloseAccountRequestsLimitExceeded is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonCloseAccountRequestsLimitExceeded = "CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED"
// ConstraintViolationExceptionReasonServiceAccessNotEnabled is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonServiceAccessNotEnabled = "SERVICE_ACCESS_NOT_ENABLED"
// ConstraintViolationExceptionReasonInvalidPaymentInstrument is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonInvalidPaymentInstrument = "INVALID_PAYMENT_INSTRUMENT"
// ConstraintViolationExceptionReasonAccountCreationNotComplete is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonAccountCreationNotComplete = "ACCOUNT_CREATION_NOT_COMPLETE"
// ConstraintViolationExceptionReasonCannotRegisterSuspendedAccountAsDelegatedAdministrator is a ConstraintViolationExceptionReason enum value
ConstraintViolationExceptionReasonCannotRegisterSuspendedAccountAsDelegatedAdministrator = "CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR"
)
// ConstraintViolationExceptionReason_Values returns all elements of the ConstraintViolationExceptionReason enum
func ConstraintViolationExceptionReason_Values() []string {
return []string{
ConstraintViolationExceptionReasonAccountNumberLimitExceeded,
ConstraintViolationExceptionReasonHandshakeRateLimitExceeded,
ConstraintViolationExceptionReasonOuNumberLimitExceeded,
ConstraintViolationExceptionReasonOuDepthLimitExceeded,
ConstraintViolationExceptionReasonPolicyNumberLimitExceeded,
ConstraintViolationExceptionReasonPolicyContentLimitExceeded,
ConstraintViolationExceptionReasonMaxPolicyTypeAttachmentLimitExceeded,
ConstraintViolationExceptionReasonMinPolicyTypeAttachmentLimitExceeded,
ConstraintViolationExceptionReasonAccountCannotLeaveOrganization,
ConstraintViolationExceptionReasonAccountCannotLeaveWithoutEula,
ConstraintViolationExceptionReasonAccountCannotLeaveWithoutPhoneVerification,
ConstraintViolationExceptionReasonMasterAccountPaymentInstrumentRequired,
ConstraintViolationExceptionReasonMemberAccountPaymentInstrumentRequired,
ConstraintViolationExceptionReasonAccountCreationRateLimitExceeded,
ConstraintViolationExceptionReasonMasterAccountAddressDoesNotMatchMarketplace,
ConstraintViolationExceptionReasonMasterAccountMissingContactInfo,
ConstraintViolationExceptionReasonMasterAccountNotGovcloudEnabled,
ConstraintViolationExceptionReasonOrganizationNotInAllFeaturesMode,
ConstraintViolationExceptionReasonCreateOrganizationInBillingModeUnsupportedRegion,
ConstraintViolationExceptionReasonEmailVerificationCodeExpired,
ConstraintViolationExceptionReasonWaitPeriodActive,
ConstraintViolationExceptionReasonMaxTagLimitExceeded,
ConstraintViolationExceptionReasonTagPolicyViolation,
ConstraintViolationExceptionReasonMaxDelegatedAdministratorsForServiceLimitExceeded,
ConstraintViolationExceptionReasonCannotRegisterMasterAsDelegatedAdministrator,
ConstraintViolationExceptionReasonCannotRemoveDelegatedAdministratorFromOrg,
ConstraintViolationExceptionReasonDelegatedAdministratorExistsForThisService,
ConstraintViolationExceptionReasonMasterAccountMissingBusinessLicense,
ConstraintViolationExceptionReasonCannotCloseManagementAccount,
ConstraintViolationExceptionReasonCloseAccountQuotaExceeded,
ConstraintViolationExceptionReasonCloseAccountRequestsLimitExceeded,
ConstraintViolationExceptionReasonServiceAccessNotEnabled,
ConstraintViolationExceptionReasonInvalidPaymentInstrument,
ConstraintViolationExceptionReasonAccountCreationNotComplete,
ConstraintViolationExceptionReasonCannotRegisterSuspendedAccountAsDelegatedAdministrator,
}
}
const (
// CreateAccountFailureReasonAccountLimitExceeded is a CreateAccountFailureReason enum value
CreateAccountFailureReasonAccountLimitExceeded = "ACCOUNT_LIMIT_EXCEEDED"
// CreateAccountFailureReasonEmailAlreadyExists is a CreateAccountFailureReason enum value
CreateAccountFailureReasonEmailAlreadyExists = "EMAIL_ALREADY_EXISTS"
// CreateAccountFailureReasonInvalidAddress is a CreateAccountFailureReason enum value
CreateAccountFailureReasonInvalidAddress = "INVALID_ADDRESS"
// CreateAccountFailureReasonInvalidEmail is a CreateAccountFailureReason enum value
CreateAccountFailureReasonInvalidEmail = "INVALID_EMAIL"
// CreateAccountFailureReasonConcurrentAccountModification is a CreateAccountFailureReason enum value
CreateAccountFailureReasonConcurrentAccountModification = "CONCURRENT_ACCOUNT_MODIFICATION"
// CreateAccountFailureReasonInternalFailure is a CreateAccountFailureReason enum value
CreateAccountFailureReasonInternalFailure = "INTERNAL_FAILURE"
// CreateAccountFailureReasonGovcloudAccountAlreadyExists is a CreateAccountFailureReason enum value
CreateAccountFailureReasonGovcloudAccountAlreadyExists = "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
// CreateAccountFailureReasonMissingBusinessValidation is a CreateAccountFailureReason enum value
CreateAccountFailureReasonMissingBusinessValidation = "MISSING_BUSINESS_VALIDATION"
// CreateAccountFailureReasonFailedBusinessValidation is a CreateAccountFailureReason enum value
CreateAccountFailureReasonFailedBusinessValidation = "FAILED_BUSINESS_VALIDATION"
// CreateAccountFailureReasonPendingBusinessValidation is a CreateAccountFailureReason enum value
CreateAccountFailureReasonPendingBusinessValidation = "PENDING_BUSINESS_VALIDATION"
// CreateAccountFailureReasonInvalidIdentityForBusinessValidation is a CreateAccountFailureReason enum value
CreateAccountFailureReasonInvalidIdentityForBusinessValidation = "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION"
// CreateAccountFailureReasonUnknownBusinessValidation is a CreateAccountFailureReason enum value
CreateAccountFailureReasonUnknownBusinessValidation = "UNKNOWN_BUSINESS_VALIDATION"
// CreateAccountFailureReasonMissingPaymentInstrument is a CreateAccountFailureReason enum value
CreateAccountFailureReasonMissingPaymentInstrument = "MISSING_PAYMENT_INSTRUMENT"
// CreateAccountFailureReasonInvalidPaymentInstrument is a CreateAccountFailureReason enum value
CreateAccountFailureReasonInvalidPaymentInstrument = "INVALID_PAYMENT_INSTRUMENT"
// CreateAccountFailureReasonUpdateExistingResourcePolicyWithTagsNotSupported is a CreateAccountFailureReason enum value
CreateAccountFailureReasonUpdateExistingResourcePolicyWithTagsNotSupported = "UPDATE_EXISTING_RESOURCE_POLICY_WITH_TAGS_NOT_SUPPORTED"
)
// CreateAccountFailureReason_Values returns all elements of the CreateAccountFailureReason enum
func CreateAccountFailureReason_Values() []string {
return []string{
CreateAccountFailureReasonAccountLimitExceeded,
CreateAccountFailureReasonEmailAlreadyExists,
CreateAccountFailureReasonInvalidAddress,
CreateAccountFailureReasonInvalidEmail,
CreateAccountFailureReasonConcurrentAccountModification,
CreateAccountFailureReasonInternalFailure,
CreateAccountFailureReasonGovcloudAccountAlreadyExists,
CreateAccountFailureReasonMissingBusinessValidation,
CreateAccountFailureReasonFailedBusinessValidation,
CreateAccountFailureReasonPendingBusinessValidation,
CreateAccountFailureReasonInvalidIdentityForBusinessValidation,
CreateAccountFailureReasonUnknownBusinessValidation,
CreateAccountFailureReasonMissingPaymentInstrument,
CreateAccountFailureReasonInvalidPaymentInstrument,
CreateAccountFailureReasonUpdateExistingResourcePolicyWithTagsNotSupported,
}
}
const (
// CreateAccountStateInProgress is a CreateAccountState enum value
CreateAccountStateInProgress = "IN_PROGRESS"
// CreateAccountStateSucceeded is a CreateAccountState enum value
CreateAccountStateSucceeded = "SUCCEEDED"
// CreateAccountStateFailed is a CreateAccountState enum value
CreateAccountStateFailed = "FAILED"
)
// CreateAccountState_Values returns all elements of the CreateAccountState enum
func CreateAccountState_Values() []string {
return []string{
CreateAccountStateInProgress,
CreateAccountStateSucceeded,
CreateAccountStateFailed,
}
}
const (
// EffectivePolicyTypeTagPolicy is a EffectivePolicyType enum value
EffectivePolicyTypeTagPolicy = "TAG_POLICY"
// EffectivePolicyTypeBackupPolicy is a EffectivePolicyType enum value
EffectivePolicyTypeBackupPolicy = "BACKUP_POLICY"
// EffectivePolicyTypeAiservicesOptOutPolicy is a EffectivePolicyType enum value
EffectivePolicyTypeAiservicesOptOutPolicy = "AISERVICES_OPT_OUT_POLICY"
)
// EffectivePolicyType_Values returns all elements of the EffectivePolicyType enum
func EffectivePolicyType_Values() []string {
return []string{
EffectivePolicyTypeTagPolicy,
EffectivePolicyTypeBackupPolicy,
EffectivePolicyTypeAiservicesOptOutPolicy,
}
}
const (
// HandshakeConstraintViolationExceptionReasonAccountNumberLimitExceeded is a HandshakeConstraintViolationExceptionReason enum value
HandshakeConstraintViolationExceptionReasonAccountNumberLimitExceeded = "ACCOUNT_NUMBER_LIMIT_EXCEEDED"
// HandshakeConstraintViolationExceptionReasonHandshakeRateLimitExceeded is a HandshakeConstraintViolationExceptionReason enum value
HandshakeConstraintViolationExceptionReasonHandshakeRateLimitExceeded = "HANDSHAKE_RATE_LIMIT_EXCEEDED"
// HandshakeConstraintViolationExceptionReasonAlreadyInAnOrganization is a HandshakeConstraintViolationExceptionReason enum value
HandshakeConstraintViolationExceptionReasonAlreadyInAnOrganization = "ALREADY_IN_AN_ORGANIZATION"
// HandshakeConstraintViolationExceptionReasonOrganizationAlreadyHasAllFeatures is a HandshakeConstraintViolationExceptionReason enum value
HandshakeConstraintViolationExceptionReasonOrganizationAlreadyHasAllFeatures = "ORGANIZATION_ALREADY_HAS_ALL_FEATURES"
// HandshakeConstraintViolationExceptionReasonOrganizationIsAlreadyPendingAllFeaturesMigration is a HandshakeConstraintViolationExceptionReason enum value
HandshakeConstraintViolationExceptionReasonOrganizationIsAlreadyPendingAllFeaturesMigration = "ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION"
// HandshakeConstraintViolationExceptionReasonInviteDisabledDuringEnableAllFeatures is a HandshakeConstraintViolationExceptionReason enum value
HandshakeConstraintViolationExceptionReasonInviteDisabledDuringEnableAllFeatures = "INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES"
// HandshakeConstraintViolationExceptionReasonPaymentInstrumentRequired is a HandshakeConstraintViolationExceptionReason enum value
HandshakeConstraintViolationExceptionReasonPaymentInstrumentRequired = "PAYMENT_INSTRUMENT_REQUIRED"
// HandshakeConstraintViolationExceptionReasonOrganizationFromDifferentSellerOfRecord is a HandshakeConstraintViolationExceptionReason enum value
HandshakeConstraintViolationExceptionReasonOrganizationFromDifferentSellerOfRecord = "ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD"
// HandshakeConstraintViolationExceptionReasonOrganizationMembershipChangeRateLimitExceeded is a HandshakeConstraintViolationExceptionReason enum value
HandshakeConstraintViolationExceptionReasonOrganizationMembershipChangeRateLimitExceeded = "ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED"
// HandshakeConstraintViolationExceptionReasonManagementAccountEmailNotVerified is a HandshakeConstraintViolationExceptionReason enum value
HandshakeConstraintViolationExceptionReasonManagementAccountEmailNotVerified = "MANAGEMENT_ACCOUNT_EMAIL_NOT_VERIFIED"
)
// HandshakeConstraintViolationExceptionReason_Values returns all elements of the HandshakeConstraintViolationExceptionReason enum
func HandshakeConstraintViolationExceptionReason_Values() []string {
return []string{
HandshakeConstraintViolationExceptionReasonAccountNumberLimitExceeded,
HandshakeConstraintViolationExceptionReasonHandshakeRateLimitExceeded,
HandshakeConstraintViolationExceptionReasonAlreadyInAnOrganization,
HandshakeConstraintViolationExceptionReasonOrganizationAlreadyHasAllFeatures,
HandshakeConstraintViolationExceptionReasonOrganizationIsAlreadyPendingAllFeaturesMigration,
HandshakeConstraintViolationExceptionReasonInviteDisabledDuringEnableAllFeatures,
HandshakeConstraintViolationExceptionReasonPaymentInstrumentRequired,
HandshakeConstraintViolationExceptionReasonOrganizationFromDifferentSellerOfRecord,
HandshakeConstraintViolationExceptionReasonOrganizationMembershipChangeRateLimitExceeded,
HandshakeConstraintViolationExceptionReasonManagementAccountEmailNotVerified,
}
}
const (
// HandshakePartyTypeAccount is a HandshakePartyType enum value
HandshakePartyTypeAccount = "ACCOUNT"
// HandshakePartyTypeOrganization is a HandshakePartyType enum value
HandshakePartyTypeOrganization = "ORGANIZATION"
// HandshakePartyTypeEmail is a HandshakePartyType enum value
HandshakePartyTypeEmail = "EMAIL"
)
// HandshakePartyType_Values returns all elements of the HandshakePartyType enum
func HandshakePartyType_Values() []string {
return []string{
HandshakePartyTypeAccount,
HandshakePartyTypeOrganization,
HandshakePartyTypeEmail,
}
}
const (
// HandshakeResourceTypeAccount is a HandshakeResourceType enum value
HandshakeResourceTypeAccount = "ACCOUNT"
// HandshakeResourceTypeOrganization is a HandshakeResourceType enum value
HandshakeResourceTypeOrganization = "ORGANIZATION"
// HandshakeResourceTypeOrganizationFeatureSet is a HandshakeResourceType enum value
HandshakeResourceTypeOrganizationFeatureSet = "ORGANIZATION_FEATURE_SET"
// HandshakeResourceTypeEmail is a HandshakeResourceType enum value
HandshakeResourceTypeEmail = "EMAIL"
// HandshakeResourceTypeMasterEmail is a HandshakeResourceType enum value
HandshakeResourceTypeMasterEmail = "MASTER_EMAIL"
// HandshakeResourceTypeMasterName is a HandshakeResourceType enum value
HandshakeResourceTypeMasterName = "MASTER_NAME"
// HandshakeResourceTypeNotes is a HandshakeResourceType enum value
HandshakeResourceTypeNotes = "NOTES"
// HandshakeResourceTypeParentHandshake is a HandshakeResourceType enum value
HandshakeResourceTypeParentHandshake = "PARENT_HANDSHAKE"
)
// HandshakeResourceType_Values returns all elements of the HandshakeResourceType enum
func HandshakeResourceType_Values() []string {
return []string{
HandshakeResourceTypeAccount,
HandshakeResourceTypeOrganization,
HandshakeResourceTypeOrganizationFeatureSet,
HandshakeResourceTypeEmail,
HandshakeResourceTypeMasterEmail,
HandshakeResourceTypeMasterName,
HandshakeResourceTypeNotes,
HandshakeResourceTypeParentHandshake,
}
}
const (
// HandshakeStateRequested is a HandshakeState enum value
HandshakeStateRequested = "REQUESTED"
// HandshakeStateOpen is a HandshakeState enum value
HandshakeStateOpen = "OPEN"
// HandshakeStateCanceled is a HandshakeState enum value
HandshakeStateCanceled = "CANCELED"
// HandshakeStateAccepted is a HandshakeState enum value
HandshakeStateAccepted = "ACCEPTED"
// HandshakeStateDeclined is a HandshakeState enum value
HandshakeStateDeclined = "DECLINED"
// HandshakeStateExpired is a HandshakeState enum value
HandshakeStateExpired = "EXPIRED"
)
// HandshakeState_Values returns all elements of the HandshakeState enum
func HandshakeState_Values() []string {
return []string{
HandshakeStateRequested,
HandshakeStateOpen,
HandshakeStateCanceled,
HandshakeStateAccepted,
HandshakeStateDeclined,
HandshakeStateExpired,
}
}
const (
// IAMUserAccessToBillingAllow is a IAMUserAccessToBilling enum value
IAMUserAccessToBillingAllow = "ALLOW"
// IAMUserAccessToBillingDeny is a IAMUserAccessToBilling enum value
IAMUserAccessToBillingDeny = "DENY"
)
// IAMUserAccessToBilling_Values returns all elements of the IAMUserAccessToBilling enum
func IAMUserAccessToBilling_Values() []string {
return []string{
IAMUserAccessToBillingAllow,
IAMUserAccessToBillingDeny,
}
}
const (
// InvalidInputExceptionReasonInvalidPartyTypeTarget is a InvalidInputExceptionReason enum value
InvalidInputExceptionReasonInvalidPartyTypeTarget = "INVALID_PARTY_TYPE_TARGET"
// InvalidInputExceptionReasonInvalidSyntaxOrganizationArn is a InvalidInputExceptionReason enum value
InvalidInputExceptionReasonInvalidSyntaxOrganizationArn = "INVALID_SYNTAX_ORGANIZATION_ARN"
// InvalidInputExceptionReasonInvalidSyntaxPolicyId is a InvalidInputExceptionReason enum value
InvalidInputExceptionReasonInvalidSyntaxPolicyId = "INVALID_SYNTAX_POLICY_ID"
// InvalidInputExceptionReasonInvalidEnum is a InvalidInputExceptionReason enum value
InvalidInputExceptionReasonInvalidEnum = "INVALID_ENUM"
// InvalidInputExceptionReasonInvalidEnumPolicyType is a InvalidInputExceptionReason enum value
InvalidInputExceptionReasonInvalidEnumPolicyType = "INVALID_ENUM_POLICY_TYPE"
// InvalidInputExceptionReasonInvalidListMember is a InvalidInputExceptionReason enum value
InvalidInputExceptionReasonInvalidListMember = "INVALID_LIST_MEMBER"
// InvalidInputExceptionReasonMaxLengthExceeded is a InvalidInputExceptionReason enum value
InvalidInputExceptionReasonMaxLengthExceeded = "MAX_LENGTH_EXCEEDED"
// InvalidInputExceptionReasonMaxValueExceeded is a InvalidInputExceptionReason enum value
InvalidInputExceptionReasonMaxValueExceeded = "MAX_VALUE_EXCEEDED"
// InvalidInputExceptionReasonMinLengthExceeded is a InvalidInputExceptionReason enum value
InvalidInputExceptionReasonMinLengthExceeded = "MIN_LENGTH_EXCEEDED"
// InvalidInputExceptionReasonMinValueExceeded is a InvalidInputExceptionReason enum value
InvalidInputExceptionReasonMinValueExceeded = "MIN_VALUE_EXCEEDED"
// InvalidInputExceptionReasonImmutablePolicy is a InvalidInputExceptionReason enum value
InvalidInputExceptionReasonImmutablePolicy = "IMMUTABLE_POLICY"
// InvalidInputExceptionReasonInvalidPattern is a InvalidInputExceptionReason enum value
InvalidInputExceptionReasonInvalidPattern = "INVALID_PATTERN"
// InvalidInputExceptionReasonInvalidPatternTargetId is a InvalidInputExceptionReason enum value
InvalidInputExceptionReasonInvalidPatternTargetId = "INVALID_PATTERN_TARGET_ID"
// InvalidInputExceptionReasonInputRequired is a InvalidInputExceptionReason enum value
InvalidInputExceptionReasonInputRequired = "INPUT_REQUIRED"
// InvalidInputExceptionReasonInvalidNextToken is a InvalidInputExceptionReason enum value
InvalidInputExceptionReasonInvalidNextToken = "INVALID_NEXT_TOKEN"
// InvalidInputExceptionReasonMaxLimitExceededFilter is a InvalidInputExceptionReason enum value
InvalidInputExceptionReasonMaxLimitExceededFilter = "MAX_LIMIT_EXCEEDED_FILTER"
// InvalidInputExceptionReasonMovingAccountBetweenDifferentRoots is a InvalidInputExceptionReason enum value
InvalidInputExceptionReasonMovingAccountBetweenDifferentRoots = "MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS"
// InvalidInputExceptionReasonInvalidFullNameTarget is a InvalidInputExceptionReason enum value
InvalidInputExceptionReasonInvalidFullNameTarget = "INVALID_FULL_NAME_TARGET"
// InvalidInputExceptionReasonUnrecognizedServicePrincipal is a InvalidInputExceptionReason enum value
InvalidInputExceptionReasonUnrecognizedServicePrincipal = "UNRECOGNIZED_SERVICE_PRINCIPAL"
// InvalidInputExceptionReasonInvalidRoleName is a InvalidInputExceptionReason enum value
InvalidInputExceptionReasonInvalidRoleName = "INVALID_ROLE_NAME"
// InvalidInputExceptionReasonInvalidSystemTagsParameter is a InvalidInputExceptionReason enum value
InvalidInputExceptionReasonInvalidSystemTagsParameter = "INVALID_SYSTEM_TAGS_PARAMETER"
// InvalidInputExceptionReasonDuplicateTagKey is a InvalidInputExceptionReason enum value
InvalidInputExceptionReasonDuplicateTagKey = "DUPLICATE_TAG_KEY"
// InvalidInputExceptionReasonTargetNotSupported is a InvalidInputExceptionReason enum value
InvalidInputExceptionReasonTargetNotSupported = "TARGET_NOT_SUPPORTED"
// InvalidInputExceptionReasonInvalidEmailAddressTarget is a InvalidInputExceptionReason enum value
InvalidInputExceptionReasonInvalidEmailAddressTarget = "INVALID_EMAIL_ADDRESS_TARGET"
// InvalidInputExceptionReasonInvalidResourcePolicyJson is a InvalidInputExceptionReason enum value
InvalidInputExceptionReasonInvalidResourcePolicyJson = "INVALID_RESOURCE_POLICY_JSON"
// InvalidInputExceptionReasonUnsupportedActionInResourcePolicy is a InvalidInputExceptionReason enum value
InvalidInputExceptionReasonUnsupportedActionInResourcePolicy = "UNSUPPORTED_ACTION_IN_RESOURCE_POLICY"
// InvalidInputExceptionReasonUnsupportedPolicyTypeInResourcePolicy is a InvalidInputExceptionReason enum value
InvalidInputExceptionReasonUnsupportedPolicyTypeInResourcePolicy = "UNSUPPORTED_POLICY_TYPE_IN_RESOURCE_POLICY"
// InvalidInputExceptionReasonUnsupportedResourceInResourcePolicy is a InvalidInputExceptionReason enum value
InvalidInputExceptionReasonUnsupportedResourceInResourcePolicy = "UNSUPPORTED_RESOURCE_IN_RESOURCE_POLICY"
)
// InvalidInputExceptionReason_Values returns all elements of the InvalidInputExceptionReason enum
func InvalidInputExceptionReason_Values() []string {
return []string{
InvalidInputExceptionReasonInvalidPartyTypeTarget,
InvalidInputExceptionReasonInvalidSyntaxOrganizationArn,
InvalidInputExceptionReasonInvalidSyntaxPolicyId,
InvalidInputExceptionReasonInvalidEnum,
InvalidInputExceptionReasonInvalidEnumPolicyType,
InvalidInputExceptionReasonInvalidListMember,
InvalidInputExceptionReasonMaxLengthExceeded,
InvalidInputExceptionReasonMaxValueExceeded,
InvalidInputExceptionReasonMinLengthExceeded,
InvalidInputExceptionReasonMinValueExceeded,
InvalidInputExceptionReasonImmutablePolicy,
InvalidInputExceptionReasonInvalidPattern,
InvalidInputExceptionReasonInvalidPatternTargetId,
InvalidInputExceptionReasonInputRequired,
InvalidInputExceptionReasonInvalidNextToken,
InvalidInputExceptionReasonMaxLimitExceededFilter,
InvalidInputExceptionReasonMovingAccountBetweenDifferentRoots,
InvalidInputExceptionReasonInvalidFullNameTarget,
InvalidInputExceptionReasonUnrecognizedServicePrincipal,
InvalidInputExceptionReasonInvalidRoleName,
InvalidInputExceptionReasonInvalidSystemTagsParameter,
InvalidInputExceptionReasonDuplicateTagKey,
InvalidInputExceptionReasonTargetNotSupported,
InvalidInputExceptionReasonInvalidEmailAddressTarget,
InvalidInputExceptionReasonInvalidResourcePolicyJson,
InvalidInputExceptionReasonUnsupportedActionInResourcePolicy,
InvalidInputExceptionReasonUnsupportedPolicyTypeInResourcePolicy,
InvalidInputExceptionReasonUnsupportedResourceInResourcePolicy,
}
}
const (
// OrganizationFeatureSetAll is a OrganizationFeatureSet enum value
OrganizationFeatureSetAll = "ALL"
// OrganizationFeatureSetConsolidatedBilling is a OrganizationFeatureSet enum value
OrganizationFeatureSetConsolidatedBilling = "CONSOLIDATED_BILLING"
)
// OrganizationFeatureSet_Values returns all elements of the OrganizationFeatureSet enum
func OrganizationFeatureSet_Values() []string {
return []string{
OrganizationFeatureSetAll,
OrganizationFeatureSetConsolidatedBilling,
}
}
const (
// ParentTypeRoot is a ParentType enum value
ParentTypeRoot = "ROOT"
// ParentTypeOrganizationalUnit is a ParentType enum value
ParentTypeOrganizationalUnit = "ORGANIZATIONAL_UNIT"
)
// ParentType_Values returns all elements of the ParentType enum
func ParentType_Values() []string {
return []string{
ParentTypeRoot,
ParentTypeOrganizationalUnit,
}
}
const (
// PolicyTypeServiceControlPolicy is a PolicyType enum value
PolicyTypeServiceControlPolicy = "SERVICE_CONTROL_POLICY"
// PolicyTypeTagPolicy is a PolicyType enum value
PolicyTypeTagPolicy = "TAG_POLICY"
// PolicyTypeBackupPolicy is a PolicyType enum value
PolicyTypeBackupPolicy = "BACKUP_POLICY"
// PolicyTypeAiservicesOptOutPolicy is a PolicyType enum value
PolicyTypeAiservicesOptOutPolicy = "AISERVICES_OPT_OUT_POLICY"
)
// PolicyType_Values returns all elements of the PolicyType enum
func PolicyType_Values() []string {
return []string{
PolicyTypeServiceControlPolicy,
PolicyTypeTagPolicy,
PolicyTypeBackupPolicy,
PolicyTypeAiservicesOptOutPolicy,
}
}
const (
// PolicyTypeStatusEnabled is a PolicyTypeStatus enum value
PolicyTypeStatusEnabled = "ENABLED"
// PolicyTypeStatusPendingEnable is a PolicyTypeStatus enum value
PolicyTypeStatusPendingEnable = "PENDING_ENABLE"
// PolicyTypeStatusPendingDisable is a PolicyTypeStatus enum value
PolicyTypeStatusPendingDisable = "PENDING_DISABLE"
)
// PolicyTypeStatus_Values returns all elements of the PolicyTypeStatus enum
func PolicyTypeStatus_Values() []string {
return []string{
PolicyTypeStatusEnabled,
PolicyTypeStatusPendingEnable,
PolicyTypeStatusPendingDisable,
}
}
const (
// TargetTypeAccount is a TargetType enum value
TargetTypeAccount = "ACCOUNT"
// TargetTypeOrganizationalUnit is a TargetType enum value
TargetTypeOrganizationalUnit = "ORGANIZATIONAL_UNIT"
// TargetTypeRoot is a TargetType enum value
TargetTypeRoot = "ROOT"
)
// TargetType_Values returns all elements of the TargetType enum
func TargetType_Values() []string {
return []string{
TargetTypeAccount,
TargetTypeOrganizationalUnit,
TargetTypeRoot,
}
}