From f749fcd8b277a5c392d023c6517a6e62c2f58fdb Mon Sep 17 00:00:00 2001 From: AWS SDK for Go v2 automation user Date: Tue, 29 Mar 2022 18:26:03 +0000 Subject: [PATCH] Regenerated Clients --- .../53d0643750ae4c72802c52bda5ddeae0.json | 8 + .../organizations/api_op_AcceptHandshake.go | 22 +- service/organizations/api_op_AttachPolicy.go | 2 +- service/organizations/api_op_CloseAccount.go | 118 ++++++ service/organizations/api_op_CreateAccount.go | 152 ++++--- .../api_op_CreateGovCloudAccount.go | 251 ++++++----- .../api_op_CreateOrganization.go | 18 +- .../api_op_CreateOrganizationalUnit.go | 6 +- service/organizations/api_op_CreatePolicy.go | 8 +- ...api_op_DeregisterDelegatedAdministrator.go | 30 +- .../organizations/api_op_DescribeAccount.go | 16 +- .../api_op_DescribeCreateAccountStatus.go | 3 +- .../api_op_DescribeEffectivePolicy.go | 6 +- .../api_op_DescribeOrganizationalUnit.go | 2 +- .../organizations/api_op_DescribePolicy.go | 2 +- service/organizations/api_op_DetachPolicy.go | 8 +- .../api_op_DisableAWSServiceAccess.go | 75 ++-- .../organizations/api_op_DisablePolicyType.go | 16 +- .../api_op_EnableAWSServiceAccess.go | 36 +- .../organizations/api_op_EnableAllFeatures.go | 6 +- .../organizations/api_op_EnablePolicyType.go | 13 +- .../api_op_InviteAccountToOrganization.go | 42 +- .../organizations/api_op_LeaveOrganization.go | 50 +-- ..._op_ListAWSServiceAccessForOrganization.go | 19 +- service/organizations/api_op_ListAccounts.go | 4 +- .../api_op_ListAccountsForParent.go | 2 +- service/organizations/api_op_ListChildren.go | 2 +- .../api_op_ListCreateAccountStatus.go | 2 +- .../api_op_ListDelegatedAdministrators.go | 8 +- .../api_op_ListDelegatedServicesForAccount.go | 8 +- .../api_op_ListHandshakesForAccount.go | 6 +- .../api_op_ListHandshakesForOrganization.go | 16 +- ...api_op_ListOrganizationalUnitsForParent.go | 3 +- service/organizations/api_op_ListParents.go | 4 +- service/organizations/api_op_ListPolicies.go | 3 +- .../api_op_ListPoliciesForTarget.go | 2 +- service/organizations/api_op_ListRoots.go | 12 +- .../api_op_ListTagsForResource.go | 31 +- .../api_op_ListTargetsForPolicy.go | 4 +- .../api_op_RegisterDelegatedAdministrator.go | 18 +- .../api_op_RemoveAccountFromOrganization.go | 33 +- service/organizations/api_op_TagResource.go | 49 +-- service/organizations/api_op_UntagResource.go | 31 +- service/organizations/api_op_UpdatePolicy.go | 2 +- service/organizations/deserializers.go | 271 +++++++++++- service/organizations/doc.go | 77 ++-- service/organizations/generated.json | 1 + service/organizations/serializers.go | 67 +++ service/organizations/types/enums.go | 16 +- service/organizations/types/errors.go | 398 ++++++++++-------- service/organizations/types/types.go | 154 +++---- service/organizations/validators.go | 39 ++ 52 files changed, 1403 insertions(+), 769 deletions(-) create mode 100644 .changelog/53d0643750ae4c72802c52bda5ddeae0.json create mode 100644 service/organizations/api_op_CloseAccount.go diff --git a/.changelog/53d0643750ae4c72802c52bda5ddeae0.json b/.changelog/53d0643750ae4c72802c52bda5ddeae0.json new file mode 100644 index 00000000000..613f53eef55 --- /dev/null +++ b/.changelog/53d0643750ae4c72802c52bda5ddeae0.json @@ -0,0 +1,8 @@ +{ + "id": "53d06437-50ae-4c72-802c-52bda5ddeae0", + "type": "feature", + "description": "This release provides the new CloseAccount API that enables principals in the management account to close any member account within an organization.", + "modules": [ + "service/organizations" + ] +} \ No newline at end of file diff --git a/service/organizations/api_op_AcceptHandshake.go b/service/organizations/api_op_AcceptHandshake.go index 2ffcdf0a7ca..20e01b18d6b 100644 --- a/service/organizations/api_op_AcceptHandshake.go +++ b/service/organizations/api_op_AcceptHandshake.go @@ -20,24 +20,24 @@ import ( // from the member account. The user who calls the API for an invitation to join // must have the organizations:AcceptHandshake permission. If you enabled all // features in the organization, the user must also have the -// iam:CreateServiceLinkedRole permission so that AWS Organizations can create the +// iam:CreateServiceLinkedRole permission so that Organizations can create the // required service-linked role named AWSServiceRoleForOrganizations. For more -// information, see AWS Organizations and Service-Linked Roles -// (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integration_services.html#orgs_integration_service-linked-roles) -// in the AWS Organizations User Guide. +// information, see Organizations and Service-Linked Roles +// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integration_services.html#orgs_integration_service-linked-roles) +// in the Organizations User Guide. // // * Enable all features final confirmation // handshake: only a principal from the management account. For more information -// about invitations, see Inviting an AWS Account to Join Your Organization +// about invitations, see Inviting an Amazon Web Services account to join your +// organization // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_invites.html) -// in the AWS Organizations User Guide. For more information about requests to -// enable all features in the organization, see Enabling All Features in Your -// Organization +// in the Organizations User Guide. For more information about requests to enable +// all features in the organization, see Enabling all features in your organization // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) -// in the AWS Organizations User Guide. +// in the Organizations User Guide. // -// After you accept a handshake, it continues -// to appear in the results of relevant APIs for only 30 days. After that, it's +// After you accept a handshake, it continues to +// appear in the results of relevant APIs for only 30 days. After that, it's // deleted. func (c *Client) AcceptHandshake(ctx context.Context, params *AcceptHandshakeInput, optFns ...func(*Options)) (*AcceptHandshakeOutput, error) { if params == nil { diff --git a/service/organizations/api_op_AttachPolicy.go b/service/organizations/api_op_AttachPolicy.go index 06ac509f2bd..8428d9d0705 100644 --- a/service/organizations/api_op_AttachPolicy.go +++ b/service/organizations/api_op_AttachPolicy.go @@ -12,7 +12,7 @@ import ( // Attaches a policy to a root, an organizational unit (OU), or an individual // account. How the policy affects accounts depends on the type of policy. Refer to -// the AWS Organizations User Guide for information about each policy type: +// the Organizations User Guide for information about each policy type: // // * // AISERVICES_OPT_OUT_POLICY diff --git a/service/organizations/api_op_CloseAccount.go b/service/organizations/api_op_CloseAccount.go new file mode 100644 index 00000000000..f84ac579178 --- /dev/null +++ b/service/organizations/api_op_CloseAccount.go @@ -0,0 +1,118 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package organizations + +import ( + "context" + awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" + "github.com/aws/aws-sdk-go-v2/aws/signer/v4" + "github.com/aws/smithy-go/middleware" + smithyhttp "github.com/aws/smithy-go/transport/http" +) + +// Closes an Amazon Web Services account that is now a part of an Organizations, +// either created within the organization, or invited to join the organization. +func (c *Client) CloseAccount(ctx context.Context, params *CloseAccountInput, optFns ...func(*Options)) (*CloseAccountOutput, error) { + if params == nil { + params = &CloseAccountInput{} + } + + result, metadata, err := c.invokeOperation(ctx, "CloseAccount", params, optFns, c.addOperationCloseAccountMiddlewares) + if err != nil { + return nil, err + } + + out := result.(*CloseAccountOutput) + out.ResultMetadata = metadata + return out, nil +} + +type CloseAccountInput struct { + + // Retrieves the Amazon Web Services account Id for the current CloseAccount API + // request. + // + // This member is required. + AccountId *string + + noSmithyDocumentSerde +} + +type CloseAccountOutput struct { + // Metadata pertaining to the operation's result. + ResultMetadata middleware.Metadata + + noSmithyDocumentSerde +} + +func (c *Client) addOperationCloseAccountMiddlewares(stack *middleware.Stack, options Options) (err error) { + err = stack.Serialize.Add(&awsAwsjson11_serializeOpCloseAccount{}, middleware.After) + if err != nil { + return err + } + err = stack.Deserialize.Add(&awsAwsjson11_deserializeOpCloseAccount{}, middleware.After) + if err != nil { + return err + } + if err = addSetLoggerMiddleware(stack, options); err != nil { + return err + } + if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil { + return err + } + if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil { + return err + } + if err = addResolveEndpointMiddleware(stack, options); err != nil { + return err + } + if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil { + return err + } + if err = addRetryMiddlewares(stack, options); err != nil { + return err + } + if err = addHTTPSignerV4Middleware(stack, options); err != nil { + return err + } + if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil { + return err + } + if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil { + return err + } + if err = addClientUserAgent(stack); err != nil { + return err + } + if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = addOpCloseAccountValidationMiddleware(stack); err != nil { + return err + } + if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCloseAccount(options.Region), middleware.Before); err != nil { + return err + } + if err = addRequestIDRetrieverMiddleware(stack); err != nil { + return err + } + if err = addResponseErrorMiddleware(stack); err != nil { + return err + } + if err = addRequestResponseLogging(stack, options); err != nil { + return err + } + return nil +} + +func newServiceMetadataMiddleware_opCloseAccount(region string) *awsmiddleware.RegisterServiceMetadata { + return &awsmiddleware.RegisterServiceMetadata{ + Region: region, + ServiceID: ServiceID, + SigningName: "organizations", + OperationName: "CloseAccount", + } +} diff --git a/service/organizations/api_op_CreateAccount.go b/service/organizations/api_op_CreateAccount.go index aab94e8d5ed..8017fad8f54 100644 --- a/service/organizations/api_op_CreateAccount.go +++ b/service/organizations/api_op_CreateAccount.go @@ -11,69 +11,70 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Creates an AWS account that is automatically a member of the organization whose -// credentials made the request. This is an asynchronous request that AWS performs -// in the background. Because CreateAccount operates asynchronously, it can return -// a successful completion message even though account initialization might still -// be in progress. You might need to wait a few minutes before you can successfully -// access the account. To check the status of the request, do one of the -// following: +// Creates an Amazon Web Services account that is automatically a member of the +// organization whose credentials made the request. This is an asynchronous request +// that Amazon Web Services performs in the background. Because CreateAccount +// operates asynchronously, it can return a successful completion message even +// though account initialization might still be in progress. You might need to wait +// a few minutes before you can successfully access the account. To check the +// status of the request, do one of the following: // -// * Use the Id member of the CreateAccountStatus response element from -// this operation to provide as a parameter to the DescribeCreateAccountStatus -// operation. +// * Use the Id member of the +// CreateAccountStatus response element from this operation to provide as a +// parameter to the DescribeCreateAccountStatus operation. // -// * Check the AWS CloudTrail log for the CreateAccountResult event. -// For information on using AWS CloudTrail with AWS Organizations, see Logging and -// monitoring in AWS Organizations -// (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_security_incident-response.html#orgs_cloudtrail-integration) -// in the AWS Organizations User Guide. +// * Check the CloudTrail +// log for the CreateAccountResult event. For information on using CloudTrail with +// Organizations, see Logging and monitoring in Organizations +// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_security_incident-response.html#orgs_cloudtrail-integration) +// in the Organizations User Guide. // // The user who calls the API to create an // account must have the organizations:CreateAccount permission. If you enabled all -// features in the organization, AWS Organizations creates the required -// service-linked role named AWSServiceRoleForOrganizations. For more information, -// see AWS Organizations and Service-Linked Roles -// (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs) -// in the AWS Organizations User Guide. If the request includes tags, then the -// requester must have the organizations:TagResource permission. AWS Organizations +// features in the organization, Organizations creates the required service-linked +// role named AWSServiceRoleForOrganizations. For more information, see +// Organizations and Service-Linked Roles +// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs) +// in the Organizations User Guide. If the request includes tags, then the +// requester must have the organizations:TagResource permission. Organizations // preconfigures the new member account with a role (named // OrganizationAccountAccessRole by default) that grants users in the management // account administrator permissions in the new member account. Principals in the -// management account can assume the role. AWS Organizations clones the company -// name and address information for the new account from the organization's -// management account. This operation can be called only from the organization's -// management account. For more information about creating accounts, see Creating -// an AWS Account in Your Organization +// management account can assume the role. Organizations clones the company name +// and address information for the new account from the organization's management +// account. This operation can be called only from the organization's management +// account. For more information about creating accounts, see Creating an Amazon +// Web Services account in Your Organization // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html) -// in the AWS Organizations User Guide. +// in the Organizations User Guide. // // * When you create an account in an -// organization using the AWS Organizations console, API, or CLI commands, the +// organization using the Organizations console, API, or CLI commands, the // information required for the account to operate as a standalone account, such as // a payment method and signing the end user license agreement (EULA) is not // automatically collected. If you must remove an account from your organization // later, you can do so only after you provide the missing information. Follow the // steps at To leave an organization as a member account -// (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) -// in the AWS Organizations User Guide. +// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) +// in the Organizations User Guide. // -// * If you get an exception that indicates -// that you exceeded your account limits for the organization, contact AWS Support -// (https://console.aws.amazon.com/support/home#/). +// * If you get an exception that indicates that +// you exceeded your account limits for the organization, contact Amazon Web +// Services Support (https://console.aws.amazon.com/support/home#/). // -// * If you get an exception that -// indicates that the operation failed because your organization is still -// initializing, wait one hour and then try again. If the error persists, contact -// AWS Support (https://console.aws.amazon.com/support/home#/). +// * If you get +// an exception that indicates that the operation failed because your organization +// is still initializing, wait one hour and then try again. If the error persists, +// contact Amazon Web Services Support +// (https://console.aws.amazon.com/support/home#/). // -// * Using -// CreateAccount to create multiple temporary accounts isn't recommended. You can -// only close an account from the Billing and Cost Management Console, and you must -// be signed in as the root user. For information on the requirements and process -// for closing an account, see Closing an AWS Account -// (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html) -// in the AWS Organizations User Guide. +// * Using CreateAccount to +// create multiple temporary accounts isn't recommended. You can only close an +// account from the Billing and Cost Management console, and you must be signed in +// as the root user. For information on the requirements and process for closing an +// account, see Closing an Amazon Web Services account +// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html) +// in the Organizations User Guide. // // When you create a member account with this // operation, you can choose whether to create the account with the IAM User and @@ -106,10 +107,36 @@ type CreateAccountInput struct { AccountName *string // The email address of the owner to assign to the new member account. This email - // address must not already be associated with another AWS account. You must use a - // valid email address to complete account creation. You can't access the root user - // of the account or remove an account that was created with an invalid email - // address. + // address must not already be associated with another Amazon Web Services account. + // You must use a valid email address to complete account creation. The rules for a + // valid email address: + // + // * The address must be a minimum of 6 and a maximum of 64 + // characters long. + // + // * All characters must be 7-bit ASCII characters. + // + // * There must + // be one and only one @ symbol, which separates the local name from the domain + // name. + // + // * The local name can't contain any of the following characters: + // whitespace, " ' ( ) < > [ ] : ; , \ | % & + // + // * The local name can't begin with a + // dot (.) + // + // * The domain name can consist of only the characters [a-z],[A-Z],[0-9], + // hyphen (-), or dot (.) + // + // * The domain name can't begin or end with a hyphen (-) + // or dot (.) + // + // * The domain name must contain at least one dot + // + // You can't access + // the root user of the account or remove an account that was created with an + // invalid email address. // // This member is required. Email *string @@ -119,12 +146,13 @@ type CreateAccountInput struct { // user of the new account can access account billing information. For more // information, see Activating Access to the Billing and Cost Management Console // (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate) - // in the AWS Billing and Cost Management User Guide. If you don't specify this - // parameter, the value defaults to ALLOW, and IAM users and roles with the - // required permissions can access billing information for the new account. + // in the Amazon Web Services Billing and Cost Management User Guide. If you don't + // specify this parameter, the value defaults to ALLOW, and IAM users and roles + // with the required permissions can access billing information for the new + // account. IamUserAccessToBilling types.IAMUserAccessToBilling - // (Optional) The name of an IAM role that AWS Organizations automatically + // (Optional) The name of an IAM role that Organizations automatically // preconfigures in the new member account. This role trusts the management // account, allowing users in the management account to assume the role, as // permitted by the management account administrator. The role has administrator @@ -135,10 +163,10 @@ type CreateAccountInput struct { // * // Accessing and Administering the Member Accounts in Your Organization // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role) - // in the AWS Organizations User Guide + // in the Organizations User Guide // - // * Steps 2 and 3 in Tutorial: Delegate - // Access Across AWS Accounts Using IAM Roles + // * Steps 2 and 3 in Tutorial: Delegate Access + // Across Amazon Web Services accounts Using IAM Roles // (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html) // in the IAM User Guide // @@ -151,11 +179,11 @@ type CreateAccountInput struct { // A list of tags that you want to attach to the newly created account. For each // tag in the list, you must specify both a tag key and a value. You can set the // value to an empty string, but you can't set it to null. For more information - // about tagging, see Tagging AWS Organizations resources + // about tagging, see Tagging Organizations resources // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html) - // in the AWS Organizations User Guide. If any one of the tags is invalid or if you - // exceed the allowed number of tags for an account, then the entire request fails - // and the account is not created. + // in the Organizations User Guide. If any one of the tags is invalid or if you + // exceed the maximum allowed number of tags for an account, then the entire + // request fails and the account is not created. Tags []types.Tag noSmithyDocumentSerde @@ -168,10 +196,10 @@ type CreateAccountOutput struct { // because account creation is an asynchronous process. You can pass the returned // CreateAccountStatus ID as a parameter to DescribeCreateAccountStatus to get // status about the progress of the request at later times. You can also check the - // AWS CloudTrail log for the CreateAccountResult event. For more information, see + // CloudTrail log for the CreateAccountResult event. For more information, see // Monitoring the Activity in Your Organization - // (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_monitoring.html) - // in the AWS Organizations User Guide. + // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_monitoring.html) + // in the Organizations User Guide. CreateAccountStatus *types.CreateAccountStatus // Metadata pertaining to the operation's result. diff --git a/service/organizations/api_op_CreateGovCloudAccount.go b/service/organizations/api_op_CreateGovCloudAccount.go index c7060d731e8..1b866226107 100644 --- a/service/organizations/api_op_CreateGovCloudAccount.go +++ b/service/organizations/api_op_CreateGovCloudAccount.go @@ -14,111 +14,116 @@ import ( // This action is available if all of the following are true: // // * You're authorized -// to create accounts in the AWS GovCloud (US) Region. For more information on the -// AWS GovCloud (US) Region, see the AWS GovCloud User Guide. -// (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/welcome.html) +// to create accounts in the Amazon Web Services GovCloud (US) Region. For more +// information on the Amazon Web Services GovCloud (US) Region, see the Amazon Web +// Services GovCloud User Guide. +// (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/welcome.html) // // * You -// already have an account in the AWS GovCloud (US) Region that is paired with a -// management account of an organization in the commercial Region. +// already have an account in the Amazon Web Services GovCloud (US) Region that is +// paired with a management account of an organization in the commercial Region. // -// * You call this -// action from the management account of your organization in the commercial -// Region. +// * +// You call this action from the management account of your organization in the +// commercial Region. // -// * You have the organizations:CreateGovCloudAccount permission. +// * You have the organizations:CreateGovCloudAccount +// permission. // -// AWS -// Organizations automatically creates the required service-linked role named -// AWSServiceRoleForOrganizations. For more information, see AWS Organizations and -// Service-Linked Roles -// (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs) -// in the AWS Organizations User Guide. AWS automatically enables AWS CloudTrail -// for AWS GovCloud (US) accounts, but you should also do the following: +// Organizations automatically creates the required service-linked +// role named AWSServiceRoleForOrganizations. For more information, see +// Organizations and Service-Linked Roles +// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs) +// in the Organizations User Guide. Amazon Web Services automatically enables +// CloudTrail for Amazon Web Services GovCloud (US) accounts, but you should also +// do the following: // -// * Verify -// that AWS CloudTrail is enabled to store logs. +// * Verify that CloudTrail is enabled to store logs. // -// * Create an S3 bucket for AWS -// CloudTrail log storage. For more information, see Verifying AWS CloudTrail Is -// Enabled -// (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/verifying-cloudtrail.html) -// in the AWS GovCloud User Guide. +// * Create +// an Amazon S3 bucket for CloudTrail log storage. For more information, see +// Verifying CloudTrail Is Enabled +// (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/verifying-cloudtrail.html) +// in the Amazon Web Services GovCloud User Guide. // -// If the request includes tags, then the -// requester must have the organizations:TagResource permission. The tags are -// attached to the commercial account associated with the GovCloud account, rather -// than the GovCloud account itself. To add tags to the GovCloud account, call the -// TagResource operation in the GovCloud Region after the new GovCloud account -// exists. You call this action from the management account of your organization in -// the commercial Region to create a standalone AWS account in the AWS GovCloud -// (US) Region. After the account is created, the management account of an -// organization in the AWS GovCloud (US) Region can invite it to that organization. -// For more information on inviting standalone accounts in the AWS GovCloud (US) to -// join an organization, see AWS Organizations -// (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) -// in the AWS GovCloud User Guide. Calling CreateGovCloudAccount is an asynchronous -// request that AWS performs in the background. Because CreateGovCloudAccount -// operates asynchronously, it can return a successful completion message even -// though account initialization might still be in progress. You might need to wait -// a few minutes before you can successfully access the account. To check the -// status of the request, do one of the following: +// If the request includes tags, +// then the requester must have the organizations:TagResource permission. The tags +// are attached to the commercial account associated with the GovCloud account, +// rather than the GovCloud account itself. To add tags to the GovCloud account, +// call the TagResource operation in the GovCloud Region after the new GovCloud +// account exists. You call this action from the management account of your +// organization in the commercial Region to create a standalone Amazon Web Services +// account in the Amazon Web Services GovCloud (US) Region. After the account is +// created, the management account of an organization in the Amazon Web Services +// GovCloud (US) Region can invite it to that organization. For more information on +// inviting standalone accounts in the Amazon Web Services GovCloud (US) to join an +// organization, see Organizations +// (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) +// in the Amazon Web Services GovCloud User Guide. Calling CreateGovCloudAccount is +// an asynchronous request that Amazon Web Services performs in the background. +// Because CreateGovCloudAccount operates asynchronously, it can return a +// successful completion message even though account initialization might still be +// in progress. You might need to wait a few minutes before you can successfully +// access the account. To check the status of the request, do one of the +// following: // -// * Use the OperationId response -// element from this operation to provide as a parameter to the -// DescribeCreateAccountStatus operation. +// * Use the OperationId response element from this operation to +// provide as a parameter to the DescribeCreateAccountStatus operation. // -// * Check the AWS CloudTrail log for the -// CreateAccountResult event. For information on using AWS CloudTrail with -// Organizations, see Monitoring the Activity in Your Organization -// (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_monitoring.html) -// in the AWS Organizations User Guide. +// * Check +// the CloudTrail log for the CreateAccountResult event. For information on using +// CloudTrail with Organizations, see Monitoring the Activity in Your Organization +// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_monitoring.html) +// in the Organizations User Guide. // // When you call the CreateGovCloudAccount -// action, you create two accounts: a standalone account in the AWS GovCloud (US) -// Region and an associated account in the commercial Region for billing and -// support purposes. The account in the commercial Region is automatically a member -// of the organization whose credentials made the request. Both accounts are -// associated with the same email address. A role is created in the new account in -// the commercial Region that allows the management account in the organization in -// the commercial Region to assume it. An AWS GovCloud (US) account is then created -// and associated with the commercial account that you just created. A role is also -// created in the new AWS GovCloud (US) account that can be assumed by the AWS -// GovCloud (US) account that is associated with the management account of the -// commercial organization. For more information and to view a diagram that -// explains how account access works, see AWS Organizations -// (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) -// in the AWS GovCloud User Guide. For more information about creating accounts, -// see Creating an AWS Account in Your Organization +// action, you create two accounts: a standalone account in the Amazon Web Services +// GovCloud (US) Region and an associated account in the commercial Region for +// billing and support purposes. The account in the commercial Region is +// automatically a member of the organization whose credentials made the request. +// Both accounts are associated with the same email address. A role is created in +// the new account in the commercial Region that allows the management account in +// the organization in the commercial Region to assume it. An Amazon Web Services +// GovCloud (US) account is then created and associated with the commercial account +// that you just created. A role is also created in the new Amazon Web Services +// GovCloud (US) account that can be assumed by the Amazon Web Services GovCloud +// (US) account that is associated with the management account of the commercial +// organization. For more information and to view a diagram that explains how +// account access works, see Organizations +// (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) +// in the Amazon Web Services GovCloud User Guide. For more information about +// creating accounts, see Creating an Amazon Web Services account in Your +// Organization // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html) -// in the AWS Organizations User Guide. +// in the Organizations User Guide. // // * When you create an account in an -// organization using the AWS Organizations console, API, or CLI commands, the +// organization using the Organizations console, API, or CLI commands, the // information required for the account to operate as a standalone account is not // automatically collected. This includes a payment method and signing the end user // license agreement (EULA). If you must remove an account from your organization // later, you can do so only after you provide the missing information. Follow the // steps at To leave an organization as a member account -// (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) -// in the AWS Organizations User Guide. +// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) +// in the Organizations User Guide. // -// * If you get an exception that indicates -// that you exceeded your account limits for the organization, contact AWS Support -// (https://console.aws.amazon.com/support/home#/). +// * If you get an exception that indicates that +// you exceeded your account limits for the organization, contact Amazon Web +// Services Support (https://console.aws.amazon.com/support/home#/). // -// * If you get an exception that -// indicates that the operation failed because your organization is still -// initializing, wait one hour and then try again. If the error persists, contact -// AWS Support (https://console.aws.amazon.com/support/home#/). +// * If you get +// an exception that indicates that the operation failed because your organization +// is still initializing, wait one hour and then try again. If the error persists, +// contact Amazon Web Services Support +// (https://console.aws.amazon.com/support/home#/). // -// * Using -// CreateGovCloudAccount to create multiple temporary accounts isn't recommended. -// You can only close an account from the AWS Billing and Cost Management console, -// and you must be signed in as the root user. For information on the requirements -// and process for closing an account, see Closing an AWS Account -// (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html) -// in the AWS Organizations User Guide. +// * Using CreateGovCloudAccount +// to create multiple temporary accounts isn't recommended. You can only close an +// account from the Amazon Web Services Billing and Cost Management console, and +// you must be signed in as the root user. For information on the requirements and +// process for closing an account, see Closing an Amazon Web Services account +// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html) +// in the Organizations User Guide. // // When you create a member account with this // operation, you can choose whether to create the account with the IAM User and @@ -150,14 +155,40 @@ type CreateGovCloudAccountInput struct { // This member is required. AccountName *string - // The email address of the owner to assign to the new member account in the - // commercial Region. This email address must not already be associated with - // another AWS account. You must use a valid email address to complete account - // creation. You can't access the root user of the account or remove an account - // that was created with an invalid email address. Like all request parameters for - // CreateGovCloudAccount, the request for the email address for the AWS GovCloud - // (US) account originates from the commercial Region, not from the AWS GovCloud - // (US) Region. + // Specifies the email address of the owner to assign to the new member account in + // the commercial Region. This email address must not already be associated with + // another Amazon Web Services account. You must use a valid email address to + // complete account creation. The rules for a valid email address: + // + // * The address + // must be a minimum of 6 and a maximum of 64 characters long. + // + // * All characters + // must be 7-bit ASCII characters. + // + // * There must be one and only one @ symbol, + // which separates the local name from the domain name. + // + // * The local name can't + // contain any of the following characters: whitespace, " ' ( ) < > [ ] : ; , \ | % + // & + // + // * The local name can't begin with a dot (.) + // + // * The domain name can consist of + // only the characters [a-z],[A-Z],[0-9], hyphen (-), or dot (.) + // + // * The domain name + // can't begin or end with a hyphen (-) or dot (.) + // + // * The domain name must contain + // at least one dot + // + // You can't access the root user of the account or remove an + // account that was created with an invalid email address. Like all request + // parameters for CreateGovCloudAccount, the request for the email address for the + // Amazon Web Services GovCloud (US) account originates from the commercial Region, + // not from the Amazon Web Services GovCloud (US) Region. // // This member is required. Email *string @@ -168,23 +199,24 @@ type CreateGovCloudAccountInput struct { // account billing information. For more information, see Activating Access to the // Billing and Cost Management Console // (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate) - // in the AWS Billing and Cost Management User Guide. If you don't specify this - // parameter, the value defaults to ALLOW, and IAM users and roles with the - // required permissions can access billing information for the new account. + // in the Amazon Web Services Billing and Cost Management User Guide. If you don't + // specify this parameter, the value defaults to ALLOW, and IAM users and roles + // with the required permissions can access billing information for the new + // account. IamUserAccessToBilling types.IAMUserAccessToBilling - // (Optional) The name of an IAM role that AWS Organizations automatically - // preconfigures in the new member accounts in both the AWS GovCloud (US) Region - // and in the commercial Region. This role trusts the management account, allowing - // users in the management account to assume the role, as permitted by the - // management account administrator. The role has administrator permissions in the - // new member account. If you don't specify this parameter, the role name defaults - // to OrganizationAccountAccessRole. For more information about how to use this - // role to access the member account, see Accessing and Administering the Member - // Accounts in Your Organization + // (Optional) The name of an IAM role that Organizations automatically + // preconfigures in the new member accounts in both the Amazon Web Services + // GovCloud (US) Region and in the commercial Region. This role trusts the + // management account, allowing users in the management account to assume the role, + // as permitted by the management account administrator. The role has administrator + // permissions in the new member account. If you don't specify this parameter, the + // role name defaults to OrganizationAccountAccessRole. For more information about + // how to use this role to access the member account, see Accessing and + // Administering the Member Accounts in Your Organization // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role) - // in the AWS Organizations User Guide and steps 2 and 3 in Tutorial: Delegate - // Access Across AWS Accounts Using IAM Roles + // in the Organizations User Guide and steps 2 and 3 in Tutorial: Delegate Access + // Across Amazon Web Services accounts Using IAM Roles // (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html) // in the IAM User Guide. The regex pattern (http://wikipedia.org/wiki/regex) that // is used to validate this parameter. The pattern can include uppercase letters, @@ -198,11 +230,11 @@ type CreateGovCloudAccountInput struct { // call the TagResource operation in the GovCloud region after the new GovCloud // account exists. For each tag in the list, you must specify both a tag key and a // value. You can set the value to an empty string, but you can't set it to null. - // For more information about tagging, see Tagging AWS Organizations resources + // For more information about tagging, see Tagging Organizations resources // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html) - // in the AWS Organizations User Guide. If any one of the tags is invalid or if you - // exceed the allowed number of tags for an account, then the entire request fails - // and the account is not created. + // in the Organizations User Guide. If any one of the tags is invalid or if you + // exceed the maximum allowed number of tags for an account, then the entire + // request fails and the account is not created. Tags []types.Tag noSmithyDocumentSerde @@ -211,7 +243,8 @@ type CreateGovCloudAccountInput struct { type CreateGovCloudAccountOutput struct { // Contains the status about a CreateAccount or CreateGovCloudAccount request to - // create an AWS account or an AWS GovCloud (US) account in an organization. + // create an Amazon Web Services account or an Amazon Web Services GovCloud (US) + // account in an organization. CreateAccountStatus *types.CreateAccountStatus // Metadata pertaining to the operation's result. diff --git a/service/organizations/api_op_CreateOrganization.go b/service/organizations/api_op_CreateOrganization.go index 9916dc79c2a..f677eb902de 100644 --- a/service/organizations/api_op_CreateOrganization.go +++ b/service/organizations/api_op_CreateOrganization.go @@ -11,8 +11,8 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Creates an AWS organization. The account whose user is calling the -// CreateOrganization operation automatically becomes the management account +// Creates an Amazon Web Services organization. The account whose user is calling +// the CreateOrganization operation automatically becomes the management account // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#account) // of the new organization. This operation must be called using credentials from // the account that is to become the new organization's management account. The @@ -47,15 +47,15 @@ type CreateOrganizationInput struct { // accounts have their bills consolidated to and paid by the management account. // For more information, see Consolidated billing // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-cb-only) - // in the AWS Organizations User Guide. The consolidated billing feature subset - // isn't available for organizations in the AWS GovCloud (US) Region. + // in the Organizations User Guide. The consolidated billing feature subset isn't + // available for organizations in the Amazon Web Services GovCloud (US) Region. // - // * ALL: In - // addition to all the features supported by the consolidated billing feature set, - // the management account can also apply any policy type to any member account in - // the organization. For more information, see All features + // * + // ALL: In addition to all the features supported by the consolidated billing + // feature set, the management account can also apply any policy type to any member + // account in the organization. For more information, see All features // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-all) - // in the AWS Organizations User Guide. + // in the Organizations User Guide. FeatureSet types.OrganizationFeatureSet noSmithyDocumentSerde diff --git a/service/organizations/api_op_CreateOrganizationalUnit.go b/service/organizations/api_op_CreateOrganizationalUnit.go index 6ddbb6dc423..18a462a6805 100644 --- a/service/organizations/api_op_CreateOrganizationalUnit.go +++ b/service/organizations/api_op_CreateOrganizationalUnit.go @@ -18,7 +18,7 @@ import ( // service control policies, the limit is five. For more information about OUs, see // Managing Organizational Units // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_ous.html) -// in the AWS Organizations User Guide. If the request includes tags, then the +// in the Organizations User Guide. If the request includes tags, then the // requester must have the organizations:TagResource permission. This operation can // be called only from the organization's management account. func (c *Client) CreateOrganizationalUnit(ctx context.Context, params *CreateOrganizationalUnitInput, optFns ...func(*Options)) (*CreateOrganizationalUnitOutput, error) { @@ -62,9 +62,9 @@ type CreateOrganizationalUnitInput struct { // A list of tags that you want to attach to the newly created OU. For each tag in // the list, you must specify both a tag key and a value. You can set the value to // an empty string, but you can't set it to null. For more information about - // tagging, see Tagging AWS Organizations resources + // tagging, see Tagging Organizations resources // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html) - // in the AWS Organizations User Guide. If any one of the tags is invalid or if you + // in the Organizations User Guide. If any one of the tags is invalid or if you // exceed the allowed number of tags for an OU, then the entire request fails and // the OU is not created. Tags []types.Tag diff --git a/service/organizations/api_op_CreatePolicy.go b/service/organizations/api_op_CreatePolicy.go index 3e92d8a868d..9657f0bebd5 100644 --- a/service/organizations/api_op_CreatePolicy.go +++ b/service/organizations/api_op_CreatePolicy.go @@ -12,8 +12,8 @@ import ( ) // Creates a policy of a specified type that you can attach to a root, an -// organizational unit (OU), or an individual AWS account. For more information -// about policies and their use, see Managing Organization Policies +// organizational unit (OU), or an individual Amazon Web Services account. For more +// information about policies and their use, see Managing Organization Policies // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html). // If the request includes tags, then the requester must have the // organizations:TagResource permission. This operation can be called only from the @@ -77,9 +77,9 @@ type CreatePolicyInput struct { // A list of tags that you want to attach to the newly created policy. For each tag // in the list, you must specify both a tag key and a value. You can set the value // to an empty string, but you can't set it to null. For more information about - // tagging, see Tagging AWS Organizations resources + // tagging, see Tagging Organizations resources // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html) - // in the AWS Organizations User Guide. If any one of the tags is invalid or if you + // in the Organizations User Guide. If any one of the tags is invalid or if you // exceed the allowed number of tags for a policy, then the entire request fails // and the policy is not created. Tags []types.Tag diff --git a/service/organizations/api_op_DeregisterDelegatedAdministrator.go b/service/organizations/api_op_DeregisterDelegatedAdministrator.go index d9726a9edfa..1b7345202d1 100644 --- a/service/organizations/api_op_DeregisterDelegatedAdministrator.go +++ b/service/organizations/api_op_DeregisterDelegatedAdministrator.go @@ -10,16 +10,17 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Removes the specified member AWS account as a delegated administrator for the -// specified AWS service. Deregistering a delegated administrator can have -// unintended impacts on the functionality of the enabled AWS service. See the -// documentation for the enabled service before you deregister a delegated -// administrator so that you understand any potential impacts. You can run this -// action only for AWS services that support this feature. For a current list of -// services that support it, see the column Supports Delegated Administrator in the -// table at AWS Services that you can use with AWS Organizations +// Removes the specified member Amazon Web Services account as a delegated +// administrator for the specified Amazon Web Services service. Deregistering a +// delegated administrator can have unintended impacts on the functionality of the +// enabled Amazon Web Services service. See the documentation for the enabled +// service before you deregister a delegated administrator so that you understand +// any potential impacts. You can run this action only for Amazon Web Services +// services that support this feature. For a current list of services that support +// it, see the column Supports Delegated Administrator in the table at Amazon Web +// Services Services that you can use with Organizations // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html) -// in the AWS Organizations User Guide. This operation can be called only from the +// in the Organizations User Guide. This operation can be called only from the // organization's management account. func (c *Client) DeregisterDelegatedAdministrator(ctx context.Context, params *DeregisterDelegatedAdministratorInput, optFns ...func(*Options)) (*DeregisterDelegatedAdministratorOutput, error) { if params == nil { @@ -44,11 +45,12 @@ type DeregisterDelegatedAdministratorInput struct { // This member is required. AccountId *string - // The service principal name of an AWS service for which the account is a - // delegated administrator. Delegated administrator privileges are revoked for only - // the specified AWS service from the member account. If the specified service is - // the only service for which the member account is a delegated administrator, the - // operation also revokes Organizations read action permissions. + // The service principal name of an Amazon Web Services service for which the + // account is a delegated administrator. Delegated administrator privileges are + // revoked for only the specified Amazon Web Services service from the member + // account. If the specified service is the only service for which the member + // account is a delegated administrator, the operation also revokes Organizations + // read action permissions. // // This member is required. ServicePrincipal *string diff --git a/service/organizations/api_op_DescribeAccount.go b/service/organizations/api_op_DescribeAccount.go index 000ef1650da..8fd59a4650d 100644 --- a/service/organizations/api_op_DescribeAccount.go +++ b/service/organizations/api_op_DescribeAccount.go @@ -11,9 +11,10 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Retrieves AWS Organizations-related information about the specified account. -// This operation can be called only from the organization's management account or -// by a member account that is a delegated administrator for an AWS service. +// Retrieves Organizations-related information about the specified account. This +// operation can be called only from the organization's management account or by a +// member account that is a delegated administrator for an Amazon Web Services +// service. func (c *Client) DescribeAccount(ctx context.Context, params *DescribeAccountInput, optFns ...func(*Options)) (*DescribeAccountOutput, error) { if params == nil { params = &DescribeAccountInput{} @@ -31,10 +32,11 @@ func (c *Client) DescribeAccount(ctx context.Context, params *DescribeAccountInp type DescribeAccountInput struct { - // The unique identifier (ID) of the AWS account that you want information about. - // You can get the ID from the ListAccounts or ListAccountsForParent operations. - // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string - // requires exactly 12 digits. + // The unique identifier (ID) of the Amazon Web Services account that you want + // information about. You can get the ID from the ListAccounts or + // ListAccountsForParent operations. The regex pattern + // (http://wikipedia.org/wiki/regex) for an account ID string requires exactly 12 + // digits. // // This member is required. AccountId *string diff --git a/service/organizations/api_op_DescribeCreateAccountStatus.go b/service/organizations/api_op_DescribeCreateAccountStatus.go index 1fe183c1aef..72d7abe1e13 100644 --- a/service/organizations/api_op_DescribeCreateAccountStatus.go +++ b/service/organizations/api_op_DescribeCreateAccountStatus.go @@ -13,7 +13,8 @@ import ( // Retrieves the current status of an asynchronous request to create an account. // This operation can be called only from the organization's management account or -// by a member account that is a delegated administrator for an AWS service. +// by a member account that is a delegated administrator for an Amazon Web Services +// service. func (c *Client) DescribeCreateAccountStatus(ctx context.Context, params *DescribeCreateAccountStatusInput, optFns ...func(*Options)) (*DescribeCreateAccountStatusOutput, error) { if params == nil { params = &DescribeCreateAccountStatusInput{} diff --git a/service/organizations/api_op_DescribeEffectivePolicy.go b/service/organizations/api_op_DescribeEffectivePolicy.go index 9222d53b539..495f1b75b1c 100644 --- a/service/organizations/api_op_DescribeEffectivePolicy.go +++ b/service/organizations/api_op_DescribeEffectivePolicy.go @@ -17,10 +17,10 @@ import ( // directly attached to the account. This operation applies only to policy types // other than service control policies (SCPs). For more information about policy // inheritance, see How Policy Inheritance Works -// (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies-inheritance.html) -// in the AWS Organizations User Guide. This operation can be called only from the +// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies-inheritance.html) +// in the Organizations User Guide. This operation can be called only from the // organization's management account or by a member account that is a delegated -// administrator for an AWS service. +// administrator for an Amazon Web Services service. func (c *Client) DescribeEffectivePolicy(ctx context.Context, params *DescribeEffectivePolicyInput, optFns ...func(*Options)) (*DescribeEffectivePolicyOutput, error) { if params == nil { params = &DescribeEffectivePolicyInput{} diff --git a/service/organizations/api_op_DescribeOrganizationalUnit.go b/service/organizations/api_op_DescribeOrganizationalUnit.go index d8a99859d27..4c44b0109a9 100644 --- a/service/organizations/api_op_DescribeOrganizationalUnit.go +++ b/service/organizations/api_op_DescribeOrganizationalUnit.go @@ -13,7 +13,7 @@ import ( // Retrieves information about an organizational unit (OU). This operation can be // called only from the organization's management account or by a member account -// that is a delegated administrator for an AWS service. +// that is a delegated administrator for an Amazon Web Services service. func (c *Client) DescribeOrganizationalUnit(ctx context.Context, params *DescribeOrganizationalUnitInput, optFns ...func(*Options)) (*DescribeOrganizationalUnitOutput, error) { if params == nil { params = &DescribeOrganizationalUnitInput{} diff --git a/service/organizations/api_op_DescribePolicy.go b/service/organizations/api_op_DescribePolicy.go index 67e8591899d..ba8baf073ad 100644 --- a/service/organizations/api_op_DescribePolicy.go +++ b/service/organizations/api_op_DescribePolicy.go @@ -13,7 +13,7 @@ import ( // Retrieves information about a policy. This operation can be called only from the // organization's management account or by a member account that is a delegated -// administrator for an AWS service. +// administrator for an Amazon Web Services service. func (c *Client) DescribePolicy(ctx context.Context, params *DescribePolicyInput, optFns ...func(*Options)) (*DescribePolicyOutput, error) { if params == nil { params = &DescribePolicyInput{} diff --git a/service/organizations/api_op_DetachPolicy.go b/service/organizations/api_op_DetachPolicy.go index 5e836a5a983..acda0e73b15 100644 --- a/service/organizations/api_op_DetachPolicy.go +++ b/service/organizations/api_op_DetachPolicy.go @@ -12,10 +12,10 @@ import ( // Detaches a policy from a target root, organizational unit (OU), or account. If // the policy being detached is a service control policy (SCP), the changes to -// permissions for AWS Identity and Access Management (IAM) users and roles in -// affected accounts are immediate. Every root, OU, and account must have at least -// one SCP attached. If you want to replace the default FullAWSAccess policy with -// an SCP that limits the permissions that can be delegated, you must attach the +// permissions for Identity and Access Management (IAM) users and roles in affected +// accounts are immediate. Every root, OU, and account must have at least one SCP +// attached. If you want to replace the default FullAWSAccess policy with an SCP +// that limits the permissions that can be delegated, you must attach the // replacement SCP before you can remove the default SCP. This is the authorization // strategy of an "allow list // (https://docs.aws.amazon.com/organizations/latest/userguide/SCP_strategies.html#orgs_policies_allowlist)". diff --git a/service/organizations/api_op_DisableAWSServiceAccess.go b/service/organizations/api_op_DisableAWSServiceAccess.go index cb1b9824483..c3ca506bd7f 100644 --- a/service/organizations/api_op_DisableAWSServiceAccess.go +++ b/service/organizations/api_op_DisableAWSServiceAccess.go @@ -10,22 +10,23 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Disables the integration of an AWS service (the service that is specified by -// ServicePrincipal) with AWS Organizations. When you disable integration, the -// specified service no longer can create a service-linked role -// (http://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html) +// Disables the integration of an Amazon Web Services service (the service that is +// specified by ServicePrincipal) with Organizations. When you disable integration, +// the specified service no longer can create a service-linked role +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html) // in new accounts in your organization. This means the service can't perform // operations on your behalf on any new accounts in your organization. The service // can still perform operations in older accounts until the service completes its -// clean-up from AWS Organizations. We strongly recommend that you don't use this -// command to disable integration between AWS Organizations and the specified AWS -// service. Instead, use the console or commands that are provided by the specified -// service. This lets the trusted service perform any required initialization when -// enabling trusted access, such as creating any required resources and any -// required clean up of resources when disabling trusted access. For information -// about how to disable trusted service access to your organization using the -// trusted service, see the Learn more link under the Supports Trusted Access -// column at AWS services that you can use with AWS Organizations +// clean-up from Organizations. We strongly recommend that you don't use this +// command to disable integration between Organizations and the specified Amazon +// Web Services service. Instead, use the console or commands that are provided by +// the specified service. This lets the trusted service perform any required +// initialization when enabling trusted access, such as creating any required +// resources and any required clean up of resources when disabling trusted access. +// For information about how to disable trusted service access to your organization +// using the trusted service, see the Learn more link under the Supports Trusted +// Access column at Amazon Web Services services that you can use with +// Organizations // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html). // on this page. If you disable access by using this command, it causes the // following actions to occur: @@ -34,32 +35,32 @@ import ( // role in the accounts in your organization. This means that the service can't // perform operations on your behalf on any new accounts in your organization. The // service can still perform operations in older accounts until the service -// completes its clean-up from AWS Organizations. +// completes its clean-up from Organizations. // -// * The service can no longer -// perform tasks in the member accounts in the organization, unless those -// operations are explicitly permitted by the IAM policies that are attached to -// your roles. This includes any data aggregation from the member accounts to the -// management account, or to a delegated administrator account, where relevant. +// * The service can no longer perform +// tasks in the member accounts in the organization, unless those operations are +// explicitly permitted by the IAM policies that are attached to your roles. This +// includes any data aggregation from the member accounts to the management +// account, or to a delegated administrator account, where relevant. // -// * -// Some services detect this and clean up any remaining data or resources related -// to the integration, while other services stop accessing the organization but -// leave any historical data and configuration in place to support a possible -// re-enabling of the integration. +// * Some +// services detect this and clean up any remaining data or resources related to the +// integration, while other services stop accessing the organization but leave any +// historical data and configuration in place to support a possible re-enabling of +// the integration. // -// Using the other service's console or commands -// to disable the integration ensures that the other service is aware that it can -// clean up any resources that are required only for the integration. How the -// service cleans up its resources in the organization's accounts depends on that -// service. For more information, see the documentation for the other AWS service. +// Using the other service's console or commands to disable the +// integration ensures that the other service is aware that it can clean up any +// resources that are required only for the integration. How the service cleans up +// its resources in the organization's accounts depends on that service. For more +// information, see the documentation for the other Amazon Web Services service. // After you perform the DisableAWSServiceAccess operation, the specified service // can no longer perform operations in your organization's accounts For more -// information about integrating other services with AWS Organizations, including -// the list of services that work with Organizations, see Integrating AWS -// Organizations with Other AWS Services -// (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html) -// in the AWS Organizations User Guide. This operation can be called only from the +// information about integrating other services with Organizations, including the +// list of services that work with Organizations, see Integrating Organizations +// with Other Amazon Web Services Services +// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html) +// in the Organizations User Guide. This operation can be called only from the // organization's management account. func (c *Client) DisableAWSServiceAccess(ctx context.Context, params *DisableAWSServiceAccessInput, optFns ...func(*Options)) (*DisableAWSServiceAccessOutput, error) { if params == nil { @@ -78,9 +79,9 @@ func (c *Client) DisableAWSServiceAccess(ctx context.Context, params *DisableAWS type DisableAWSServiceAccessInput struct { - // The service principal name of the AWS service for which you want to disable - // integration with your organization. This is typically in the form of a URL, such - // as service-abbreviation.amazonaws.com. + // The service principal name of the Amazon Web Services service for which you want + // to disable integration with your organization. This is typically in the form of + // a URL, such as service-abbreviation.amazonaws.com. // // This member is required. ServicePrincipal *string diff --git a/service/organizations/api_op_DisablePolicyType.go b/service/organizations/api_op_DisablePolicyType.go index 68d095dbca2..ec158ffd078 100644 --- a/service/organizations/api_op_DisablePolicyType.go +++ b/service/organizations/api_op_DisablePolicyType.go @@ -16,15 +16,15 @@ import ( // After you perform this operation, you no longer can attach policies of the // specified type to that root or to any organizational unit (OU) or account in // that root. You can undo this by using the EnablePolicyType operation. This is an -// asynchronous request that AWS performs in the background. If you disable a -// policy type for a root, it still appears enabled for the organization if all -// features +// asynchronous request that Amazon Web Services performs in the background. If you +// disable a policy type for a root, it still appears enabled for the organization +// if all features // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) -// are enabled for the organization. AWS recommends that you first use ListRoots to -// see the status of policy types for a specified root, and then use this -// operation. This operation can be called only from the organization's management -// account. To view the status of available policy types in the organization, use -// DescribeOrganization. +// are enabled for the organization. Amazon Web Services recommends that you first +// use ListRoots to see the status of policy types for a specified root, and then +// use this operation. This operation can be called only from the organization's +// management account. To view the status of available policy types in the +// organization, use DescribeOrganization. func (c *Client) DisablePolicyType(ctx context.Context, params *DisablePolicyTypeInput, optFns ...func(*Options)) (*DisablePolicyTypeOutput, error) { if params == nil { params = &DisablePolicyTypeInput{} diff --git a/service/organizations/api_op_EnableAWSServiceAccess.go b/service/organizations/api_op_EnableAWSServiceAccess.go index 84afe49febf..bdd1899fd8f 100644 --- a/service/organizations/api_op_EnableAWSServiceAccess.go +++ b/service/organizations/api_op_EnableAWSServiceAccess.go @@ -10,25 +10,25 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Enables the integration of an AWS service (the service that is specified by -// ServicePrincipal) with AWS Organizations. When you enable integration, you allow -// the specified service to create a service-linked role -// (http://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html) +// Enables the integration of an Amazon Web Services service (the service that is +// specified by ServicePrincipal) with Organizations. When you enable integration, +// you allow the specified service to create a service-linked role +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html) // in all the accounts in your organization. This allows the service to perform // operations on your behalf in your organization and its accounts. We recommend -// that you enable integration between AWS Organizations and the specified AWS -// service by using the console or commands that are provided by the specified -// service. Doing so ensures that the service is aware that it can create the -// resources that are required for the integration. How the service creates those -// resources in the organization's accounts depends on that service. For more -// information, see the documentation for the other AWS service. For more -// information about enabling services to integrate with AWS Organizations, see -// Integrating AWS Organizations with Other AWS Services -// (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html) -// in the AWS Organizations User Guide. This operation can be called only from the +// that you enable integration between Organizations and the specified Amazon Web +// Services service by using the console or commands that are provided by the +// specified service. Doing so ensures that the service is aware that it can create +// the resources that are required for the integration. How the service creates +// those resources in the organization's accounts depends on that service. For more +// information, see the documentation for the other Amazon Web Services service. +// For more information about enabling services to integrate with Organizations, +// see Integrating Organizations with Other Amazon Web Services Services +// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html) +// in the Organizations User Guide. This operation can be called only from the // organization's management account and only if the organization has enabled all // features -// (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html). +// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html). func (c *Client) EnableAWSServiceAccess(ctx context.Context, params *EnableAWSServiceAccessInput, optFns ...func(*Options)) (*EnableAWSServiceAccessOutput, error) { if params == nil { params = &EnableAWSServiceAccessInput{} @@ -46,9 +46,9 @@ func (c *Client) EnableAWSServiceAccess(ctx context.Context, params *EnableAWSSe type EnableAWSServiceAccessInput struct { - // The service principal name of the AWS service for which you want to enable - // integration with your organization. This is typically in the form of a URL, such - // as service-abbreviation.amazonaws.com. + // The service principal name of the Amazon Web Services service for which you want + // to enable integration with your organization. This is typically in the form of a + // URL, such as service-abbreviation.amazonaws.com. // // This member is required. ServicePrincipal *string diff --git a/service/organizations/api_op_EnableAllFeatures.go b/service/organizations/api_op_EnableAllFeatures.go index f7601040b45..c6bce8d3709 100644 --- a/service/organizations/api_op_EnableAllFeatures.go +++ b/service/organizations/api_op_EnableAllFeatures.go @@ -15,10 +15,10 @@ import ( // policies that can restrict the services and actions that can be called in each // account. Until you enable all features, you have access only to consolidated // billing, and you can't use any of the advanced account administration features -// that AWS Organizations supports. For more information, see Enabling All Features -// in Your Organization +// that Organizations supports. For more information, see Enabling All Features in +// Your Organization // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) -// in the AWS Organizations User Guide. This operation is required only for +// in the Organizations User Guide. This operation is required only for // organizations that were created explicitly with only the consolidated billing // features enabled. Calling this operation sends a handshake to every invited // account in the organization. The feature set change can be finalized and the diff --git a/service/organizations/api_op_EnablePolicyType.go b/service/organizations/api_op_EnablePolicyType.go index 061bcc5e82c..b83a6b833d2 100644 --- a/service/organizations/api_op_EnablePolicyType.go +++ b/service/organizations/api_op_EnablePolicyType.go @@ -14,12 +14,13 @@ import ( // Enables a policy type in a root. After you enable a policy type in a root, you // can attach policies of that type to the root, any organizational unit (OU), or // account in that root. You can undo this by using the DisablePolicyType -// operation. This is an asynchronous request that AWS performs in the background. -// AWS recommends that you first use ListRoots to see the status of policy types -// for a specified root, and then use this operation. This operation can be called -// only from the organization's management account. You can enable a policy type in -// a root only if that policy type is available in the organization. To view the -// status of available policy types in the organization, use DescribeOrganization. +// operation. This is an asynchronous request that Amazon Web Services performs in +// the background. Amazon Web Services recommends that you first use ListRoots to +// see the status of policy types for a specified root, and then use this +// operation. This operation can be called only from the organization's management +// account. You can enable a policy type in a root only if that policy type is +// available in the organization. To view the status of available policy types in +// the organization, use DescribeOrganization. func (c *Client) EnablePolicyType(ctx context.Context, params *EnablePolicyTypeInput, optFns ...func(*Options)) (*EnablePolicyTypeOutput, error) { if params == nil { params = &EnablePolicyTypeInput{} diff --git a/service/organizations/api_op_InviteAccountToOrganization.go b/service/organizations/api_op_InviteAccountToOrganization.go index 72a861d157c..451fe26c9f6 100644 --- a/service/organizations/api_op_InviteAccountToOrganization.go +++ b/service/organizations/api_op_InviteAccountToOrganization.go @@ -12,23 +12,24 @@ import ( ) // Sends an invitation to another account to join your organization as a member -// account. AWS Organizations sends email on your behalf to the email address that -// is associated with the other account's owner. The invitation is implemented as a +// account. Organizations sends email on your behalf to the email address that is +// associated with the other account's owner. The invitation is implemented as a // Handshake whose details are in the response. // -// * You can invite AWS accounts only -// from the same seller as the management account. For example, if your -// organization's management account was created by Amazon Internet Services Pvt. -// Ltd (AISPL), an AWS seller in India, you can invite only other AISPL accounts to -// your organization. You can't combine accounts from AISPL and AWS or from any -// other AWS seller. For more information, see Consolidated Billing in India -// (http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/useconsolidatedbilliing-India.html). +// * You can invite Amazon Web +// Services accounts only from the same seller as the management account. For +// example, if your organization's management account was created by Amazon +// Internet Services Pvt. Ltd (AISPL), an Amazon Web Services seller in India, you +// can invite only other AISPL accounts to your organization. You can't combine +// accounts from AISPL and Amazon Web Services or from any other Amazon Web +// Services seller. For more information, see Consolidated Billing in India +// (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/useconsolidatedbilliing-India.html). // // * // If you receive an exception that indicates that you exceeded your account limits // for the organization or that the operation failed because your organization is // still initializing, wait one hour and then try again. If the error persists -// after an hour, contact AWS Support +// after an hour, contact Amazon Web Services Support // (https://console.aws.amazon.com/support/home#/). // // If the request includes tags, @@ -51,14 +52,14 @@ func (c *Client) InviteAccountToOrganization(ctx context.Context, params *Invite type InviteAccountToOrganizationInput struct { - // The identifier (ID) of the AWS account that you want to invite to join your - // organization. This is a JSON object that contains the following elements: { - // "Type": "ACCOUNT", "Id": "< account id number >" } If you use the AWS CLI, you - // can submit this as a single string, similar to the following example: --target - // Id=123456789012,Type=ACCOUNT If you specify "Type": "ACCOUNT", you must provide - // the AWS account ID number as the Id. If you specify "Type": "EMAIL", you must - // specify the email address that is associated with the account. --target - // Id=diego@example.com,Type=EMAIL + // The identifier (ID) of the Amazon Web Services account that you want to invite + // to join your organization. This is a JSON object that contains the following + // elements: { "Type": "ACCOUNT", "Id": "< account id number >" } If you use the + // CLI, you can submit this as a single string, similar to the following example: + // --target Id=123456789012,Type=ACCOUNT If you specify "Type": "ACCOUNT", you must + // provide the Amazon Web Services account ID number as the Id. If you specify + // "Type": "EMAIL", you must specify the email address that is associated with the + // account. --target Id=diego@example.com,Type=EMAIL // // This member is required. Target *types.HandshakeParty @@ -70,10 +71,9 @@ type InviteAccountToOrganizationInput struct { // A list of tags that you want to attach to the account when it becomes a member // of the organization. For each tag in the list, you must specify both a tag key // and a value. You can set the value to an empty string, but you can't set it to - // null. For more information about tagging, see Tagging AWS Organizations - // resources + // null. For more information about tagging, see Tagging Organizations resources // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html) - // in the AWS Organizations User Guide. Any tags in the request are checked for + // in the Organizations User Guide. Any tags in the request are checked for // compliance with any applicable tag policies when the request is made. The // request is rejected if the tags in the request don't match the requirements of // the policy at that time. Tag policy compliance is not checked again when the diff --git a/service/organizations/api_op_LeaveOrganization.go b/service/organizations/api_op_LeaveOrganization.go index c5b0f3f164d..04d6113228a 100644 --- a/service/organizations/api_op_LeaveOrganization.go +++ b/service/organizations/api_op_LeaveOrganization.go @@ -24,7 +24,7 @@ import ( // * You can // leave an organization as a member account only if the account is configured with // the information required to operate as a standalone account. When you create an -// account in an organization using the AWS Organizations console, API, or CLI +// account in an organization using the Organizations console, API, or CLI // commands, the information required of standalone accounts is not automatically // collected. For each account that you want to make standalone, you must perform // the following steps. If any of the steps are already completed for this account, @@ -37,34 +37,34 @@ import ( // // * Provide a current payment method // -// AWS uses the -// payment method to charge for any billable (not free tier) AWS activity that -// occurs while the account isn't attached to an organization. Follow the steps at -// To leave an organization when all required account information has not yet been -// provided -// (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) -// in the AWS Organizations User Guide. +// Amazon Web +// Services uses the payment method to charge for any billable (not free tier) +// Amazon Web Services activity that occurs while the account isn't attached to an +// organization. Follow the steps at To leave an organization when all required +// account information has not yet been provided +// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) +// in the Organizations User Guide. // -// * The account that you want to leave must -// not be a delegated administrator account for any AWS service enabled for your -// organization. If the account is a delegated administrator, you must first change -// the delegated administrator account to another account that is remaining in the -// organization. +// * The account that you want to leave must not +// be a delegated administrator account for any Amazon Web Services service enabled +// for your organization. If the account is a delegated administrator, you must +// first change the delegated administrator account to another account that is +// remaining in the organization. // -// * You can leave an organization only after you enable IAM user -// access to billing in your account. For more information, see Activating Access -// to the Billing and Cost Management Console -// (http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate) -// in the AWS Billing and Cost Management User Guide. +// * You can leave an organization only after you +// enable IAM user access to billing in your account. For more information, see +// Activating Access to the Billing and Cost Management Console +// (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate) +// in the Amazon Web Services Billing and Cost Management User Guide. // -// * After the account leaves -// the organization, all tags that were attached to the account object in the -// organization are deleted. AWS accounts outside of an organization do not support -// tags. +// * After the +// account leaves the organization, all tags that were attached to the account +// object in the organization are deleted. Amazon Web Services accounts outside of +// an organization do not support tags. // -// * A newly created account has a waiting period before it can be removed -// from its organization. If you get an error that indicates that a wait period is -// required, then try again in a few days. +// * A newly created account has a waiting +// period before it can be removed from its organization. If you get an error that +// indicates that a wait period is required, then try again in a few days. func (c *Client) LeaveOrganization(ctx context.Context, params *LeaveOrganizationInput, optFns ...func(*Options)) (*LeaveOrganizationOutput, error) { if params == nil { params = &LeaveOrganizationInput{} diff --git a/service/organizations/api_op_ListAWSServiceAccessForOrganization.go b/service/organizations/api_op_ListAWSServiceAccessForOrganization.go index 615fd9e2e42..4dade3bad38 100644 --- a/service/organizations/api_op_ListAWSServiceAccessForOrganization.go +++ b/service/organizations/api_op_ListAWSServiceAccessForOrganization.go @@ -12,16 +12,17 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Returns a list of the AWS services that you enabled to integrate with your -// organization. After a service on this list creates the resources that it -// requires for the integration, it can perform operations on your organization and -// its accounts. For more information about integrating other services with AWS +// Returns a list of the Amazon Web Services services that you enabled to integrate +// with your organization. After a service on this list creates the resources that +// it requires for the integration, it can perform operations on your organization +// and its accounts. For more information about integrating other services with // Organizations, including the list of services that currently work with -// Organizations, see Integrating AWS Organizations with Other AWS Services -// (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html) -// in the AWS Organizations User Guide. This operation can be called only from the +// Organizations, see Integrating Organizations with Other Amazon Web Services +// Services +// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html) +// in the Organizations User Guide. This operation can be called only from the // organization's management account or by a member account that is a delegated -// administrator for an AWS service. +// administrator for an Amazon Web Services service. func (c *Client) ListAWSServiceAccessForOrganization(ctx context.Context, params *ListAWSServiceAccessForOrganizationInput, optFns ...func(*Options)) (*ListAWSServiceAccessForOrganizationOutput, error) { if params == nil { params = &ListAWSServiceAccessForOrganizationInput{} @@ -63,7 +64,7 @@ type ListAWSServiceAccessForOrganizationOutput struct { // A list of the service principals for the services that are enabled to integrate // with your organization. Each principal is a structure that includes the name and - // the date that it was enabled for integration with AWS Organizations. + // the date that it was enabled for integration with Organizations. EnabledServicePrincipals []types.EnabledServicePrincipal // If present, indicates that more output is available than is included in the diff --git a/service/organizations/api_op_ListAccounts.go b/service/organizations/api_op_ListAccounts.go index b401c7189ad..e4f1d5aeb72 100644 --- a/service/organizations/api_op_ListAccounts.go +++ b/service/organizations/api_op_ListAccounts.go @@ -19,8 +19,8 @@ import ( // an empty set of results even when there are more results available. The // NextToken response parameter value is null only when there are no more results // to display. This operation can be called only from the organization's management -// account or by a member account that is a delegated administrator for an AWS -// service. +// account or by a member account that is a delegated administrator for an Amazon +// Web Services service. func (c *Client) ListAccounts(ctx context.Context, params *ListAccountsInput, optFns ...func(*Options)) (*ListAccountsOutput, error) { if params == nil { params = &ListAccountsInput{} diff --git a/service/organizations/api_op_ListAccountsForParent.go b/service/organizations/api_op_ListAccountsForParent.go index 6b680761eca..11905f300c6 100644 --- a/service/organizations/api_op_ListAccountsForParent.go +++ b/service/organizations/api_op_ListAccountsForParent.go @@ -22,7 +22,7 @@ import ( // are more results available. The NextToken response parameter value is null only // when there are no more results to display. This operation can be called only // from the organization's management account or by a member account that is a -// delegated administrator for an AWS service. +// delegated administrator for an Amazon Web Services service. func (c *Client) ListAccountsForParent(ctx context.Context, params *ListAccountsForParentInput, optFns ...func(*Options)) (*ListAccountsForParentOutput, error) { if params == nil { params = &ListAccountsForParentInput{} diff --git a/service/organizations/api_op_ListChildren.go b/service/organizations/api_op_ListChildren.go index 7fc789b08b4..af7444c01a9 100644 --- a/service/organizations/api_op_ListChildren.go +++ b/service/organizations/api_op_ListChildren.go @@ -20,7 +20,7 @@ import ( // are more results available. The NextToken response parameter value is null only // when there are no more results to display. This operation can be called only // from the organization's management account or by a member account that is a -// delegated administrator for an AWS service. +// delegated administrator for an Amazon Web Services service. func (c *Client) ListChildren(ctx context.Context, params *ListChildrenInput, optFns ...func(*Options)) (*ListChildrenOutput, error) { if params == nil { params = &ListChildrenInput{} diff --git a/service/organizations/api_op_ListCreateAccountStatus.go b/service/organizations/api_op_ListCreateAccountStatus.go index 85b7843586a..5f4387c1f1f 100644 --- a/service/organizations/api_op_ListCreateAccountStatus.go +++ b/service/organizations/api_op_ListCreateAccountStatus.go @@ -19,7 +19,7 @@ import ( // more results available. The NextToken response parameter value is null only when // there are no more results to display. This operation can be called only from the // organization's management account or by a member account that is a delegated -// administrator for an AWS service. +// administrator for an Amazon Web Services service. func (c *Client) ListCreateAccountStatus(ctx context.Context, params *ListCreateAccountStatusInput, optFns ...func(*Options)) (*ListCreateAccountStatusOutput, error) { if params == nil { params = &ListCreateAccountStatusInput{} diff --git a/service/organizations/api_op_ListDelegatedAdministrators.go b/service/organizations/api_op_ListDelegatedAdministrators.go index ed0ad884c69..eff933c1bee 100644 --- a/service/organizations/api_op_ListDelegatedAdministrators.go +++ b/service/organizations/api_op_ListDelegatedAdministrators.go @@ -12,10 +12,10 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Lists the AWS accounts that are designated as delegated administrators in this -// organization. This operation can be called only from the organization's -// management account or by a member account that is a delegated administrator for -// an AWS service. +// Lists the Amazon Web Services accounts that are designated as delegated +// administrators in this organization. This operation can be called only from the +// organization's management account or by a member account that is a delegated +// administrator for an Amazon Web Services service. func (c *Client) ListDelegatedAdministrators(ctx context.Context, params *ListDelegatedAdministratorsInput, optFns ...func(*Options)) (*ListDelegatedAdministratorsOutput, error) { if params == nil { params = &ListDelegatedAdministratorsInput{} diff --git a/service/organizations/api_op_ListDelegatedServicesForAccount.go b/service/organizations/api_op_ListDelegatedServicesForAccount.go index 08507265fd3..bf1caf3df68 100644 --- a/service/organizations/api_op_ListDelegatedServicesForAccount.go +++ b/service/organizations/api_op_ListDelegatedServicesForAccount.go @@ -12,10 +12,10 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// List the AWS services for which the specified account is a delegated -// administrator. This operation can be called only from the organization's -// management account or by a member account that is a delegated administrator for -// an AWS service. +// List the Amazon Web Services services for which the specified account is a +// delegated administrator. This operation can be called only from the +// organization's management account or by a member account that is a delegated +// administrator for an Amazon Web Services service. func (c *Client) ListDelegatedServicesForAccount(ctx context.Context, params *ListDelegatedServicesForAccountInput, optFns ...func(*Options)) (*ListDelegatedServicesForAccountOutput, error) { if params == nil { params = &ListDelegatedServicesForAccountInput{} diff --git a/service/organizations/api_op_ListHandshakesForAccount.go b/service/organizations/api_op_ListHandshakesForAccount.go index d8d5d8370ae..331c25a3235 100644 --- a/service/organizations/api_op_ListHandshakesForAccount.go +++ b/service/organizations/api_op_ListHandshakesForAccount.go @@ -13,9 +13,9 @@ import ( ) // Lists the current handshakes that are associated with the account of the -// requesting user. Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in -// the results of this API for only 30 days after changing to that state. After -// that, they're deleted and no longer accessible. Always check the NextToken +// requesting user. Handshakes that are ACCEPTED, DECLINED, CANCELED, or EXPIRED +// appear in the results of this API for only 30 days after changing to that state. +// After that, they're deleted and no longer accessible. Always check the NextToken // response parameter for a null value when calling a List* operation. These // operations can occasionally return an empty set of results even when there are // more results available. The NextToken response parameter value is null only when diff --git a/service/organizations/api_op_ListHandshakesForOrganization.go b/service/organizations/api_op_ListHandshakesForOrganization.go index 008e75ceebd..14573156aeb 100644 --- a/service/organizations/api_op_ListHandshakesForOrganization.go +++ b/service/organizations/api_op_ListHandshakesForOrganization.go @@ -15,15 +15,15 @@ import ( // Lists the handshakes that are associated with the organization that the // requesting user is part of. The ListHandshakesForOrganization operation returns // a list of handshake structures. Each structure contains details and status about -// a handshake. Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the -// results of this API for only 30 days after changing to that state. After that, -// they're deleted and no longer accessible. Always check the NextToken response -// parameter for a null value when calling a List* operation. These operations can -// occasionally return an empty set of results even when there are more results -// available. The NextToken response parameter value is null only when there are no -// more results to display. This operation can be called only from the +// a handshake. Handshakes that are ACCEPTED, DECLINED, CANCELED, or EXPIRED appear +// in the results of this API for only 30 days after changing to that state. After +// that, they're deleted and no longer accessible. Always check the NextToken +// response parameter for a null value when calling a List* operation. These +// operations can occasionally return an empty set of results even when there are +// more results available. The NextToken response parameter value is null only when +// there are no more results to display. This operation can be called only from the // organization's management account or by a member account that is a delegated -// administrator for an AWS service. +// administrator for an Amazon Web Services service. func (c *Client) ListHandshakesForOrganization(ctx context.Context, params *ListHandshakesForOrganizationInput, optFns ...func(*Options)) (*ListHandshakesForOrganizationOutput, error) { if params == nil { params = &ListHandshakesForOrganizationInput{} diff --git a/service/organizations/api_op_ListOrganizationalUnitsForParent.go b/service/organizations/api_op_ListOrganizationalUnitsForParent.go index 58e4971e037..ea9d05898ad 100644 --- a/service/organizations/api_op_ListOrganizationalUnitsForParent.go +++ b/service/organizations/api_op_ListOrganizationalUnitsForParent.go @@ -18,7 +18,8 @@ import ( // results even when there are more results available. The NextToken response // parameter value is null only when there are no more results to display. This // operation can be called only from the organization's management account or by a -// member account that is a delegated administrator for an AWS service. +// member account that is a delegated administrator for an Amazon Web Services +// service. func (c *Client) ListOrganizationalUnitsForParent(ctx context.Context, params *ListOrganizationalUnitsForParentInput, optFns ...func(*Options)) (*ListOrganizationalUnitsForParentOutput, error) { if params == nil { params = &ListOrganizationalUnitsForParentInput{} diff --git a/service/organizations/api_op_ListParents.go b/service/organizations/api_op_ListParents.go index beeb174d7eb..5de6859ee97 100644 --- a/service/organizations/api_op_ListParents.go +++ b/service/organizations/api_op_ListParents.go @@ -20,8 +20,8 @@ import ( // when there are more results available. The NextToken response parameter value is // null only when there are no more results to display. This operation can be // called only from the organization's management account or by a member account -// that is a delegated administrator for an AWS service. In the current release, a -// child can have only a single parent. +// that is a delegated administrator for an Amazon Web Services service. In the +// current release, a child can have only a single parent. func (c *Client) ListParents(ctx context.Context, params *ListParentsInput, optFns ...func(*Options)) (*ListParentsOutput, error) { if params == nil { params = &ListParentsInput{} diff --git a/service/organizations/api_op_ListPolicies.go b/service/organizations/api_op_ListPolicies.go index fb41594b9a2..837876bbaa3 100644 --- a/service/organizations/api_op_ListPolicies.go +++ b/service/organizations/api_op_ListPolicies.go @@ -18,7 +18,8 @@ import ( // results even when there are more results available. The NextToken response // parameter value is null only when there are no more results to display. This // operation can be called only from the organization's management account or by a -// member account that is a delegated administrator for an AWS service. +// member account that is a delegated administrator for an Amazon Web Services +// service. func (c *Client) ListPolicies(ctx context.Context, params *ListPoliciesInput, optFns ...func(*Options)) (*ListPoliciesOutput, error) { if params == nil { params = &ListPoliciesInput{} diff --git a/service/organizations/api_op_ListPoliciesForTarget.go b/service/organizations/api_op_ListPoliciesForTarget.go index 7ec44f1cf6b..68c6cb40092 100644 --- a/service/organizations/api_op_ListPoliciesForTarget.go +++ b/service/organizations/api_op_ListPoliciesForTarget.go @@ -20,7 +20,7 @@ import ( // available. The NextToken response parameter value is null only when there are no // more results to display. This operation can be called only from the // organization's management account or by a member account that is a delegated -// administrator for an AWS service. +// administrator for an Amazon Web Services service. func (c *Client) ListPoliciesForTarget(ctx context.Context, params *ListPoliciesForTargetInput, optFns ...func(*Options)) (*ListPoliciesForTargetOutput, error) { if params == nil { params = &ListPoliciesForTargetInput{} diff --git a/service/organizations/api_op_ListRoots.go b/service/organizations/api_op_ListRoots.go index 4bdffc1bbcb..eb794363989 100644 --- a/service/organizations/api_op_ListRoots.go +++ b/service/organizations/api_op_ListRoots.go @@ -18,12 +18,12 @@ import ( // are more results available. The NextToken response parameter value is null only // when there are no more results to display. This operation can be called only // from the organization's management account or by a member account that is a -// delegated administrator for an AWS service. Policy types can be enabled and -// disabled in roots. This is distinct from whether they're available in the -// organization. When you enable all features, you make policy types available for -// use in that organization. Individual policy types can then be enabled and -// disabled in a root. To see the availability of a policy type in an organization, -// use DescribeOrganization. +// delegated administrator for an Amazon Web Services service. Policy types can be +// enabled and disabled in roots. This is distinct from whether they're available +// in the organization. When you enable all features, you make policy types +// available for use in that organization. Individual policy types can then be +// enabled and disabled in a root. To see the availability of a policy type in an +// organization, use DescribeOrganization. func (c *Client) ListRoots(ctx context.Context, params *ListRootsInput, optFns ...func(*Options)) (*ListRootsOutput, error) { if params == nil { params = &ListRootsInput{} diff --git a/service/organizations/api_op_ListTagsForResource.go b/service/organizations/api_op_ListTagsForResource.go index 058e1ad1fc3..8a4815fdf00 100644 --- a/service/organizations/api_op_ListTagsForResource.go +++ b/service/organizations/api_op_ListTagsForResource.go @@ -13,20 +13,21 @@ import ( ) // Lists tags that are attached to the specified resource. You can attach tags to -// the following resources in AWS Organizations. +// the following resources in Organizations. // -// * AWS account +// * Amazon Web Services account // -// * Organization -// root +// * +// Organization root // // * Organizational unit (OU) // // * Policy (any type) // -// This operation can be -// called only from the organization's management account or by a member account -// that is a delegated administrator for an AWS service. +// This +// operation can be called only from the organization's management account or by a +// member account that is a delegated administrator for an Amazon Web Services +// service. func (c *Client) ListTagsForResource(ctx context.Context, params *ListTagsForResourceInput, optFns ...func(*Options)) (*ListTagsForResourceOutput, error) { if params == nil { params = &ListTagsForResourceInput{} @@ -47,17 +48,17 @@ type ListTagsForResourceInput struct { // The ID of the resource with the tags to list. You can specify any of the // following taggable resources. // - // * AWS account – specify the account ID number. + // * Amazon Web Services account – specify the + // account ID number. // - // * - // Organizational unit – specify the OU ID that begins with ou- and looks similar - // to: ou-1a2b-34uvwxyz + // * Organizational unit – specify the OU ID that begins with + // ou- and looks similar to: ou-1a2b-34uvwxyz // - // * Root – specify the root ID that begins with r- and looks - // similar to: r-1a2b + // * Root – specify the root ID that + // begins with r- and looks similar to: r-1a2b // - // * Policy – specify the policy ID that begins with p- - // andlooks similar to: p-12abcdefg3 + // * Policy – specify the policy ID + // that begins with p- andlooks similar to: p-12abcdefg3 // // This member is required. ResourceId *string diff --git a/service/organizations/api_op_ListTargetsForPolicy.go b/service/organizations/api_op_ListTargetsForPolicy.go index f602760d513..6f90822884c 100644 --- a/service/organizations/api_op_ListTargetsForPolicy.go +++ b/service/organizations/api_op_ListTargetsForPolicy.go @@ -18,8 +18,8 @@ import ( // an empty set of results even when there are more results available. The // NextToken response parameter value is null only when there are no more results // to display. This operation can be called only from the organization's management -// account or by a member account that is a delegated administrator for an AWS -// service. +// account or by a member account that is a delegated administrator for an Amazon +// Web Services service. func (c *Client) ListTargetsForPolicy(ctx context.Context, params *ListTargetsForPolicyInput, optFns ...func(*Options)) (*ListTargetsForPolicyOutput, error) { if params == nil { params = &ListTargetsForPolicyInput{} diff --git a/service/organizations/api_op_RegisterDelegatedAdministrator.go b/service/organizations/api_op_RegisterDelegatedAdministrator.go index 71a1af482c5..9de25fb9c7b 100644 --- a/service/organizations/api_op_RegisterDelegatedAdministrator.go +++ b/service/organizations/api_op_RegisterDelegatedAdministrator.go @@ -11,14 +11,14 @@ import ( ) // Enables the specified member account to administer the Organizations features of -// the specified AWS service. It grants read-only access to AWS Organizations -// service data. The account still requires IAM permissions to access and -// administer the AWS service. You can run this action only for AWS services that -// support this feature. For a current list of services that support it, see the -// column Supports Delegated Administrator in the table at AWS Services that you -// can use with AWS Organizations +// the specified Amazon Web Services service. It grants read-only access to +// Organizations service data. The account still requires IAM permissions to access +// and administer the Amazon Web Services service. You can run this action only for +// Amazon Web Services services that support this feature. For a current list of +// services that support it, see the column Supports Delegated Administrator in the +// table at Amazon Web Services Services that you can use with Organizations // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html) -// in the AWS Organizations User Guide. This operation can be called only from the +// in the Organizations User Guide. This operation can be called only from the // organization's management account. func (c *Client) RegisterDelegatedAdministrator(ctx context.Context, params *RegisterDelegatedAdministratorInput, optFns ...func(*Options)) (*RegisterDelegatedAdministratorOutput, error) { if params == nil { @@ -43,8 +43,8 @@ type RegisterDelegatedAdministratorInput struct { // This member is required. AccountId *string - // The service principal of the AWS service for which you want to make the member - // account a delegated administrator. + // The service principal of the Amazon Web Services service for which you want to + // make the member account a delegated administrator. // // This member is required. ServicePrincipal *string diff --git a/service/organizations/api_op_RemoveAccountFromOrganization.go b/service/organizations/api_op_RemoveAccountFromOrganization.go index 3ad68b0cb13..c7b788b35d9 100644 --- a/service/organizations/api_op_RemoveAccountFromOrganization.go +++ b/service/organizations/api_op_RemoveAccountFromOrganization.go @@ -21,27 +21,28 @@ import ( // * You can remove an // account from your organization only if the account is configured with the // information required to operate as a standalone account. When you create an -// account in an organization using the AWS Organizations console, API, or CLI +// account in an organization using the Organizations console, API, or CLI // commands, the information required of standalone accounts is not automatically // collected. For an account that you want to make standalone, you must choose a // support plan, provide and verify the required contact information, and provide a -// current payment method. AWS uses the payment method to charge for any billable -// (not free tier) AWS activity that occurs while the account isn't attached to an -// organization. To remove an account that doesn't yet have this information, you -// must sign in as the member account and follow the steps at To leave an -// organization when all required account information has not yet been provided -// (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) -// in the AWS Organizations User Guide. +// current payment method. Amazon Web Services uses the payment method to charge +// for any billable (not free tier) Amazon Web Services activity that occurs while +// the account isn't attached to an organization. To remove an account that doesn't +// yet have this information, you must sign in as the member account and follow the +// steps at To leave an organization when all required account information has not +// yet been provided +// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) +// in the Organizations User Guide. // -// * The account that you want to leave must -// not be a delegated administrator account for any AWS service enabled for your -// organization. If the account is a delegated administrator, you must first change -// the delegated administrator account to another account that is remaining in the -// organization. +// * The account that you want to leave must not +// be a delegated administrator account for any Amazon Web Services service enabled +// for your organization. If the account is a delegated administrator, you must +// first change the delegated administrator account to another account that is +// remaining in the organization. // -// * After the account leaves the organization, all tags that were -// attached to the account object in the organization are deleted. AWS accounts -// outside of an organization do not support tags. +// * After the account leaves the organization, all +// tags that were attached to the account object in the organization are deleted. +// Amazon Web Services accounts outside of an organization do not support tags. func (c *Client) RemoveAccountFromOrganization(ctx context.Context, params *RemoveAccountFromOrganizationInput, optFns ...func(*Options)) (*RemoveAccountFromOrganizationOutput, error) { if params == nil { params = &RemoveAccountFromOrganizationInput{} diff --git a/service/organizations/api_op_TagResource.go b/service/organizations/api_op_TagResource.go index d5a580b7a81..e7d67618225 100644 --- a/service/organizations/api_op_TagResource.go +++ b/service/organizations/api_op_TagResource.go @@ -12,19 +12,19 @@ import ( ) // Adds one or more tags to the specified resource. Currently, you can attach tags -// to the following resources in AWS Organizations. +// to the following resources in Organizations. // -// * AWS account +// * Amazon Web Services account // -// * Organization -// root +// * +// Organization root // // * Organizational unit (OU) // // * Policy (any type) // -// This operation can be -// called only from the organization's management account. +// This +// operation can be called only from the organization's management account. func (c *Client) TagResource(ctx context.Context, params *TagResourceInput, optFns ...func(*Options)) (*TagResourceOutput, error) { if params == nil { params = &TagResourceInput{} @@ -42,31 +42,28 @@ func (c *Client) TagResource(ctx context.Context, params *TagResourceInput, optF type TagResourceInput struct { - // The ID of the resource to add a tag to. + // The ID of the resource to add a tag to. You can specify any of the following + // taggable resources. // - // This member is required. - ResourceId *string - - // A list of tags to add to the specified resource. You can specify any of the - // following taggable resources. - // - // * AWS account – specify the account ID number. + // * Amazon Web Services account – specify the account ID + // number. // - // * - // Organizational unit – specify the OU ID that begins with ou- and looks similar - // to: ou-1a2b-34uvwxyz + // * Organizational unit – specify the OU ID that begins with ou- and + // looks similar to: ou-1a2b-34uvwxyz // - // * Root – specify the root ID that begins with r- and looks - // similar to: r-1a2b + // * Root – specify the root ID that begins + // with r- and looks similar to: r-1a2b // - // * Policy – specify the policy ID that begins with p- - // andlooks similar to: p-12abcdefg3 + // * Policy – specify the policy ID that + // begins with p- andlooks similar to: p-12abcdefg3 // - // For each tag in the list, you must specify - // both a tag key and a value. You can set the value to an empty string, but you - // can't set it to null. If any one of the tags is invalid or if you exceed the - // allowed number of tags for an account user, then the entire request fails and - // the account is not created. + // This member is required. + ResourceId *string + + // A list of tags to add to the specified resource. For each tag in the list, you + // must specify both a tag key and a value. The value can be an empty string, but + // you can't set it to null. If any one of the tags is invalid or if you exceed the + // maximum allowed number of tags for a resource, then the entire request fails. // // This member is required. Tags []types.Tag diff --git a/service/organizations/api_op_UntagResource.go b/service/organizations/api_op_UntagResource.go index d5a530b3208..5ac5269620e 100644 --- a/service/organizations/api_op_UntagResource.go +++ b/service/organizations/api_op_UntagResource.go @@ -11,19 +11,20 @@ import ( ) // Removes any tags with the specified keys from the specified resource. You can -// attach tags to the following resources in AWS Organizations. +// attach tags to the following resources in Organizations. // -// * AWS account +// * Amazon Web Services +// account // -// * -// Organization root +// * Organization root // // * Organizational unit (OU) // -// * Policy (any type) +// * Policy (any +// type) // -// This -// operation can be called only from the organization's management account. +// This operation can be called only from the organization's management +// account. func (c *Client) UntagResource(ctx context.Context, params *UntagResourceInput, optFns ...func(*Options)) (*UntagResourceOutput, error) { if params == nil { params = &UntagResourceInput{} @@ -44,17 +45,17 @@ type UntagResourceInput struct { // The ID of the resource to remove a tag from. You can specify any of the // following taggable resources. // - // * AWS account – specify the account ID number. + // * Amazon Web Services account – specify the + // account ID number. // - // * - // Organizational unit – specify the OU ID that begins with ou- and looks similar - // to: ou-1a2b-34uvwxyz + // * Organizational unit – specify the OU ID that begins with + // ou- and looks similar to: ou-1a2b-34uvwxyz // - // * Root – specify the root ID that begins with r- and looks - // similar to: r-1a2b + // * Root – specify the root ID that + // begins with r- and looks similar to: r-1a2b // - // * Policy – specify the policy ID that begins with p- - // andlooks similar to: p-12abcdefg3 + // * Policy – specify the policy ID + // that begins with p- andlooks similar to: p-12abcdefg3 // // This member is required. ResourceId *string diff --git a/service/organizations/api_op_UpdatePolicy.go b/service/organizations/api_op_UpdatePolicy.go index eeac794df22..1be6d498cbb 100644 --- a/service/organizations/api_op_UpdatePolicy.go +++ b/service/organizations/api_op_UpdatePolicy.go @@ -44,7 +44,7 @@ type UpdatePolicyInput struct { // formatted JSON that complies with the syntax for the policy's type. For more // information, see Service Control Policy Syntax // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html) - // in the AWS Organizations User Guide. + // in the Organizations User Guide. Content *string // If provided, the new description for the policy. diff --git a/service/organizations/deserializers.go b/service/organizations/deserializers.go index 89915c49e65..55a037411f8 100644 --- a/service/organizations/deserializers.go +++ b/service/organizations/deserializers.go @@ -418,6 +418,125 @@ func awsAwsjson11_deserializeOpErrorCancelHandshake(response *smithyhttp.Respons } } +type awsAwsjson11_deserializeOpCloseAccount struct { +} + +func (*awsAwsjson11_deserializeOpCloseAccount) ID() string { + return "OperationDeserializer" +} + +func (m *awsAwsjson11_deserializeOpCloseAccount) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( + out middleware.DeserializeOutput, metadata middleware.Metadata, err error, +) { + out, metadata, err = next.HandleDeserialize(ctx, in) + if err != nil { + return out, metadata, err + } + + response, ok := out.RawResponse.(*smithyhttp.Response) + if !ok { + return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)} + } + + if response.StatusCode < 200 || response.StatusCode >= 300 { + return out, metadata, awsAwsjson11_deserializeOpErrorCloseAccount(response, &metadata) + } + output := &CloseAccountOutput{} + out.Result = output + + if _, err = io.Copy(ioutil.Discard, response.Body); err != nil { + return out, metadata, &smithy.DeserializationError{ + Err: fmt.Errorf("failed to discard response body, %w", err), + } + } + + return out, metadata, err +} + +func awsAwsjson11_deserializeOpErrorCloseAccount(response *smithyhttp.Response, metadata *middleware.Metadata) error { + var errorBuffer bytes.Buffer + if _, err := io.Copy(&errorBuffer, response.Body); err != nil { + return &smithy.DeserializationError{Err: fmt.Errorf("failed to copy error response body, %w", err)} + } + errorBody := bytes.NewReader(errorBuffer.Bytes()) + + errorCode := "UnknownError" + errorMessage := errorCode + + code := response.Header.Get("X-Amzn-ErrorType") + if len(code) != 0 { + errorCode = restjson.SanitizeErrorCode(code) + } + + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + code, message, err := restjson.GetErrorInfo(decoder) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + errorBody.Seek(0, io.SeekStart) + if len(code) != 0 { + errorCode = restjson.SanitizeErrorCode(code) + } + if len(message) != 0 { + errorMessage = message + } + + switch { + case strings.EqualFold("AWSOrganizationsNotInUseException", errorCode): + return awsAwsjson11_deserializeErrorAWSOrganizationsNotInUseException(response, errorBody) + + case strings.EqualFold("AccessDeniedException", errorCode): + return awsAwsjson11_deserializeErrorAccessDeniedException(response, errorBody) + + case strings.EqualFold("AccountAlreadyClosedException", errorCode): + return awsAwsjson11_deserializeErrorAccountAlreadyClosedException(response, errorBody) + + case strings.EqualFold("AccountNotFoundException", errorCode): + return awsAwsjson11_deserializeErrorAccountNotFoundException(response, errorBody) + + case strings.EqualFold("ConcurrentModificationException", errorCode): + return awsAwsjson11_deserializeErrorConcurrentModificationException(response, errorBody) + + case strings.EqualFold("ConflictException", errorCode): + return awsAwsjson11_deserializeErrorConflictException(response, errorBody) + + case strings.EqualFold("ConstraintViolationException", errorCode): + return awsAwsjson11_deserializeErrorConstraintViolationException(response, errorBody) + + case strings.EqualFold("InvalidInputException", errorCode): + return awsAwsjson11_deserializeErrorInvalidInputException(response, errorBody) + + case strings.EqualFold("ServiceException", errorCode): + return awsAwsjson11_deserializeErrorServiceException(response, errorBody) + + case strings.EqualFold("TooManyRequestsException", errorCode): + return awsAwsjson11_deserializeErrorTooManyRequestsException(response, errorBody) + + case strings.EqualFold("UnsupportedAPIEndpointException", errorCode): + return awsAwsjson11_deserializeErrorUnsupportedAPIEndpointException(response, errorBody) + + default: + genericError := &smithy.GenericAPIError{ + Code: errorCode, + Message: errorMessage, + } + return genericError + + } +} + type awsAwsjson11_deserializeOpCreateAccount struct { } @@ -6517,6 +6636,41 @@ func awsAwsjson11_deserializeErrorAccessDeniedForDependencyException(response *s return output } +func awsAwsjson11_deserializeErrorAccountAlreadyClosedException(response *smithyhttp.Response, errorBody *bytes.Reader) error { + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + var shape interface{} + if err := decoder.Decode(&shape); err != nil && err != io.EOF { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + output := &types.AccountAlreadyClosedException{} + err := awsAwsjson11_deserializeDocumentAccountAlreadyClosedException(&output, shape) + + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + errorBody.Seek(0, io.SeekStart) + return output +} + func awsAwsjson11_deserializeErrorAccountAlreadyRegisteredException(response *smithyhttp.Response, errorBody *bytes.Reader) error { var buff [1024]byte ringBuffer := smithyio.NewRingBuffer(buff[:]) @@ -6797,6 +6951,41 @@ func awsAwsjson11_deserializeErrorConcurrentModificationException(response *smit return output } +func awsAwsjson11_deserializeErrorConflictException(response *smithyhttp.Response, errorBody *bytes.Reader) error { + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + var shape interface{} + if err := decoder.Decode(&shape); err != nil && err != io.EOF { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + output := &types.ConflictException{} + err := awsAwsjson11_deserializeDocumentConflictException(&output, shape) + + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + errorBody.Seek(0, io.SeekStart) + return output +} + func awsAwsjson11_deserializeErrorConstraintViolationException(response *smithyhttp.Response, errorBody *bytes.Reader) error { var buff [1024]byte ringBuffer := smithyio.NewRingBuffer(buff[:]) @@ -8177,6 +8366,46 @@ func awsAwsjson11_deserializeDocumentAccount(v **types.Account, value interface{ return nil } +func awsAwsjson11_deserializeDocumentAccountAlreadyClosedException(v **types.AccountAlreadyClosedException, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.AccountAlreadyClosedException + if *v == nil { + sv = &types.AccountAlreadyClosedException{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "Message": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected ExceptionMessage to be of type string, got %T instead", value) + } + sv.Message = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + func awsAwsjson11_deserializeDocumentAccountAlreadyRegisteredException(v **types.AccountAlreadyRegisteredException, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) @@ -8614,6 +8843,46 @@ func awsAwsjson11_deserializeDocumentConcurrentModificationException(v **types.C return nil } +func awsAwsjson11_deserializeDocumentConflictException(v **types.ConflictException, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.ConflictException + if *v == nil { + sv = &types.ConflictException{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "Message": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected ExceptionMessage to be of type string, got %T instead", value) + } + sv.Message = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + func awsAwsjson11_deserializeDocumentConstraintViolationException(v **types.ConstraintViolationException, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) @@ -8698,7 +8967,7 @@ func awsAwsjson11_deserializeDocumentCreateAccountStatus(v **types.CreateAccount if value != nil { jtv, ok := value.(string) if !ok { - return fmt.Errorf("expected AccountName to be of type string, got %T instead", value) + return fmt.Errorf("expected CreateAccountName to be of type string, got %T instead", value) } sv.AccountName = ptr.String(jtv) } diff --git a/service/organizations/doc.go b/service/organizations/doc.go index 448d5bb14fc..bad1575dc0a 100644 --- a/service/organizations/doc.go +++ b/service/organizations/doc.go @@ -3,50 +3,51 @@ // Package organizations provides the API client, operations, and parameter types // for AWS Organizations. // -// AWS Organizations is a web service that enables you to consolidate your multiple -// AWS accounts into an organization and centrally manage your accounts and their -// resources. This guide provides descriptions of the Organizations operations. For -// more information about using this service, see the AWS Organizations User Guide -// (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html). -// Support and feedback for AWS Organizations We welcome your feedback. Send your +// Organizations is a web service that enables you to consolidate your multiple +// Amazon Web Services accounts into an organization and centrally manage your +// accounts and their resources. This guide provides descriptions of the +// Organizations operations. For more information about using this service, see the +// Organizations User Guide +// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html). +// Support and feedback for Organizations We welcome your feedback. Send your // comments to feedback-awsorganizations@amazon.com // (mailto:feedback-awsorganizations@amazon.com) or post your feedback and -// questions in the AWS Organizations support forum +// questions in the Organizations support forum // (http://forums.aws.amazon.com/forum.jspa?forumID=219). For more information -// about the AWS support forums, see Forums Help -// (http://forums.aws.amazon.com/help.jspa). Endpoint to call When using the AWS -// CLI or the AWS SDK For the current release of Organizations, specify the -// us-east-1 region for all AWS API and AWS CLI calls made from the commercial AWS -// Regions outside of China. If calling from one of the AWS Regions in China, then -// specify cn-northwest-1. You can do this in the AWS CLI by using these parameters -// and commands: +// about the Amazon Web Services support forums, see Forums Help +// (http://forums.aws.amazon.com/help.jspa). Endpoint to call When using the CLI or +// the Amazon Web Services SDK For the current release of Organizations, specify +// the us-east-1 region for all Amazon Web Services API and CLI calls made from the +// commercial Amazon Web Services Regions outside of China. If calling from one of +// the Amazon Web Services Regions in China, then specify cn-northwest-1. You can +// do this in the CLI by using these parameters and commands: // -// * Use the following parameter with each command to specify both -// the endpoint and its region: --endpoint-url -// https://organizations.us-east-1.amazonaws.com (from commercial AWS Regions -// outside of China) or --endpoint-url -// https://organizations.cn-northwest-1.amazonaws.com.cn (from AWS Regions in -// China) -// -// * Use the default endpoint, but configure your default region with this -// command: aws configure set default.region us-east-1 (from commercial AWS Regions -// outside of China) or aws configure set default.region cn-northwest-1 (from AWS +// * Use the following +// parameter with each command to specify both the endpoint and its region: +// --endpoint-url https://organizations.us-east-1.amazonaws.com (from commercial +// Amazon Web Services Regions outside of China) or --endpoint-url +// https://organizations.cn-northwest-1.amazonaws.com.cn (from Amazon Web Services // Regions in China) // -// * Use the following parameter with each command to specify -// the endpoint: --region us-east-1 (from commercial AWS Regions outside of China) -// or --region cn-northwest-1 (from AWS Regions in China) +// * Use the default endpoint, but configure your default region +// with this command: aws configure set default.region us-east-1 (from commercial +// Amazon Web Services Regions outside of China) or aws configure set +// default.region cn-northwest-1 (from Amazon Web Services Regions in China) +// +// * Use +// the following parameter with each command to specify the endpoint: --region +// us-east-1 (from commercial Amazon Web Services Regions outside of China) or +// --region cn-northwest-1 (from Amazon Web Services Regions in China) // -// Recording API Requests -// AWS Organizations supports AWS CloudTrail, a service that records AWS API calls -// for your AWS account and delivers log files to an Amazon S3 bucket. By using -// information collected by AWS CloudTrail, you can determine which requests the -// Organizations service received, who made the request and when, and so on. For -// more about AWS Organizations and its support for AWS CloudTrail, see Logging AWS -// Organizations Events with AWS CloudTrail +// Recording +// API Requests Organizations supports CloudTrail, a service that records Amazon +// Web Services API calls for your Amazon Web Services account and delivers log +// files to an Amazon S3 bucket. By using information collected by CloudTrail, you +// can determine which requests the Organizations service received, who made the +// request and when, and so on. For more about Organizations and its support for +// CloudTrail, see Logging Organizations Events with CloudTrail // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_incident-response.html#orgs_cloudtrail-integration) -// in the AWS Organizations User Guide. To learn more about AWS CloudTrail, -// including how to turn it on and find your log files, see the AWS CloudTrail User -// Guide -// (http://docs.aws.amazon.com/awscloudtrail/latest/userguide/what_is_cloud_trail_top_level.html). +// in the Organizations User Guide. To learn more about CloudTrail, including how +// to turn it on and find your log files, see the CloudTrail User Guide +// (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/what_is_cloud_trail_top_level.html). package organizations diff --git a/service/organizations/generated.json b/service/organizations/generated.json index 66191201b47..a3c55e63d49 100644 --- a/service/organizations/generated.json +++ b/service/organizations/generated.json @@ -11,6 +11,7 @@ "api_op_AcceptHandshake.go", "api_op_AttachPolicy.go", "api_op_CancelHandshake.go", + "api_op_CloseAccount.go", "api_op_CreateAccount.go", "api_op_CreateGovCloudAccount.go", "api_op_CreateOrganization.go", diff --git a/service/organizations/serializers.go b/service/organizations/serializers.go index a9c84b78e5a..2bef84da44d 100644 --- a/service/organizations/serializers.go +++ b/service/organizations/serializers.go @@ -181,6 +181,61 @@ func (m *awsAwsjson11_serializeOpCancelHandshake) HandleSerialize(ctx context.Co return next.HandleSerialize(ctx, in) } +type awsAwsjson11_serializeOpCloseAccount struct { +} + +func (*awsAwsjson11_serializeOpCloseAccount) ID() string { + return "OperationSerializer" +} + +func (m *awsAwsjson11_serializeOpCloseAccount) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( + out middleware.SerializeOutput, metadata middleware.Metadata, err error, +) { + request, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)} + } + + input, ok := in.Parameters.(*CloseAccountInput) + _ = input + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)} + } + + operationPath := "/" + if len(request.Request.URL.Path) == 0 { + request.Request.URL.Path = operationPath + } else { + request.Request.URL.Path = path.Join(request.Request.URL.Path, operationPath) + if request.Request.URL.Path != "/" && operationPath[len(operationPath)-1] == '/' { + request.Request.URL.Path += "/" + } + } + request.Request.Method = "POST" + httpBindingEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header) + if err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + httpBindingEncoder.SetHeader("Content-Type").String("application/x-amz-json-1.1") + httpBindingEncoder.SetHeader("X-Amz-Target").String("AWSOrganizationsV20161128.CloseAccount") + + jsonEncoder := smithyjson.NewEncoder() + if err := awsAwsjson11_serializeOpDocumentCloseAccountInput(input, jsonEncoder.Value); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request, err = request.SetStream(bytes.NewReader(jsonEncoder.Bytes())); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request.Request, err = httpBindingEncoder.Encode(request.Request); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + in.Request = request + + return next.HandleSerialize(ctx, in) +} + type awsAwsjson11_serializeOpCreateAccount struct { } @@ -2932,6 +2987,18 @@ func awsAwsjson11_serializeOpDocumentCancelHandshakeInput(v *CancelHandshakeInpu return nil } +func awsAwsjson11_serializeOpDocumentCloseAccountInput(v *CloseAccountInput, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + if v.AccountId != nil { + ok := object.Key("AccountId") + ok.String(*v.AccountId) + } + + return nil +} + func awsAwsjson11_serializeOpDocumentCreateAccountInput(v *CreateAccountInput, value smithyjson.Value) error { object := value.Object() defer object.Close() diff --git a/service/organizations/types/enums.go b/service/organizations/types/enums.go index 383d443f8a0..ac4479dd09d 100644 --- a/service/organizations/types/enums.go +++ b/service/organizations/types/enums.go @@ -41,8 +41,9 @@ type AccountStatus string // Enum values for AccountStatus const ( - AccountStatusActive AccountStatus = "ACTIVE" - AccountStatusSuspended AccountStatus = "SUSPENDED" + AccountStatusActive AccountStatus = "ACTIVE" + AccountStatusSuspended AccountStatus = "SUSPENDED" + AccountStatusPendingClosure AccountStatus = "PENDING_CLOSURE" ) // Values returns all known values for AccountStatus. Note that this can be @@ -52,6 +53,7 @@ func (AccountStatus) Values() []AccountStatus { return []AccountStatus{ "ACTIVE", "SUSPENDED", + "PENDING_CLOSURE", } } @@ -127,6 +129,10 @@ const ( ConstraintViolationExceptionReasonCannotRemoveDelegatedAdministratorFromOrg ConstraintViolationExceptionReason = "CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG" ConstraintViolationExceptionReasonDelegatedAdministratorExistsForThisService ConstraintViolationExceptionReason = "DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE" ConstraintViolationExceptionReasonMasterAccountMissingBusinessLicense ConstraintViolationExceptionReason = "MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE" + ConstraintViolationExceptionReasonCannotCloseManagementAccount ConstraintViolationExceptionReason = "CANNOT_CLOSE_MANAGEMENT_ACCOUNT" + ConstraintViolationExceptionReasonCloseAccountQuotaExceeded ConstraintViolationExceptionReason = "CLOSE_ACCOUNT_QUOTA_EXCEEDED" + ConstraintViolationExceptionReasonCloseAccountRequestsLimitExceeded ConstraintViolationExceptionReason = "CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED" + ConstraintViolationExceptionReasonServiceAccessNotEnabled ConstraintViolationExceptionReason = "SERVICE_ACCESS_NOT_ENABLED" ) // Values returns all known values for ConstraintViolationExceptionReason. Note @@ -163,6 +169,10 @@ func (ConstraintViolationExceptionReason) Values() []ConstraintViolationExceptio "CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG", "DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE", "MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE", + "CANNOT_CLOSE_MANAGEMENT_ACCOUNT", + "CLOSE_ACCOUNT_QUOTA_EXCEEDED", + "CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED", + "SERVICE_ACCESS_NOT_ENABLED", } } @@ -259,6 +269,7 @@ const ( HandshakeConstraintViolationExceptionReasonPaymentInstrumentRequired HandshakeConstraintViolationExceptionReason = "PAYMENT_INSTRUMENT_REQUIRED" HandshakeConstraintViolationExceptionReasonOrganizationFromDifferentSellerOfRecord HandshakeConstraintViolationExceptionReason = "ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD" HandshakeConstraintViolationExceptionReasonOrganizationMembershipChangeRateLimitExceeded HandshakeConstraintViolationExceptionReason = "ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED" + HandshakeConstraintViolationExceptionReasonManagementAccountEmailNotVerified HandshakeConstraintViolationExceptionReason = "MANAGEMENT_ACCOUNT_EMAIL_NOT_VERIFIED" ) // Values returns all known values for HandshakeConstraintViolationExceptionReason. @@ -276,6 +287,7 @@ func (HandshakeConstraintViolationExceptionReason) Values() []HandshakeConstrain "PAYMENT_INSTRUMENT_REQUIRED", "ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD", "ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED", + "MANAGEMENT_ACCOUNT_EMAIL_NOT_VERIFIED", } } diff --git a/service/organizations/types/errors.go b/service/organizations/types/errors.go index b23a6239a43..a2d6d9b4e0c 100644 --- a/service/organizations/types/errors.go +++ b/service/organizations/types/errors.go @@ -32,8 +32,8 @@ func (e *AccessDeniedException) ErrorFault() smithy.ErrorFault { return smithy.F // The operation that you attempted requires you to have the // iam:CreateServiceLinkedRole for organizations.amazonaws.com permission so that -// AWS Organizations can create the required service-linked role. You don't have -// that permission. +// Organizations can create the required service-linked role. You don't have that +// permission. type AccessDeniedForDependencyException struct { Message *string @@ -58,7 +58,27 @@ func (e *AccessDeniedForDependencyException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } -// The specified account is already a delegated administrator for this AWS service. +// You attempted to close an account that is already closed. +type AccountAlreadyClosedException struct { + Message *string + + noSmithyDocumentSerde +} + +func (e *AccountAlreadyClosedException) Error() string { + return fmt.Sprintf("%s: %s", e.ErrorCode(), e.ErrorMessage()) +} +func (e *AccountAlreadyClosedException) ErrorMessage() string { + if e.Message == nil { + return "" + } + return *e.Message +} +func (e *AccountAlreadyClosedException) ErrorCode() string { return "AccountAlreadyClosedException" } +func (e *AccountAlreadyClosedException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } + +// The specified account is already a delegated administrator for this Amazon Web +// Services service. type AccountAlreadyRegisteredException struct { Message *string @@ -79,9 +99,9 @@ func (e *AccountAlreadyRegisteredException) ErrorCode() string { } func (e *AccountAlreadyRegisteredException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } -// We can't find an AWS account with the AccountId that you specified, or the -// account whose credentials you used to make this request isn't a member of an -// organization. +// We can't find an Amazon Web Services account with the AccountId that you +// specified, or the account whose credentials you used to make this request isn't +// a member of an organization. type AccountNotFoundException struct { Message *string @@ -100,7 +120,8 @@ func (e *AccountNotFoundException) ErrorMessage() string { func (e *AccountNotFoundException) ErrorCode() string { return "AccountNotFoundException" } func (e *AccountNotFoundException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } -// The specified account is not a delegated administrator for this AWS service. +// The specified account is not a delegated administrator for this Amazon Web +// Services service. type AccountNotRegisteredException struct { Message *string @@ -122,8 +143,8 @@ func (e *AccountNotRegisteredException) ErrorFault() smithy.ErrorFault { return // You can't invite an existing account to your organization until you verify that // you own the email address associated with the management account. For more // information, see Email Address Verification -// (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_create.html#about-email-verification) -// in the AWS Organizations User Guide. +// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_create.html#about-email-verification) +// in the Organizations User Guide. type AccountOwnerNotVerifiedException struct { Message *string @@ -186,8 +207,8 @@ func (e *AWSOrganizationsNotInUseException) ErrorCode() string { } func (e *AWSOrganizationsNotInUseException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } -// We can't find an organizational unit (OU) or AWS account with the ChildId that -// you specified. +// We can't find an organizational unit (OU) or Amazon Web Services account with +// the ChildId that you specified. type ChildNotFoundException struct { Message *string @@ -228,6 +249,26 @@ func (e *ConcurrentModificationException) ErrorCode() string { } func (e *ConcurrentModificationException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } +// The request failed because it conflicts with the current state of the specified +// resource. +type ConflictException struct { + Message *string + + noSmithyDocumentSerde +} + +func (e *ConflictException) Error() string { + return fmt.Sprintf("%s: %s", e.ErrorCode(), e.ErrorMessage()) +} +func (e *ConflictException) ErrorMessage() string { + if e.Message == nil { + return "" + } + return *e.Message +} +func (e *ConflictException) ErrorCode() string { return "ConflictException" } +func (e *ConflictException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } + // Performing this operation violates a minimum or maximum value limit. For // example, attempting to remove the last service control policy (SCP) from an OU // or root, inviting or creating too many accounts to the organization, or @@ -241,65 +282,59 @@ func (e *ConcurrentModificationException) ErrorFault() smithy.ErrorFault { retur // account. Instead, after you remove all member accounts, delete the organization // itself. // -// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account -// from the organization that doesn't yet have enough information to exist as a -// standalone account. This account requires you to first agree to the AWS Customer -// Agreement. Follow the steps at Removing a member account from your organization -// (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in -// the AWS Organizations User Guide. -// -// * -// ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an -// account from the organization that doesn't yet have enough information to exist -// as a standalone account. This account requires you to first complete phone -// verification. Follow the steps at Removing a member account from your +// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to +// remove an account from the organization that doesn't yet have enough information +// to exist as a standalone account. This account requires you to first complete +// phone verification. Follow the steps at Removing a member account from your // organization -// (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) -// in the AWS Organizations User Guide. +// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) +// in the Organizations User Guide. // -// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: -// You attempted to exceed the number of accounts that you can create in one -// day. +// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You +// attempted to exceed the number of accounts that you can create in one day. // -// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the -// number of accounts in an organization. If you need more accounts, contact AWS -// Support (https://console.aws.amazon.com/support/home#/) to request an increase -// in your limit. Or the number of invitations that you tried to send would cause -// you to exceed the limit of accounts in your organization. Send fewer invitations -// or contact AWS Support to request an increase in the number of accounts. Deleted -// and closed accounts still count toward your limit. If you get this exception -// when running a command immediately after creating the organization, wait one -// hour and try again. After an hour, if the command continues to fail with this -// error, contact AWS Support (https://console.aws.amazon.com/support/home#/). +// * +// ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number +// of accounts in an organization. If you need more accounts, contact Amazon Web +// Services Support (https://docs.aws.amazon.com/support/home#/) to request an +// increase in your limit. Or the number of invitations that you tried to send +// would cause you to exceed the limit of accounts in your organization. Send fewer +// invitations or contact Amazon Web Services Support to request an increase in the +// number of accounts. Deleted and closed accounts still count toward your limit. +// If you get this exception when running a command immediately after creating the +// organization, wait one hour and try again. After an hour, if the command +// continues to fail with this error, contact Amazon Web Services Support +// (https://docs.aws.amazon.com/support/home#/). // // * // CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the -// management account of the organization as a delegated administrator for an AWS -// service integrated with Organizations. You can designate only a member account -// as a delegated administrator. +// management account of the organization as a delegated administrator for an +// Amazon Web Services service integrated with Organizations. You can designate +// only a member account as a delegated administrator. // -// * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: -// You attempted to remove an account that is registered as a delegated -// administrator for a service integrated with your organization. To complete this -// operation, you must first deregister this account as a delegated -// administrator. -// -// * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To -// create an organization in the specified region, you must enable all features -// mode. +// * +// CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an +// account that is registered as a delegated administrator for a service integrated +// with your organization. To complete this operation, you must first deregister +// this account as a delegated administrator. // -// * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to -// register an AWS account as a delegated administrator for an AWS service that -// already has a delegated administrator. To complete this operation, you must -// first deregister any existing delegated administrators for this service. +// * +// CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an +// organization in the specified region, you must enable all features mode. // // * -// EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a -// limited period of time. You must resubmit the request and generate a new -// verfication code. +// DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an +// Amazon Web Services account as a delegated administrator for an Amazon Web +// Services service that already has a delegated administrator. To complete this +// operation, you must first deregister any existing delegated administrators for +// this service. +// +// * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is +// only valid for a limited period of time. You must resubmit the request and +// generate a new verfication code. // -// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the -// number of handshakes that you can send in one day. +// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted +// to exceed the number of handshakes that you can send in one day. // // * // MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this @@ -309,29 +344,29 @@ func (e *ConcurrentModificationException) ErrorFault() smithy.ErrorFault { retur // marketplace. All accounts in an organization must be associated with the same // marketplace. // -// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS -// Regions in China. To create an organization, the master must have a valid -// business license. For more information, contact customer support. +// * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the +// Amazon Web Services /> Regions in China. To create an organization, the master +// must have a valid business license. For more information, contact customer +// support. // -// * -// MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first -// provide a valid contact address and phone number for the management account. -// Then try the operation again. +// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you +// must first provide a valid contact address and phone number for the management +// account. Then try the operation again. // -// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To -// complete this operation, the management account must have an associated account -// in the AWS GovCloud (US-West) Region. For more information, see AWS -// Organizations -// (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) -// in the AWS GovCloud User Guide. +// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: +// To complete this operation, the management account must have an associated +// account in the Amazon Web Services GovCloud (US-West) Region. For more +// information, see Organizations +// (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) +// in the Amazon Web Services GovCloud User Guide. // -// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: -// To create an organization with this management account, you first must associate -// a valid payment instrument, such as a credit card, with the account. Follow the -// steps at To leave an organization when all required account information has not -// yet been provided -// (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) -// in the AWS Organizations User Guide. +// * +// MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this +// management account, you first must associate a valid payment instrument, such as +// a credit card, with the account. Follow the steps at To leave an organization +// when all required account information has not yet been provided +// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) +// in the Organizations User Guide. // // * // MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to @@ -350,36 +385,44 @@ func (e *ConcurrentModificationException) ErrorFault() smithy.ErrorFault { retur // valid payment instrument, such as a credit card, with the account. Follow the // steps at To leave an organization when all required account information has not // yet been provided -// (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) -// in the AWS Organizations User Guide. +// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) +// in the Organizations User Guide. +// +// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: +// You attempted to detach a policy from an entity that would cause the entity to +// have fewer than the minimum number of policies of a certain type required. // // * -// MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from -// an entity that would cause the entity to have fewer than the minimum number of -// policies of a certain type required. +// ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation +// that requires the organization to be configured to support all features. An +// organization that supports only consolidated billing features can't perform this +// operation. // -// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: -// You attempted to perform an operation that requires the organization to be -// configured to support all features. An organization that supports only -// consolidated billing features can't perform this operation. +// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that +// is too many levels deep. +// +// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed +// the number of OUs that you can have in an organization. // // * -// OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many -// levels deep. +// POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger +// than the maximum size. // -// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of -// OUs that you can have in an organization. +// * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed +// the number of policies that you can have in an organization. // -// * POLICY_CONTENT_LIMIT_EXCEEDED: You -// attempted to create a policy that is larger than the maximum size. +// * +// SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator +// before you enabled service access. Call the EnableAWSServiceAccess API first. // // * -// POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies -// that you can have in an organization. +// TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags +// that are not compliant with the tag policy requirements for this account. // -// * TAG_POLICY_VIOLATION: You attempted to -// create or update a resource with tags that are not compliant with the tag policy -// requirements for this account. +// * +// WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a +// waiting period before you can remove it from the organization. If you get an +// error that indicates that a wait period is required, try again in a few days. type ConstraintViolationException struct { Message *string @@ -579,9 +622,9 @@ func (e *EffectivePolicyNotFoundException) ErrorCode() string { } func (e *EffectivePolicyNotFoundException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } -// AWS Organizations couldn't perform the operation because your organization -// hasn't finished initializing. This can take up to an hour. Try again later. If -// after one hour you continue to receive this error, contact AWS Support +// Organizations couldn't perform the operation because your organization hasn't +// finished initializing. This can take up to an hour. Try again later. If after +// one hour you continue to receive this error, contact Amazon Web Services Support // (https://console.aws.amazon.com/support/home#/). type FinalizingOrganizationException struct { Message *string @@ -633,24 +676,25 @@ func (e *HandshakeAlreadyInStateException) ErrorFault() smithy.ErrorFault { retu // exceed the limit on the number of accounts in an organization. Note that deleted // and closed accounts still count toward your limit. If you get this exception // immediately after creating the organization, wait one hour and try again. If -// after an hour it continues to fail with this error, contact AWS Support -// (https://console.aws.amazon.com/support/home#/). -// -// * ALREADY_IN_AN_ORGANIZATION: -// The handshake request is invalid because the invited account is already a member -// of an organization. +// after an hour it continues to fail with this error, contact Amazon Web Services +// Support (https://docs.aws.amazon.com/support/home#/). // -// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed -// the number of handshakes that you can send in one day. +// * +// ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because the invited +// account is already a member of an organization. // // * -// INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations to -// join an organization while it's in the process of enabling all features. You can -// resume inviting accounts after you finalize the process when all accounts have -// agreed to the change. +// HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes +// that you can send in one day. // -// * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake -// request is invalid because the organization has already enabled all features. +// * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You +// can't issue new invitations to join an organization while it's in the process of +// enabling all features. You can resume inviting accounts after you finalize the +// process when all accounts have agreed to the change. +// +// * +// ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid because +// the organization has already enabled all features. // // * // ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake request is @@ -747,81 +791,81 @@ func (e *InvalidHandshakeTransitionException) ErrorFault() smithy.ErrorFault { // DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same // entity. // -// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and -// can't be modified. -// -// * INPUT_REQUIRED: You must include a value for all required -// parameters. -// -// * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email -// address for the invited account owner. +// * IMMUTABLE_POLICY: You specified a policy that is managed by Amazon +// Web Services and can't be modified. // -// * INVALID_ENUM: You specified an invalid -// value. +// * INPUT_REQUIRED: You must include a value +// for all required parameters. // -// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type -// string. +// * INVALID_EMAIL_ADDRESS_TARGET: You specified an +// invalid email address for the invited account owner. // -// * INVALID_FULL_NAME_TARGET: You specified a full name that contains -// invalid characters. +// * INVALID_ENUM: You +// specified an invalid value. // -// * INVALID_LIST_MEMBER: You provided a list to a parameter -// that contains at least one invalid value. +// * INVALID_ENUM_POLICY_TYPE: You specified an +// invalid policy type string. // -// * INVALID_PAGINATION_TOKEN: Get the -// value for the NextToken parameter from the response to a previous call of the -// operation. +// * INVALID_FULL_NAME_TARGET: You specified a full +// name that contains invalid characters. // -// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity -// (account, organization, or email) as a party. +// * INVALID_LIST_MEMBER: You provided a +// list to a parameter that contains at least one invalid value. // -// * INVALID_PATTERN: You provided a -// value that doesn't match the required pattern. +// * +// INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the +// response to a previous call of the operation. // -// * INVALID_PATTERN_TARGET_ID: You -// specified a policy target ID that doesn't match the required pattern. +// * INVALID_PARTY_TYPE_TARGET: You +// specified the wrong type of entity (account, organization, or email) as a +// party. // -// * -// INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't -// begin with the reserved prefix AWSServiceRoleFor. +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. // -// * -// INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name -// (ARN) for the organization. +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that +// doesn't match the required pattern. // -// * INVALID_SYNTAX_POLICY_ID: You specified an -// invalid policy ID. +// * INVALID_ROLE_NAME: You provided a role +// name that isn't valid. A role name can't begin with the reserved prefix +// AWSServiceRoleFor. // -// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key -// that is a system tag. You can’t add, edit, or delete system tag keys because -// they're reserved for AWS use. System tags don’t count against your tags per -// resource limit. +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid +// Amazon Resource Name (ARN) for the organization. // -// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter -// parameter for the operation. +// * INVALID_SYNTAX_POLICY_ID: +// You specified an invalid policy ID. // -// * MAX_LENGTH_EXCEEDED: You provided a string -// parameter that is longer than allowed. +// * INVALID_SYSTEM_TAGS_PARAMETER: You +// specified a tag key that is a system tag. You can’t add, edit, or delete system +// tag keys because they're reserved for Amazon Web Services use. System tags don’t +// count against your tags per resource limit. // -// * MAX_VALUE_EXCEEDED: You provided a -// numeric parameter that has a larger value than allowed. +// * MAX_FILTER_LIMIT_EXCEEDED: You +// can specify only one filter parameter for the operation. // -// * MIN_LENGTH_EXCEEDED: -// You provided a string parameter that is shorter than allowed. +// * MAX_LENGTH_EXCEEDED: +// You provided a string parameter that is longer than allowed. // // * -// MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value +// MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value // than allowed. // -// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account -// only between entities in the same root. +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is +// shorter than allowed. // -// * TARGET_NOT_SUPPORTED: You can't -// perform the specified operation on that target entity. +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter +// that has a smaller value than allowed. // // * -// UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't -// recognized. +// MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between +// entities in the same root. +// +// * TARGET_NOT_SUPPORTED: You can't perform the +// specified operation on that target entity. +// +// * UNRECOGNIZED_SERVICE_PRINCIPAL: +// You specified a service principal that isn't recognized. type InvalidInputException struct { Message *string @@ -846,7 +890,7 @@ func (e *InvalidInputException) ErrorFault() smithy.ErrorFault { return smithy.F // policy type. For example, the syntax might be incorrect. For details about // service control policy syntax, see Service Control Policy Syntax // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html) -// in the AWS Organizations User Guide. +// in the Organizations User Guide. type MalformedPolicyDocumentException struct { Message *string @@ -1082,10 +1126,10 @@ func (e *PolicyTypeAlreadyEnabledException) ErrorFault() smithy.ErrorFault { ret // You can't use the specified policy type with the feature set currently enabled // for this organization. For example, you can enable SCPs only after you enable -// all features in the organization. For more information, see Managing AWS +// all features in the organization. For more information, see Managing // Organizations Policies // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root)in -// the AWS Organizations User Guide. +// the Organizations User Guide. type PolicyTypeNotAvailableForOrganizationException struct { Message *string @@ -1113,7 +1157,7 @@ func (e *PolicyTypeNotAvailableForOrganizationException) ErrorFault() smithy.Err // in the root. For more information, see Enabling All Features in Your // Organization // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) -// in the AWS Organizations User Guide. +// in the Organizations User Guide. type PolicyTypeNotEnabledException struct { Message *string @@ -1151,8 +1195,8 @@ func (e *RootNotFoundException) ErrorMessage() string { func (e *RootNotFoundException) ErrorCode() string { return "RootNotFoundException" } func (e *RootNotFoundException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } -// AWS Organizations can't complete your request because of an internal service -// error. Try again later. +// Organizations can't complete your request because of an internal service error. +// Try again later. type ServiceException struct { Message *string @@ -1212,9 +1256,9 @@ func (e *TargetNotFoundException) ErrorFault() smithy.ErrorFault { return smithy // You have sent too many requests in too short a period of time. The quota helps // protect against denial-of-service attacks. Try again later. For information -// about quotas that affect AWS Organizations, see Quotas for AWS Organizations +// about quotas that affect Organizations, see Quotas for Organizations // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in -// the AWS Organizations User Guide. +// the Organizations User Guide. type TooManyRequestsException struct { Message *string @@ -1235,7 +1279,7 @@ func (e *TooManyRequestsException) ErrorMessage() string { func (e *TooManyRequestsException) ErrorCode() string { return "TooManyRequestsException" } func (e *TooManyRequestsException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } -// This action isn't available in the current AWS Region. +// This action isn't available in the current Amazon Web Services Region. type UnsupportedAPIEndpointException struct { Message *string diff --git a/service/organizations/types/types.go b/service/organizations/types/types.go index 4f39647221d..560f823dcec 100644 --- a/service/organizations/types/types.go +++ b/service/organizations/types/types.go @@ -7,18 +7,19 @@ import ( "time" ) -// Contains information about an AWS account that is a member of an organization. +// Contains information about an Amazon Web Services account that is a member of an +// organization. type Account struct { // The Amazon Resource Name (ARN) of the account. For more information about ARNs // in Organizations, see ARN Formats Supported by Organizations // (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) - // in the AWS Service Authorization Reference. + // in the Amazon Web Services Service Authorization Reference. Arn *string - // The email address associated with the AWS account. The regex pattern - // (http://wikipedia.org/wiki/regex) for this parameter is a string of characters - // that represents a standard internet email address. + // The email address associated with the Amazon Web Services account. The regex + // pattern (http://wikipedia.org/wiki/regex) for this parameter is a string of + // characters that represents a standard internet email address. Email *string // The unique identifier (ID) of the account. The regex pattern @@ -66,7 +67,8 @@ type Child struct { } // Contains the status about a CreateAccount or CreateGovCloudAccount request to -// create an AWS account or an AWS GovCloud (US) account in an organization. +// create an Amazon Web Services account or an Amazon Web Services GovCloud (US) +// account in an organization. type CreateAccountStatus struct { // If the account was created successfully, the unique identifier (ID) of the new @@ -91,50 +93,50 @@ type CreateAccountStatus struct { // information. // // * EMAIL_ALREADY_EXISTS: The account could not be created because - // another AWS account with that email address already exists. + // another Amazon Web Services account with that email address already exists. // // * - // FAILED_BUSINESS_VALIDATION: The AWS account that owns your organization failed - // to receive business license validation. - // - // * GOVCLOUD_ACCOUNT_ALREADY_EXISTS: The - // account in the AWS GovCloud (US) Region could not be created because this Region - // already includes an account with that email address. + // FAILED_BUSINESS_VALIDATION: The Amazon Web Services account that owns your + // organization failed to receive business license validation. // // * - // IDENTITY_INVALID_BUSINESS_VALIDATION: The AWS account that owns your - // organization can't complete business license validation because it doesn't have - // valid identity data. + // GOVCLOUD_ACCOUNT_ALREADY_EXISTS: The account in the Amazon Web Services GovCloud + // (US) Region could not be created because this Region already includes an account + // with that email address. // - // * INVALID_ADDRESS: The account could not be created - // because the address you provided is not valid. + // * IDENTITY_INVALID_BUSINESS_VALIDATION: The Amazon Web + // Services account that owns your organization can't complete business license + // validation because it doesn't have valid identity data. // - // * INVALID_EMAIL: The account - // could not be created because the email address you provided is not valid. + // * INVALID_ADDRESS: The + // account could not be created because the address you provided is not valid. // // * - // INTERNAL_FAILURE: The account could not be created because of an internal - // failure. Try again later. If the problem persists, contact AWS Customer - // Support. + // INVALID_EMAIL: The account could not be created because the email address you + // provided is not valid. // - // * MISSING_BUSINESS_VALIDATION: The AWS account that owns your - // organization has not received Business Validation. + // * INTERNAL_FAILURE: The account could not be created + // because of an internal failure. Try again later. If the problem persists, + // contact Amazon Web Services Customer Support. // - // * - // MISSING_PAYMENT_INSTRUMENT: You must configure the management account with a - // valid payment method, such as a credit card. + // * MISSING_BUSINESS_VALIDATION: + // The Amazon Web Services account that owns your organization has not received + // Business Validation. // - // * PENDING_BUSINESS_VALIDATION: The - // AWS account that owns your organization is still in the process of completing - // business license validation. + // * MISSING_PAYMENT_INSTRUMENT: You must configure the + // management account with a valid payment method, such as a credit card. // - // * UNKNOWN_BUSINESS_VALIDATION: The AWS account - // that owns your organization has an unknown issue with business license + // * + // PENDING_BUSINESS_VALIDATION: The Amazon Web Services account that owns your + // organization is still in the process of completing business license // validation. + // + // * UNKNOWN_BUSINESS_VALIDATION: The Amazon Web Services account that + // owns your organization has an unknown issue with business license validation. FailureReason CreateAccountFailureReason // If the account was created successfully, the unique identifier (ID) of the new - // account in the AWS GovCloud (US) Region. + // account in the Amazon Web Services GovCloud (US) Region. GovCloudAccountId *string // The unique identifier (ID) that references this request. You get this value from @@ -146,7 +148,7 @@ type CreateAccountStatus struct { // The date and time that the request was made for the account creation. RequestedTimestamp *time.Time - // The status of the asynchronous request to create an AWS account. + // The status of the asynchronous request to create an Amazon Web Services account. State CreateAccountState noSmithyDocumentSerde @@ -161,8 +163,8 @@ type DelegatedAdministrator struct { // The date when the account was made a delegated administrator. DelegationEnabledDate *time.Time - // The email address that is associated with the delegated administrator's AWS - // account. + // The email address that is associated with the delegated administrator's Amazon + // Web Services account. Email *string // The unique identifier (ID) of the delegated administrator's account. @@ -185,15 +187,15 @@ type DelegatedAdministrator struct { noSmithyDocumentSerde } -// Contains information about the AWS service for which the account is a delegated -// administrator. +// Contains information about the Amazon Web Services service for which the account +// is a delegated administrator. type DelegatedService struct { // The date that the account became a delegated administrator for this service. DelegationEnabledDate *time.Time - // The name of an AWS service that can request an operation for the specified - // service. This is typically in the form of a URL, such as: + // The name of an Amazon Web Services service that can request an operation for the + // specified service. This is typically in the form of a URL, such as: // servicename.amazonaws.com. ServicePrincipal *string @@ -220,11 +222,11 @@ type EffectivePolicy struct { noSmithyDocumentSerde } -// A structure that contains details of a service principal that represents an AWS -// service that is enabled to integrate with AWS Organizations. +// A structure that contains details of a service principal that represents an +// Amazon Web Services service that is enabled to integrate with Organizations. type EnabledServicePrincipal struct { - // The date that the service principal was enabled for integration with AWS + // The date that the service principal was enabled for integration with // Organizations. DateEnabled *time.Time @@ -240,8 +242,8 @@ type EnabledServicePrincipal struct { // management account (the originator) invites another account (the recipient) to // join its organization, the two accounts exchange information as a series of // handshake requests and responses. Note: Handshakes that are CANCELED, ACCEPTED, -// or DECLINED show up in lists for only 30 days after entering that state After -// that they are deleted. +// DECLINED, or EXPIRED show up in lists for only 30 days after entering that state +// After that they are deleted. type Handshake struct { // The type of handshake, indicating what action occurs when the recipient accepts @@ -267,7 +269,7 @@ type Handshake struct { // The Amazon Resource Name (ARN) of a handshake. For more information about ARNs // in Organizations, see ARN Formats Supported by Organizations // (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) - // in the AWS Service Authorization Reference. + // in the Amazon Web Services Service Authorization Reference. Arn *string // The date and time that the handshake expires. If the recipient of the handshake @@ -364,21 +366,21 @@ type HandshakeResource struct { // The type of information being passed, specifying how the value is to be // interpreted by the other party: // - // * ACCOUNT - Specifies an AWS account ID - // number. + // * ACCOUNT - Specifies an Amazon Web Services + // account ID number. // // * ORGANIZATION - Specifies an organization ID number. // - // * EMAIL - - // Specifies the email address that is associated with the account that receives - // the handshake. + // * + // EMAIL - Specifies the email address that is associated with the account that + // receives the handshake. // - // * OWNER_EMAIL - Specifies the email address associated with the - // management account. Included as information about an organization. + // * OWNER_EMAIL - Specifies the email address associated + // with the management account. Included as information about an organization. // - // * OWNER_NAME - // - Specifies the name associated with the management account. Included as - // information about an organization. + // * + // OWNER_NAME - Specifies the name associated with the management account. Included + // as information about an organization. // // * NOTES - Additional text provided by the // handshake initiator and intended for the recipient to read. @@ -400,7 +402,7 @@ type Organization struct { // The Amazon Resource Name (ARN) of an organization. For more information about // ARNs in Organizations, see ARN Formats Supported by Organizations // (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) - // in the AWS Service Authorization Reference. + // in the Amazon Web Services Service Authorization Reference. Arn *string // Do not use. This field is deprecated and doesn't provide complete information @@ -415,7 +417,7 @@ type Organization struct { // consolidated billing functionality is available. For more information, see // Enabling All Features in Your Organization // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) - // in the AWS Organizations User Guide. + // in the Organizations User Guide. FeatureSet OrganizationFeatureSet // The unique identifier (ID) of an organization. The regex pattern @@ -427,11 +429,11 @@ type Organization struct { // management account for the organization. For more information about ARNs in // Organizations, see ARN Formats Supported by Organizations // (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) - // in the AWS Service Authorization Reference. + // in the Amazon Web Services Service Authorization Reference. MasterAccountArn *string - // The email address that is associated with the AWS account that is designated as - // the management account for the organization. + // The email address that is associated with the Amazon Web Services account that + // is designated as the management account for the organization. MasterAccountEmail *string // The unique identifier (ID) of the management account of an organization. The @@ -442,15 +444,16 @@ type Organization struct { noSmithyDocumentSerde } -// Contains details about an organizational unit (OU). An OU is a container of AWS -// accounts within a root of an organization. Policies that are attached to an OU -// apply to all accounts contained in that OU and in any child OUs. +// Contains details about an organizational unit (OU). An OU is a container of +// Amazon Web Services accounts within a root of an organization. Policies that are +// attached to an OU apply to all accounts contained in that OU and in any child +// OUs. type OrganizationalUnit struct { // The Amazon Resource Name (ARN) of this OU. For more information about ARNs in // Organizations, see ARN Formats Supported by Organizations // (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) - // in the AWS Service Authorization Reference. + // in the Amazon Web Services Service Authorization Reference. Arn *string // The unique identifier (ID) associated with this OU. The regex pattern @@ -512,12 +515,12 @@ type PolicySummary struct { // The Amazon Resource Name (ARN) of the policy. For more information about ARNs in // Organizations, see ARN Formats Supported by Organizations // (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) - // in the AWS Service Authorization Reference. + // in the Amazon Web Services Service Authorization Reference. Arn *string - // A boolean value that indicates whether the specified policy is an AWS managed - // policy. If true, then you can attach the policy to roots, OUs, or accounts, but - // you cannot edit it. + // A boolean value that indicates whether the specified policy is an Amazon Web + // Services managed policy. If true, then you can attach the policy to roots, OUs, + // or accounts, but you cannot edit it. AwsManaged bool // The description of the policy. @@ -546,7 +549,7 @@ type PolicyTargetSummary struct { // The Amazon Resource Name (ARN) of the policy target. For more information about // ARNs in Organizations, see ARN Formats Supported by Organizations // (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) - // in the AWS Service Authorization Reference. + // in the Amazon Web Services Service Authorization Reference. Arn *string // The friendly name of the policy target. The regex pattern @@ -592,13 +595,14 @@ type PolicyTypeSummary struct { // Contains details about a root. A root is a top-level parent node in the // hierarchy of an organization that can contain organizational units (OUs) and -// accounts. The root contains every AWS account in the organization. +// accounts. The root contains every Amazon Web Services account in the +// organization. type Root struct { // The Amazon Resource Name (ARN) of the root. For more information about ARNs in // Organizations, see ARN Formats Supported by Organizations // (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) - // in the AWS Service Authorization Reference. + // in the Amazon Web Services Service Authorization Reference. Arn *string // The unique identifier (ID) for the root. The regex pattern @@ -625,8 +629,8 @@ type Root struct { // A custom key-value pair associated with a resource within your organization. You // can attach tags to any of the following organization resources. // -// * AWS -// account +// * Amazon Web +// Services account // // * Organizational unit (OU) // diff --git a/service/organizations/validators.go b/service/organizations/validators.go index d533985da6b..d49c3a04ba7 100644 --- a/service/organizations/validators.go +++ b/service/organizations/validators.go @@ -70,6 +70,26 @@ func (m *validateOpCancelHandshake) HandleInitialize(ctx context.Context, in mid return next.HandleInitialize(ctx, in) } +type validateOpCloseAccount struct { +} + +func (*validateOpCloseAccount) ID() string { + return "OperationInputValidation" +} + +func (m *validateOpCloseAccount) HandleInitialize(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) ( + out middleware.InitializeOutput, metadata middleware.Metadata, err error, +) { + input, ok := in.Parameters.(*CloseAccountInput) + if !ok { + return out, metadata, fmt.Errorf("unknown input parameters type %T", in.Parameters) + } + if err := validateOpCloseAccountInput(input); err != nil { + return out, metadata, err + } + return next.HandleInitialize(ctx, in) +} + type validateOpCreateAccount struct { } @@ -802,6 +822,10 @@ func addOpCancelHandshakeValidationMiddleware(stack *middleware.Stack) error { return stack.Initialize.Add(&validateOpCancelHandshake{}, middleware.After) } +func addOpCloseAccountValidationMiddleware(stack *middleware.Stack) error { + return stack.Initialize.Add(&validateOpCloseAccount{}, middleware.After) +} + func addOpCreateAccountValidationMiddleware(stack *middleware.Stack) error { return stack.Initialize.Add(&validateOpCreateAccount{}, middleware.After) } @@ -1047,6 +1071,21 @@ func validateOpCancelHandshakeInput(v *CancelHandshakeInput) error { } } +func validateOpCloseAccountInput(v *CloseAccountInput) error { + if v == nil { + return nil + } + invalidParams := smithy.InvalidParamsError{Context: "CloseAccountInput"} + if v.AccountId == nil { + invalidParams.Add(smithy.NewErrParamRequired("AccountId")) + } + if invalidParams.Len() > 0 { + return invalidParams + } else { + return nil + } +} + func validateOpCreateAccountInput(v *CreateAccountInput) error { if v == nil { return nil