@datafire/amazonaws_organizations
Client library for AWS Organizations
Installation and Usage
npm install --save @datafire/amazonaws_organizations
let amazonaws_organizations = require('@datafire/amazonaws_organizations').create({
accessKeyId: "",
secretAccessKey: "",
region: ""
});
amazonaws_organizations.AcceptHandshake({
"HandshakeId": ""
}).then(data => {
console.log(data);
});
Description
AWS Organizations API Reference
AWS Organizations is a web service that enables you to consolidate your multiple AWS accounts into an organization and centrally manage your accounts and their resources.
This guide provides descriptions of the Organizations API. For more information about using this service, see the AWS Organizations User Guide.
API Version
This version of the Organizations API Reference documents the Organizations API version 2016-11-28.
As an alternative to using the API directly, you can use one of the AWS SDKs, which consist of libraries and sample code for various programming languages and platforms (Java, Ruby, .NET, iOS, Android, and more). The SDKs provide a convenient way to create programmatic access to AWS Organizations. For example, the SDKs take care of cryptographically signing requests, managing errors, and retrying requests automatically. For more information about the AWS SDKs, including how to download and install them, see Tools for Amazon Web Services.
We recommend that you use the AWS SDKs to make programmatic API calls to Organizations. However, you also can use the Organizations Query API to make direct calls to the Organizations web service. To learn more about the Organizations Query API, see Making Query Requests in the AWS Organizations User Guide. Organizations supports GET and POST requests for all actions. That is, the API does not require you to use GET for some actions and POST for others. However, GET requests are subject to the limitation size of a URL. Therefore, for operations that require larger sizes, use a POST request.
Signing Requests
When you send HTTP requests to AWS, you must sign the requests so that AWS can identify who sent them. You sign requests with your AWS access key, which consists of an access key ID and a secret access key. We strongly recommend that you do not create an access key for your root account. Anyone who has the access key for your root account has unrestricted access to all the resources in your account. Instead, create an access key for an IAM user account that has administrative privileges. As another option, use AWS Security Token Service to generate temporary security credentials, and use those credentials to sign requests.
To sign requests, we recommend that you use Signature Version 4. If you have an existing application that uses Signature Version 2, you do not have to update it to use Signature Version 4. However, some operations now require Signature Version 4. The documentation for operations that require version 4 indicate this requirement.
When you use the AWS Command Line Interface (AWS CLI) or one of the AWS SDKs to make requests to AWS, these tools automatically sign the requests for you with the access key that you specify when you configure the tools.
In this release, each organization can have only one root. In a future release, a single organization will support multiple roots.
Support and Feedback for AWS Organizations
We welcome your feedback. Send your comments to feedback-awsorganizations@amazon.com or post your feedback and questions in the AWS Organizations support forum. For more information about the AWS support forums, see Forums Help.
Endpoint to Call When Using the CLI or the AWS API
For the current release of Organizations, you must specify the us-east-1
region for all AWS API and CLI calls. You can do this in the CLI by using these parameters and commands:
-
Use the following parameter with each command to specify both the endpoint and its region:
--endpoint-url https://organizations.us-east-1.amazonaws.com
-
Use the default endpoint, but configure your default region with this command:
aws configure set default.region us-east-1
-
Use the following parameter with each command to specify the endpoint:
--region us-east-1
For the various SDKs used to call the APIs, see the documentation for the SDK of interest to learn how to direct the requests to a specific endpoint. For more information, see Regions and Endpoints in the AWS General Reference.
How examples are presented
The JSON returned by the AWS Organizations service as response to your requests is returned as a single long string without line breaks or formatting whitespace. Both line breaks and whitespace are included in the examples in this guide to improve readability. When example input parameters also would result in long strings that would extend beyond the screen, we insert line breaks to enhance readability. You should always submit the input as a single JSON text string.
Recording API Requests
AWS Organizations supports AWS CloudTrail, a service that records AWS API calls for your AWS account and delivers log files to an Amazon S3 bucket. By using information collected by AWS CloudTrail, you can determine which requests were successfully made to Organizations, who made the request, when it was made, and so on. For more about AWS Organizations and its support for AWS CloudTrail, see Logging AWS Organizations Events with AWS CloudTrail in the AWS Organizations User Guide. To learn more about CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User Guide.
Actions
AcceptHandshake
amazonaws_organizations.AcceptHandshake({
"HandshakeId": ""
}, context)
Input
- input
object
- HandshakeId required HandshakeId
Output
- output AcceptHandshakeResponse
AttachPolicy
amazonaws_organizations.AttachPolicy({
"PolicyId": "",
"TargetId": ""
}, context)
Input
- input
object
- PolicyId required PolicyId
- TargetId required PolicyTargetId
Output
Output schema unknown
CancelHandshake
amazonaws_organizations.CancelHandshake({
"HandshakeId": ""
}, context)
Input
- input
object
- HandshakeId required HandshakeId
Output
- output CancelHandshakeResponse
CreateAccount
amazonaws_organizations.CreateAccount({
"Email": "",
"AccountName": ""
}, context)
Input
- input
object
- AccountName required AccountName
- Email required Email
- IamUserAccessToBilling IAMUserAccessToBilling
- RoleName RoleName
Output
- output CreateAccountResponse
CreateOrganization
amazonaws_organizations.CreateOrganization({}, context)
Input
- input
object
- FeatureSet OrganizationFeatureSet
Output
- output CreateOrganizationResponse
CreateOrganizationalUnit
amazonaws_organizations.CreateOrganizationalUnit({
"ParentId": "",
"Name": ""
}, context)
Input
- input
object
- Name required OrganizationalUnitName
- ParentId required ParentId
Output
CreatePolicy
amazonaws_organizations.CreatePolicy({
"Content": "",
"Description": "",
"Name": "",
"Type": ""
}, context)
Input
- input
object
- Content required PolicyContent
- Description required PolicyDescription
- Name required PolicyName
- Type required PolicyType
Output
- output CreatePolicyResponse
DeclineHandshake
amazonaws_organizations.DeclineHandshake({
"HandshakeId": ""
}, context)
Input
- input
object
- HandshakeId required HandshakeId
Output
- output DeclineHandshakeResponse
DeleteOrganization
amazonaws_organizations.DeleteOrganization({}, context)
Input
- input
object
Output
Output schema unknown
DeleteOrganizationalUnit
amazonaws_organizations.DeleteOrganizationalUnit({
"OrganizationalUnitId": ""
}, context)
Input
- input
object
- OrganizationalUnitId required OrganizationalUnitId
Output
Output schema unknown
DeletePolicy
amazonaws_organizations.DeletePolicy({
"PolicyId": ""
}, context)
Input
- input
object
- PolicyId required PolicyId
Output
Output schema unknown
DescribeAccount
amazonaws_organizations.DescribeAccount({
"AccountId": ""
}, context)
Input
- input
object
- AccountId required AccountId
Output
- output DescribeAccountResponse
DescribeCreateAccountStatus
amazonaws_organizations.DescribeCreateAccountStatus({
"CreateAccountRequestId": ""
}, context)
Input
- input
object
- CreateAccountRequestId required CreateAccountRequestId
Output
DescribeHandshake
amazonaws_organizations.DescribeHandshake({
"HandshakeId": ""
}, context)
Input
- input
object
- HandshakeId required HandshakeId
Output
- output DescribeHandshakeResponse
DescribeOrganization
amazonaws_organizations.DescribeOrganization({}, context)
Input
- input
object
Output
- output DescribeOrganizationResponse
DescribeOrganizationalUnit
amazonaws_organizations.DescribeOrganizationalUnit({
"OrganizationalUnitId": ""
}, context)
Input
- input
object
- OrganizationalUnitId required OrganizationalUnitId
Output
DescribePolicy
amazonaws_organizations.DescribePolicy({
"PolicyId": ""
}, context)
Input
- input
object
- PolicyId required PolicyId
Output
- output DescribePolicyResponse
DetachPolicy
amazonaws_organizations.DetachPolicy({
"PolicyId": "",
"TargetId": ""
}, context)
Input
- input
object
- PolicyId required PolicyId
- TargetId required PolicyTargetId
Output
Output schema unknown
DisableAWSServiceAccess
amazonaws_organizations.DisableAWSServiceAccess({
"ServicePrincipal": ""
}, context)
Input
- input
object
- ServicePrincipal required ServicePrincipal
Output
Output schema unknown
DisablePolicyType
amazonaws_organizations.DisablePolicyType({
"RootId": "",
"PolicyType": ""
}, context)
Input
- input
object
- PolicyType required PolicyType
- RootId required RootId
Output
- output DisablePolicyTypeResponse
EnableAWSServiceAccess
amazonaws_organizations.EnableAWSServiceAccess({
"ServicePrincipal": ""
}, context)
Input
- input
object
- ServicePrincipal required ServicePrincipal
Output
Output schema unknown
EnableAllFeatures
amazonaws_organizations.EnableAllFeatures({}, context)
Input
- input
object
Output
- output EnableAllFeaturesResponse
EnablePolicyType
amazonaws_organizations.EnablePolicyType({
"RootId": "",
"PolicyType": ""
}, context)
Input
- input
object
- PolicyType required PolicyType
- RootId required RootId
Output
- output EnablePolicyTypeResponse
InviteAccountToOrganization
amazonaws_organizations.InviteAccountToOrganization({
"Target": {
"Id": "",
"Type": ""
}
}, context)
Input
- input
object
- Notes HandshakeNotes
- Target required HandshakeParty
Output
LeaveOrganization
amazonaws_organizations.LeaveOrganization({}, context)
Input
- input
object
Output
Output schema unknown
ListAWSServiceAccessForOrganization
amazonaws_organizations.ListAWSServiceAccessForOrganization({}, context)
Input
- input
object
- MaxResults
string
- NextToken
string
- MaxResults MaxResults
- NextToken NextToken
- MaxResults
Output
ListAccounts
amazonaws_organizations.ListAccounts({}, context)
Input
- input
object
- MaxResults
string
- NextToken
string
- MaxResults MaxResults
- NextToken NextToken
- MaxResults
Output
- output ListAccountsResponse
ListAccountsForParent
amazonaws_organizations.ListAccountsForParent({
"ParentId": ""
}, context)
Input
- input
object
- MaxResults
string
- NextToken
string
- MaxResults MaxResults
- NextToken NextToken
- ParentId required ParentId
- MaxResults
Output
ListChildren
amazonaws_organizations.ListChildren({
"ParentId": "",
"ChildType": ""
}, context)
Input
- input
object
- MaxResults
string
- NextToken
string
- ChildType required ChildType
- MaxResults MaxResults
- NextToken NextToken
- ParentId required ParentId
- MaxResults
Output
- output ListChildrenResponse
ListCreateAccountStatus
amazonaws_organizations.ListCreateAccountStatus({}, context)
Input
- input
object
- MaxResults
string
- NextToken
string
- MaxResults MaxResults
- NextToken NextToken
- States CreateAccountStates
- MaxResults
Output
ListHandshakesForAccount
amazonaws_organizations.ListHandshakesForAccount({}, context)
Input
- input
object
- MaxResults
string
- NextToken
string
- Filter HandshakeFilter
- MaxResults MaxResults
- NextToken NextToken
- MaxResults
Output
ListHandshakesForOrganization
amazonaws_organizations.ListHandshakesForOrganization({}, context)
Input
- input
object
- MaxResults
string
- NextToken
string
- Filter HandshakeFilter
- MaxResults MaxResults
- NextToken NextToken
- MaxResults
Output
ListOrganizationalUnitsForParent
amazonaws_organizations.ListOrganizationalUnitsForParent({
"ParentId": ""
}, context)
Input
- input
object
- MaxResults
string
- NextToken
string
- MaxResults MaxResults
- NextToken NextToken
- ParentId required ParentId
- MaxResults
Output
ListParents
amazonaws_organizations.ListParents({
"ChildId": ""
}, context)
Input
- input
object
- MaxResults
string
- NextToken
string
- ChildId required ChildId
- MaxResults MaxResults
- NextToken NextToken
- MaxResults
Output
- output ListParentsResponse
ListPolicies
amazonaws_organizations.ListPolicies({
"Filter": ""
}, context)
Input
- input
object
- MaxResults
string
- NextToken
string
- Filter required PolicyType
- MaxResults MaxResults
- NextToken NextToken
- MaxResults
Output
- output ListPoliciesResponse
ListPoliciesForTarget
amazonaws_organizations.ListPoliciesForTarget({
"TargetId": "",
"Filter": ""
}, context)
Input
- input
object
- MaxResults
string
- NextToken
string
- Filter required PolicyType
- MaxResults MaxResults
- NextToken NextToken
- TargetId required PolicyTargetId
- MaxResults
Output
ListRoots
amazonaws_organizations.ListRoots({}, context)
Input
- input
object
- MaxResults
string
- NextToken
string
- MaxResults MaxResults
- NextToken NextToken
- MaxResults
Output
- output ListRootsResponse
ListTargetsForPolicy
amazonaws_organizations.ListTargetsForPolicy({
"PolicyId": ""
}, context)
Input
- input
object
- MaxResults
string
- NextToken
string
- MaxResults MaxResults
- NextToken NextToken
- PolicyId required PolicyId
- MaxResults
Output
- output ListTargetsForPolicyResponse
MoveAccount
amazonaws_organizations.MoveAccount({
"AccountId": "",
"SourceParentId": "",
"DestinationParentId": ""
}, context)
Input
- input
object
Output
Output schema unknown
RemoveAccountFromOrganization
amazonaws_organizations.RemoveAccountFromOrganization({
"AccountId": ""
}, context)
Input
- input
object
- AccountId required AccountId
Output
Output schema unknown
UpdateOrganizationalUnit
amazonaws_organizations.UpdateOrganizationalUnit({
"OrganizationalUnitId": ""
}, context)
Input
- input
object
- Name OrganizationalUnitName
- OrganizationalUnitId required OrganizationalUnitId
Output
UpdatePolicy
amazonaws_organizations.UpdatePolicy({
"PolicyId": ""
}, context)
Input
- input
object
- Content PolicyContent
- Description PolicyDescription
- Name PolicyName
- PolicyId required PolicyId
Output
- output UpdatePolicyResponse
Definitions
AWSOrganizationsNotInUseException
- AWSOrganizationsNotInUseException
object
: Your account is not a member of an organization. To make this request, you must use the credentials of an account that belongs to an organization.- Message ExceptionMessage
AcceptHandshakeRequest
- AcceptHandshakeRequest
object
- HandshakeId required HandshakeId
AcceptHandshakeResponse
- AcceptHandshakeResponse
object
- Handshake Handshake
AccessDeniedException
- AccessDeniedException
object
: You don't have permissions to perform the requested operation. The user or role that is making the request must have at least one IAM permissions policy attached that grants the required permissions. For more information, see Access Management in the IAM User Guide.- Message ExceptionMessage
AccessDeniedForDependencyException
- AccessDeniedForDependencyException
object
: The operation you attempted requires you to have theiam:CreateServiceLinkedRole
so that Organizations can create the required service-linked role. You do not have that permission.- Message ExceptionMessage
- Reason AccessDeniedForDependencyExceptionReason
AccessDeniedForDependencyExceptionReason
- AccessDeniedForDependencyExceptionReason
string
(values: ACCESS_DENIED_DURING_CREATE_SERVICE_LINKED_ROLE)
Account
- Account
object
: Contains information about an AWS account that is a member of an organization.- Arn AccountArn
- Email Email
- Id AccountId
- JoinedMethod AccountJoinedMethod
- JoinedTimestamp Timestamp
- Name AccountName
- Status AccountStatus
AccountArn
- AccountArn
string
AccountId
- AccountId
string
AccountJoinedMethod
- AccountJoinedMethod
string
(values: INVITED, CREATED)
AccountName
- AccountName
string
AccountNotFoundException
- AccountNotFoundException
object
: We can't find an AWS account with the AccountId that you specified, or the account whose credentials you used to make this request is not a member of an organization.- Message ExceptionMessage
AccountStatus
- AccountStatus
string
(values: ACTIVE, SUSPENDED)
Accounts
- Accounts
array
- items Account
ActionType
- ActionType
string
(values: INVITE, ENABLE_ALL_FEATURES, APPROVE_ALL_FEATURES, ADD_ORGANIZATIONS_SERVICE_LINKED_ROLE)
AlreadyInOrganizationException
- AlreadyInOrganizationException
object
: This account is already a member of an organization. An account can belong to only one organization at a time.- Message ExceptionMessage
AttachPolicyRequest
- AttachPolicyRequest
object
- PolicyId required PolicyId
- TargetId required PolicyTargetId
AwsManagedPolicy
- AwsManagedPolicy
boolean
CancelHandshakeRequest
- CancelHandshakeRequest
object
- HandshakeId required HandshakeId
CancelHandshakeResponse
- CancelHandshakeResponse
object
- Handshake Handshake
Child
ChildId
- ChildId
string
ChildNotFoundException
- ChildNotFoundException
object
: We can't find an organizational unit (OU) or AWS account with the ChildId that you specified.- Message ExceptionMessage
ChildType
- ChildType
string
(values: ACCOUNT, ORGANIZATIONAL_UNIT)
Children
- Children
array
- items Child
ConcurrentModificationException
- ConcurrentModificationException
object
: The target of the operation is currently being modified by a different request. Try again later.- Message ExceptionMessage
ConstraintViolationException
- ConstraintViolationException
object
:Performing this operation violates a minimum or maximum value limit. For example, attempting to removing the last SCP from an OU or root, inviting or creating too many accounts to the organization, or attaching too many policies to an account, OU, or root. This exception includes a reason that contains additional information about the violated limit:
Some of the reasons in the following list might not be applicable to this specific API or operation:
-
ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an organization. If you need more accounts, contact AWS Support to request an increase in your limit.
Or, The number of invitations that you tried to send would cause you to exceed the limit of accounts in your organization. Send fewer invitations, or contact AWS Support to request an increase in the number of accounts.
Note: deleted and closed accounts still count toward your limit.
If you get an exception that indicates that you exceeded your account limits for the organization or that you can"t add an account because your organization is still initializing, please contact AWS Customer Support.
-
HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes you can send in one day.
-
OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of organizational units you can have in an organization.
-
OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an organizational unit tree that is too many levels deep.
-
POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of policies that you can have in an organization.
-
MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain type that can be attached to an entity at one time.
-
MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would cause the entity to have fewer than the minimum number of policies of a certain type required.
-
ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that does not yet have enough information to exist as a stand-alone account. This account requires you to first agree to the AWS Customer Agreement. Follow the steps at To leave an organization when all required account information has not yet been provided in the AWS Organizations User Guide.
-
ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization that does not yet have enough information to exist as a stand-alone account. This account requires you to first complete phone verification. Follow the steps at To leave an organization when all required account information has not yet been provided in the AWS Organizations User Guide.
-
MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this account, you first must associate a payment instrument, such as a credit card, with the account. Follow the steps at To leave an organization when all required account information has not yet been provided in the AWS Organizations User Guide.
-
MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you first must associate a payment instrument, such as a credit card, with the account. Follow the steps at To leave an organization when all required account information has not yet been provided in the AWS Organizations User Guide.
-
ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create in one day.
-
MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first must migrate the organization's master account to the marketplace that corresponds to the master account's address. For example, accounts with India addresses must be associated with the AISPL marketplace. All accounts in an organization must be associated with the same marketplace.
-
MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide contact a valid address and phone number for the master account. Then try the operation again.
- Message ExceptionMessage
- Reason ConstraintViolationExceptionReason
-
ConstraintViolationExceptionReason
- ConstraintViolationExceptionReason
string
(values: ACCOUNT_NUMBER_LIMIT_EXCEEDED, HANDSHAKE_RATE_LIMIT_EXCEEDED, OU_NUMBER_LIMIT_EXCEEDED, OU_DEPTH_LIMIT_EXCEEDED, POLICY_NUMBER_LIMIT_EXCEEDED, MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED, MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED, ACCOUNT_CANNOT_LEAVE_ORGANIZATION, ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA, ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION, MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED, MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED, ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED, MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE, MASTER_ACCOUNT_MISSING_CONTACT_INFO, ORGANIZATION_NOT_IN_ALL_FEATURES_MODE)
CreateAccountFailureReason
- CreateAccountFailureReason
string
(values: ACCOUNT_LIMIT_EXCEEDED, EMAIL_ALREADY_EXISTS, INVALID_ADDRESS, INVALID_EMAIL, CONCURRENT_ACCOUNT_MODIFICATION, INTERNAL_FAILURE)
CreateAccountRequest
- CreateAccountRequest
object
- AccountName required AccountName
- Email required Email
- IamUserAccessToBilling IAMUserAccessToBilling
- RoleName RoleName
CreateAccountRequestId
- CreateAccountRequestId
string
CreateAccountResponse
- CreateAccountResponse
object
- CreateAccountStatus CreateAccountStatus
CreateAccountState
- CreateAccountState
string
(values: IN_PROGRESS, SUCCEEDED, FAILED)
CreateAccountStates
- CreateAccountStates
array
- items CreateAccountState
CreateAccountStatus
- CreateAccountStatus
object
: Contains the status about a CreateAccount request to create an AWS account in an organization.- AccountId AccountId
- AccountName AccountName
- CompletedTimestamp Timestamp
- FailureReason CreateAccountFailureReason
- Id CreateAccountRequestId
- RequestedTimestamp Timestamp
- State CreateAccountState
CreateAccountStatusNotFoundException
- CreateAccountStatusNotFoundException
object
: We can't find an create account request with the CreateAccountRequestId that you specified.- Message ExceptionMessage
CreateAccountStatuses
- CreateAccountStatuses
array
- items CreateAccountStatus
CreateOrganizationRequest
- CreateOrganizationRequest
object
- FeatureSet OrganizationFeatureSet
CreateOrganizationResponse
- CreateOrganizationResponse
object
- Organization Organization
CreateOrganizationalUnitRequest
- CreateOrganizationalUnitRequest
object
- Name required OrganizationalUnitName
- ParentId required ParentId
CreateOrganizationalUnitResponse
- CreateOrganizationalUnitResponse
object
- OrganizationalUnit OrganizationalUnit
CreatePolicyRequest
- CreatePolicyRequest
object
- Content required PolicyContent
- Description required PolicyDescription
- Name required PolicyName
- Type required PolicyType
CreatePolicyResponse
- CreatePolicyResponse
object
- Policy Policy
DeclineHandshakeRequest
- DeclineHandshakeRequest
object
- HandshakeId required HandshakeId
DeclineHandshakeResponse
- DeclineHandshakeResponse
object
- Handshake Handshake
DeleteOrganizationalUnitRequest
- DeleteOrganizationalUnitRequest
object
- OrganizationalUnitId required OrganizationalUnitId
DeletePolicyRequest
- DeletePolicyRequest
object
- PolicyId required PolicyId
DescribeAccountRequest
- DescribeAccountRequest
object
- AccountId required AccountId
DescribeAccountResponse
- DescribeAccountResponse
object
- Account Account
DescribeCreateAccountStatusRequest
- DescribeCreateAccountStatusRequest
object
- CreateAccountRequestId required CreateAccountRequestId
DescribeCreateAccountStatusResponse
- DescribeCreateAccountStatusResponse
object
- CreateAccountStatus CreateAccountStatus
DescribeHandshakeRequest
- DescribeHandshakeRequest
object
- HandshakeId required HandshakeId
DescribeHandshakeResponse
- DescribeHandshakeResponse
object
- Handshake Handshake
DescribeOrganizationResponse
- DescribeOrganizationResponse
object
- Organization Organization
DescribeOrganizationalUnitRequest
- DescribeOrganizationalUnitRequest
object
- OrganizationalUnitId required OrganizationalUnitId
DescribeOrganizationalUnitResponse
- DescribeOrganizationalUnitResponse
object
- OrganizationalUnit OrganizationalUnit
DescribePolicyRequest
- DescribePolicyRequest
object
- PolicyId required PolicyId
DescribePolicyResponse
- DescribePolicyResponse
object
- Policy Policy
DestinationParentNotFoundException
- DestinationParentNotFoundException
object
: We can't find the destination container (a root or OU) with the ParentId that you specified.- Message ExceptionMessage
DetachPolicyRequest
- DetachPolicyRequest
object
- PolicyId required PolicyId
- TargetId required PolicyTargetId
DisableAWSServiceAccessRequest
- DisableAWSServiceAccessRequest
object
- ServicePrincipal required ServicePrincipal
DisablePolicyTypeRequest
- DisablePolicyTypeRequest
object
- PolicyType required PolicyType
- RootId required RootId
DisablePolicyTypeResponse
- DisablePolicyTypeResponse
object
- Root Root
DuplicateAccountException
- DuplicateAccountException
object
: That account is already present in the specified destination.- Message ExceptionMessage
DuplicateHandshakeException
- DuplicateHandshakeException
object
: A handshake with the same action and target already exists. For example, if you invited an account to join your organization, the invited account might already have a pending invitation from this organization. If you intend to resend an invitation to an account, ensure that existing handshakes that might be considered duplicates are canceled or declined.- Message ExceptionMessage
DuplicateOrganizationalUnitException
- DuplicateOrganizationalUnitException
object
: An organizational unit (OU) with the same name already exists.- Message ExceptionMessage
DuplicatePolicyAttachmentException
- DuplicatePolicyAttachmentException
object
: The selected policy is already attached to the specified target.- Message ExceptionMessage
DuplicatePolicyException
- DuplicatePolicyException
object
: A policy with the same name already exists.- Message ExceptionMessage
- Email
string
EnableAWSServiceAccessRequest
- EnableAWSServiceAccessRequest
object
- ServicePrincipal required ServicePrincipal
EnableAllFeaturesRequest
- EnableAllFeaturesRequest
object
EnableAllFeaturesResponse
- EnableAllFeaturesResponse
object
- Handshake Handshake
EnablePolicyTypeRequest
- EnablePolicyTypeRequest
object
- PolicyType required PolicyType
- RootId required RootId
EnablePolicyTypeResponse
- EnablePolicyTypeResponse
object
- Root Root
EnabledServicePrincipal
- EnabledServicePrincipal
object
: A structure that contains details of a service principal that is enabled to integrate with AWS Organizations.- DateEnabled Timestamp
- ServicePrincipal ServicePrincipal
EnabledServicePrincipals
- EnabledServicePrincipals
array
- items EnabledServicePrincipal
ExceptionMessage
- ExceptionMessage
string
ExceptionType
- ExceptionType
string
FinalizingOrganizationException
- FinalizingOrganizationException
object
: AWS Organizations could not finalize the creation of your organization. Try again later. If this persists, contact AWS customer support.- Message ExceptionMessage
GenericArn
- GenericArn
string
Handshake
- Handshake
object
:Contains information that must be exchanged to securely establish a relationship between two accounts (an originator and a recipient). For example, when a master account (the originator) invites another account (the recipient) to join its organization, the two accounts exchange information as a series of handshake requests and responses.
Note: Handshakes that are CANCELED, ACCEPTED, or DECLINED show up in lists for only 30 days after entering that state After that they are deleted.
- Action ActionType
- Arn HandshakeArn
- ExpirationTimestamp Timestamp
- Id HandshakeId
- Parties HandshakeParties
- RequestedTimestamp Timestamp
- Resources HandshakeResources
- State HandshakeState
HandshakeAlreadyInStateException
- HandshakeAlreadyInStateException
object
: The specified handshake is already in the requested state. For example, you can't accept a handshake that was already accepted.- Message ExceptionMessage
HandshakeArn
- HandshakeArn
string
HandshakeConstraintViolationException
- HandshakeConstraintViolationException
object
:The requested operation would violate the constraint identified in the reason code.
Some of the reasons in the following list might not be applicable to this specific API or operation:
-
ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an organization. Note: deleted and closed accounts still count toward your limit.
If you get an exception that indicates that you exceeded your account limits for the organization or that you can"t add an account because your organization is still initializing, please contact AWS Customer Support.
-
HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes you can send in one day.
-
ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because the invited account is already a member of an organization.
-
ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid because the organization has already enabled all features.
-
INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You cannot issue new invitations to join an organization while it is in the process of enabling all features. You can resume inviting accounts after you finalize the process when all accounts have agreed to the change.
-
PAYMENT_INSTRUMENT_REQUIRED: You cannot complete the operation with an account that does not have a payment instrument, such as a credit card, associated with it.
-
ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because the account is from a different marketplace than the accounts in the organization. For example, accounts with India addresses must be associated with the AISPL marketplace. All accounts in an organization must be from the same marketplace.
-
ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to change the membership of an account too quickly after its previous change.
- Message ExceptionMessage
- Reason HandshakeConstraintViolationExceptionReason
-
HandshakeConstraintViolationExceptionReason
- HandshakeConstraintViolationExceptionReason
string
(values: ACCOUNT_NUMBER_LIMIT_EXCEEDED, HANDSHAKE_RATE_LIMIT_EXCEEDED, ALREADY_IN_AN_ORGANIZATION, ORGANIZATION_ALREADY_HAS_ALL_FEATURES, INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES, PAYMENT_INSTRUMENT_REQUIRED, ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD, ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED)
HandshakeFilter
- HandshakeFilter
object
: Specifies the criteria that are used to select the handshakes for the operation.- ActionType ActionType
- ParentHandshakeId HandshakeId
HandshakeId
- HandshakeId
string
HandshakeNotFoundException
- HandshakeNotFoundException
object
: We can't find a handshake with the HandshakeId that you specified.- Message ExceptionMessage
HandshakeNotes
- HandshakeNotes
string
HandshakeParties
- HandshakeParties
array
- items HandshakeParty
HandshakeParty
- HandshakeParty
object
: Identifies a participant in a handshake.- Id required HandshakePartyId
- Type required HandshakePartyType
HandshakePartyId
- HandshakePartyId
string
HandshakePartyType
- HandshakePartyType
string
(values: ACCOUNT, ORGANIZATION, EMAIL)
HandshakeResource
- HandshakeResource
object
: Contains additional data that is needed to process a handshake.- Resources HandshakeResources
- Type HandshakeResourceType
- Value HandshakeResourceValue
HandshakeResourceType
- HandshakeResourceType
string
(values: ACCOUNT, ORGANIZATION, ORGANIZATION_FEATURE_SET, EMAIL, MASTER_EMAIL, MASTER_NAME, NOTES, PARENT_HANDSHAKE)
HandshakeResourceValue
- HandshakeResourceValue
string
HandshakeResources
- HandshakeResources
array
- items HandshakeResource
HandshakeState
- HandshakeState
string
(values: REQUESTED, OPEN, CANCELED, ACCEPTED, DECLINED, EXPIRED)
Handshakes
- Handshakes
array
- items Handshake
IAMUserAccessToBilling
- IAMUserAccessToBilling
string
(values: ALLOW, DENY)
InvalidHandshakeTransitionException
- InvalidHandshakeTransitionException
object
: You can't perform the operation on the handshake in its current state. For example, you can't cancel a handshake that was already accepted, or accept a handshake that was already declined.- Message ExceptionMessage
InvalidInputException
- InvalidInputException
object
:The requested operation failed because you provided invalid values for one or more of the request parameters. This exception includes a reason that contains additional information about the violated limit:
Some of the reasons in the following list might not be applicable to this specific API or operation:
-
INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a party.
-
INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the organization.
-
INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
-
INVALID_ENUM: You specified a value that is not valid for that parameter.
-
INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
-
INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
-
MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
-
MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
-
MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
-
MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
-
IMMUTABLE_POLICY: You specified a policy that is managed by AWS and cannot be modified.
-
INVALID_PATTERN: You provided a value that doesn't match the required pattern.
-
INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
-
INPUT_REQUIRED: You must include a value for all required parameters.
-
INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a previous call of the operation.
-
MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
-
MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
- Message ExceptionMessage
- Reason InvalidInputExceptionReason
-
InvalidInputExceptionReason
- InvalidInputExceptionReason
string
(values: INVALID_PARTY_TYPE_TARGET, INVALID_SYNTAX_ORGANIZATION_ARN, INVALID_SYNTAX_POLICY_ID, INVALID_ENUM, INVALID_LIST_MEMBER, MAX_LENGTH_EXCEEDED, MAX_VALUE_EXCEEDED, MIN_LENGTH_EXCEEDED, MIN_VALUE_EXCEEDED, IMMUTABLE_POLICY, INVALID_PATTERN, INVALID_PATTERN_TARGET_ID, INPUT_REQUIRED, INVALID_NEXT_TOKEN, MAX_LIMIT_EXCEEDED_FILTER, MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS, INVALID_FULL_NAME_TARGET, UNRECOGNIZED_SERVICE_PRINCIPAL)
InviteAccountToOrganizationRequest
- InviteAccountToOrganizationRequest
object
- Notes HandshakeNotes
- Target required HandshakeParty
InviteAccountToOrganizationResponse
- InviteAccountToOrganizationResponse
object
- Handshake Handshake
ListAWSServiceAccessForOrganizationRequest
- ListAWSServiceAccessForOrganizationRequest
object
- MaxResults MaxResults
- NextToken NextToken
ListAWSServiceAccessForOrganizationResponse
- ListAWSServiceAccessForOrganizationResponse
object
- EnabledServicePrincipals EnabledServicePrincipals
- NextToken NextToken
ListAccountsForParentRequest
- ListAccountsForParentRequest
object
- MaxResults MaxResults
- NextToken NextToken
- ParentId required ParentId
ListAccountsForParentResponse
ListAccountsRequest
- ListAccountsRequest
object
- MaxResults MaxResults
- NextToken NextToken
ListAccountsResponse
ListChildrenRequest
- ListChildrenRequest
object
- ChildType required ChildType
- MaxResults MaxResults
- NextToken NextToken
- ParentId required ParentId
ListChildrenResponse
ListCreateAccountStatusRequest
- ListCreateAccountStatusRequest
object
- MaxResults MaxResults
- NextToken NextToken
- States CreateAccountStates
ListCreateAccountStatusResponse
- ListCreateAccountStatusResponse
object
- CreateAccountStatuses CreateAccountStatuses
- NextToken NextToken
ListHandshakesForAccountRequest
- ListHandshakesForAccountRequest
object
- Filter HandshakeFilter
- MaxResults MaxResults
- NextToken NextToken
ListHandshakesForAccountResponse
- ListHandshakesForAccountResponse
object
- Handshakes Handshakes
- NextToken NextToken
ListHandshakesForOrganizationRequest
- ListHandshakesForOrganizationRequest
object
- Filter HandshakeFilter
- MaxResults MaxResults
- NextToken NextToken
ListHandshakesForOrganizationResponse
- ListHandshakesForOrganizationResponse
object
- Handshakes Handshakes
- NextToken NextToken
ListOrganizationalUnitsForParentRequest
- ListOrganizationalUnitsForParentRequest
object
- MaxResults MaxResults
- NextToken NextToken
- ParentId required ParentId
ListOrganizationalUnitsForParentResponse
- ListOrganizationalUnitsForParentResponse
object
- NextToken NextToken
- OrganizationalUnits OrganizationalUnits
ListParentsRequest
- ListParentsRequest
object
- ChildId required ChildId
- MaxResults MaxResults
- NextToken NextToken
ListParentsResponse
ListPoliciesForTargetRequest
- ListPoliciesForTargetRequest
object
- Filter required PolicyType
- MaxResults MaxResults
- NextToken NextToken
- TargetId required PolicyTargetId
ListPoliciesForTargetResponse
ListPoliciesRequest
- ListPoliciesRequest
object
- Filter required PolicyType
- MaxResults MaxResults
- NextToken NextToken
ListPoliciesResponse
ListRootsRequest
- ListRootsRequest
object
- MaxResults MaxResults
- NextToken NextToken
ListRootsResponse
ListTargetsForPolicyRequest
- ListTargetsForPolicyRequest
object
- MaxResults MaxResults
- NextToken NextToken
- PolicyId required PolicyId
ListTargetsForPolicyResponse
- ListTargetsForPolicyResponse
object
- NextToken NextToken
- Targets PolicyTargets
MalformedPolicyDocumentException
- MalformedPolicyDocumentException
object
: The provided policy document does not meet the requirements of the specified policy type. For example, the syntax might be incorrect. For details about service control policy syntax, see Service Control Policy Syntax in the AWS Organizations User Guide.- Message ExceptionMessage
MasterCannotLeaveOrganizationException
- MasterCannotLeaveOrganizationException
object
: You can't remove a master account from an organization. If you want the master account to become a member account in another organization, you must first delete the current organization of the master account.- Message ExceptionMessage
MaxResults
- MaxResults
integer
MoveAccountRequest
- MoveAccountRequest
object
NextToken
- NextToken
string
Organization
- Organization
object
: Contains details about an organization. An organization is a collection of accounts that are centrally managed together using consolidated billing, organized hierarchically with organizational units (OUs), and controlled with policies .- Arn OrganizationArn
- AvailablePolicyTypes PolicyTypes
- FeatureSet OrganizationFeatureSet
- Id OrganizationId
- MasterAccountArn AccountArn
- MasterAccountEmail Email
- MasterAccountId AccountId
OrganizationArn
- OrganizationArn
string
OrganizationFeatureSet
- OrganizationFeatureSet
string
(values: ALL, CONSOLIDATED_BILLING)
OrganizationId
- OrganizationId
string
OrganizationNotEmptyException
- OrganizationNotEmptyException
object
: The organization isn't empty. To delete an organization, you must first remove all accounts except the master account, delete all organizational units (OUs), and delete all policies.- Message ExceptionMessage
OrganizationalUnit
- OrganizationalUnit
object
: Contains details about an organizational unit (OU). An OU is a container of AWS accounts within a root of an organization. Policies that are attached to an OU apply to all accounts contained in that OU and in any child OUs.
OrganizationalUnitArn
- OrganizationalUnitArn
string
OrganizationalUnitId
- OrganizationalUnitId
string
OrganizationalUnitName
- OrganizationalUnitName
string
OrganizationalUnitNotEmptyException
- OrganizationalUnitNotEmptyException
object
: The specified organizational unit (OU) is not empty. Move all accounts to another root or to other OUs, remove all child OUs, and then try the operation again.- Message ExceptionMessage
OrganizationalUnitNotFoundException
- OrganizationalUnitNotFoundException
object
: We can't find an organizational unit (OU) with the OrganizationalUnitId that you specified.- Message ExceptionMessage
OrganizationalUnits
- OrganizationalUnits
array
- items OrganizationalUnit
Parent
- Parent
object
: Contains information about either a root or an organizational unit (OU) that can contain OUs or accounts in an organization.- Id ParentId
- Type ParentType
ParentId
- ParentId
string
ParentNotFoundException
- ParentNotFoundException
object
: We can't find a root or organizational unit (OU) with the ParentId that you specified.- Message ExceptionMessage
ParentType
- ParentType
string
(values: ROOT, ORGANIZATIONAL_UNIT)
Parents
- Parents
array
- items Parent
Policies
- Policies
array
- items PolicySummary
Policy
- Policy
object
: Contains rules to be applied to the affected accounts. Policies can be attached directly to accounts, or to roots and OUs to affect all accounts in those hierarchies.- Content PolicyContent
- PolicySummary PolicySummary
PolicyArn
- PolicyArn
string
PolicyContent
- PolicyContent
string
PolicyDescription
- PolicyDescription
string
PolicyId
- PolicyId
string
PolicyInUseException
- PolicyInUseException
object
: The policy is attached to one or more entities. You must detach it from all roots, organizational units (OUs), and accounts before performing this operation.- Message ExceptionMessage
PolicyName
- PolicyName
string
PolicyNotAttachedException
- PolicyNotAttachedException
object
: The policy isn't attached to the specified target in the specified root.- Message ExceptionMessage
PolicyNotFoundException
- PolicyNotFoundException
object
: We can't find a policy with the PolicyId that you specified.- Message ExceptionMessage
PolicySummary
- PolicySummary
object
: Contains information about a policy, but does not include the content. To see the content of a policy, see DescribePolicy.- Arn PolicyArn
- AwsManaged AwsManagedPolicy
- Description PolicyDescription
- Id PolicyId
- Name PolicyName
- Type PolicyType
PolicyTargetId
- PolicyTargetId
string
PolicyTargetSummary
- PolicyTargetSummary
object
: Contains information about a root, OU, or account that a policy is attached to.- Arn GenericArn
- Name TargetName
- TargetId PolicyTargetId
- Type TargetType
PolicyTargets
- PolicyTargets
array
- items PolicyTargetSummary
PolicyType
- PolicyType
string
(values: SERVICE_CONTROL_POLICY)
PolicyTypeAlreadyEnabledException
- PolicyTypeAlreadyEnabledException
object
: The specified policy type is already enabled in the specified root.- Message ExceptionMessage
PolicyTypeNotAvailableForOrganizationException
- PolicyTypeNotAvailableForOrganizationException
object
: You can't use the specified policy type with the feature set currently enabled for this organization. For example, you can enable service control policies (SCPs) only after you enable all features in the organization. For more information, see Enabling and Disabling a Policy Type on a Root in the AWS Organizations User Guide.- Message ExceptionMessage
PolicyTypeNotEnabledException
- PolicyTypeNotEnabledException
object
: The specified policy type is not currently enabled in this root. You cannot attach policies of the specified type to entities in a root until you enable that type in the root. For more information, see Enabling All Features in Your Organization in the AWS Organizations User Guide.- Message ExceptionMessage
PolicyTypeStatus
- PolicyTypeStatus
string
(values: ENABLED, PENDING_ENABLE, PENDING_DISABLE)
PolicyTypeSummary
- PolicyTypeSummary
object
: Contains information about a policy type and its status in the associated root.- Status PolicyTypeStatus
- Type PolicyType
PolicyTypes
- PolicyTypes
array
- items PolicyTypeSummary
RemoveAccountFromOrganizationRequest
- RemoveAccountFromOrganizationRequest
object
- AccountId required AccountId
RoleName
- RoleName
string
Root
- Root
object
: Contains details about a root. A root is a top-level parent node in the hierarchy of an organization that can contain organizational units (OUs) and accounts. Every root contains every AWS account in the organization. Each root enables the accounts to be organized in a different way and to have different policy types enabled for use in that root.- Arn RootArn
- Id RootId
- Name RootName
- PolicyTypes PolicyTypes
RootArn
- RootArn
string
RootId
- RootId
string
RootName
- RootName
string
RootNotFoundException
- RootNotFoundException
object
: We can't find a root with the RootId that you specified.- Message ExceptionMessage
Roots
- Roots
array
- items Root
ServiceException
- ServiceException
object
: AWS Organizations can't complete your request because of an internal service error. Try again later.- Message ExceptionMessage
ServicePrincipal
- ServicePrincipal
string
SourceParentNotFoundException
- SourceParentNotFoundException
object
: We can't find a source root or OU with the ParentId that you specified.- Message ExceptionMessage
TargetName
- TargetName
string
TargetNotFoundException
- TargetNotFoundException
object
: We can't find a root, OU, or account with the TargetId that you specified.- Message ExceptionMessage
TargetType
- TargetType
string
(values: ACCOUNT, ORGANIZATIONAL_UNIT, ROOT)
Timestamp
- Timestamp
string
TooManyRequestsException
- TooManyRequestsException
object
: You've sent too many requests in too short a period of time. The limit helps protect against denial-of-service attacks. Try again later.- Message ExceptionMessage
- Type ExceptionType
UpdateOrganizationalUnitRequest
- UpdateOrganizationalUnitRequest
object
- Name OrganizationalUnitName
- OrganizationalUnitId required OrganizationalUnitId
UpdateOrganizationalUnitResponse
- UpdateOrganizationalUnitResponse
object
- OrganizationalUnit OrganizationalUnit
UpdatePolicyRequest
- UpdatePolicyRequest
object
- Content PolicyContent
- Description PolicyDescription
- Name PolicyName
- PolicyId required PolicyId
UpdatePolicyResponse
- UpdatePolicyResponse
object
- Policy Policy